Sekání Her,Filmů,Internetu i samotných Windows (XP)

[Caroprd111]

Poprosím o nový log z OTL spuštěného s prvním skriptem.

[crash01]

OTL logfile created on: 5. 6. 2010 16:30:50 - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Fanda_2\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): X:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 34,77 Gb Free Space | 62,22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 465,76 Gb Total Space | 366,81 Gb Free Space | 78,76% Space Free | Partition Type: NTFS

Computer Name: MASOVI
Current User Name: Fanda_2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.05 14:27:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fanda_2\Plocha\OTL.exe
PRC - [2010.04.14 12:19:58 | 000,059,160 | ---- | M] (Uniblue Systems Limited) -- X:\sprava systemu\SpeedUpMyPC\sump.exe
PRC - [2009.10.20 19:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- X:\sprava systemu\klwtblfs.exe
PRC - [2008.09.04 06:02:24 | 001,295,616 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.08.14 17:19:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\Program Files\Digital Camera\DRIVERM.exe
PRC - [2007.04.03 21:55:08 | 000,839,680 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2007.03.16 09:06:34 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2010.06.05 14:27:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fanda_2\Plocha\OTL.exe
MOD - [2009.11.06 23:04:36 | 000,109,072 | ---- | M] (Kaspersky Lab) -- X:\sprava systemu\mzvkbd3.dll
MOD - [2009.11.06 23:04:24 | 000,017,936 | ---- | M] (Kaspersky Lab) -- X:\sprava systemu\kloehk.dll
MOD - [2008.04.14 09:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.03.18 20:25:50 | 000,360,960 | ---- | M] (iZ3D Inc.) [Disabled | Stopped] -- C:\Program Files\iZ3D Driver\Win32\S3DCService.exe -- (S3D Service (Win32)) S3D Service (Win32)
SRV - [2009.10.20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- X:\sprava systemu\avp.exe -- (AVP)
SRV - [2009.08.24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- X:\Programy\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2008.09.04 06:02:24 | 001,295,616 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.02.15 19:08:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007.02.05 15:22:04 | 000,069,120 | ---- | M] (BOONTY) [Disabled | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2003.04.07 07:32:06 | 000,065,795 | R--- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001.10.25 16:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - [2010.06.05 00:46:55 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010.05.10 17:39:21 | 000,004,484 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cpuidlep.sys -- (cpuidlep)
DRV - [2010.04.24 08:25:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.04.04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.02.04 17:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.10.14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009.10.02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009.09.01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008.12.23 15:39:53 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2008.08.21 18:49:56 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008.08.21 18:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.10.10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007.09.13 15:54:14 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007.09.13 15:54:12 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2007.06.18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007.05.29 14:30:38 | 000,508,160 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007.05.18 12:01:50 | 000,304,640 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006.10.30 16:53:32 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006.10.23 19:22:50 | 001,205,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006.07.13 09:56:47 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006.06.13 19:29:52 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2006.05.23 08:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.03.17 19:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005.03.03 19:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.09.16 14:26:40 | 000,012,634 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AdfuUd.sys -- (AdfuUd)
DRV - [2004.09.03 19:23:10 | 000,115,680 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.09.03 19:19:07 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.08.13 18:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.03 23:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004.08.03 23:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2002.09.15 21:20:00 | 000,064,128 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2001.12.18 08:45:04 | 000,003,279 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD)
DRV - [2001.08.18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: X:\sprava systemu\THBExt [2010.06.05 00:49:29 | 000,000,000 | ---D | M]

[2009.10.31 10:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Mozilla\Firefox\def\extensions
[2009.10.31 10:05:22 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Documents and Settings\Fanda_2\Data aplikací\Mozilla\Firefox\def\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

O1 HOSTS File: ([2010.06.05 15:31:01 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - X:\sprava systemu\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - X:\sprava systemu\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVP] X:\sprava systemu\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] X:\Nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\RunOnce: [SpeedUpMyPC] X:\sprava systemu\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\DRIVER PNP Monitor.lnk = C:\Program Files\Digital Camera\DRIVERM.exe (Syntek Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - X:\sprava systemu\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - X:\sprava systemu\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} http://download.seznam.cz/listicka/toolbar2007.cab (ToolbarInetInstall Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 4902240439 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (X:\SPRAVA~1\mzvkbd3.dll) - X:\sprava systemu\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (X:\SPRAVA~1\kloehk.dll) - X:\sprava systemu\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.13 17:50:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.05.12 16:31:47 | 000,000,000 | ---D | M] - X:\Autoclicker -- [ NTFS ]
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.06.19 17:15:29 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - wdmaud.drv File not found
Drivers32: midi - wdmaud.drv File not found
Drivers32: midi1 - wdmaud.drv File not found
Drivers32: midi2 - wdmaud.drv File not found
Drivers32: midimapper - midimap.dll File not found
Drivers32: mixer - wdmaud.drv File not found
Drivers32: mixer1 - wdmaud.drv File not found
Drivers32: msacm.ac3acm - ac3acm.acm File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm File not found
Drivers32: msacm.l3acm - l3codecp.acm File not found
Drivers32: msacm.lhacm - lhacm.acm File not found
Drivers32: msacm.msadpcm - msadp32.acm File not found
Drivers32: msacm.msaudio1 - msaud32.acm File not found
Drivers32: msacm.msg711 - msg711.acm File not found
Drivers32: msacm.msg723 - msg723.acm File not found
Drivers32: msacm.msgsm610 - msgsm32.acm File not found
Drivers32: msacm.sl_anet - sl_anet.acm File not found
Drivers32: msacm.trspch - tssoft32.acm File not found
Drivers32: msacm.vorbis - vorbis.acm File not found
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: VIDC.3iv2 - 3ivxVfWCodec.dll File not found
Drivers32: vidc.cvid - iccvid.dll File not found
Drivers32: vidc.ffds - ffdshow.ax File not found
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: VIDC.I420 - msh263.drv File not found
Drivers32: vidc.iv31 - ir32_32.dll File not found
Drivers32: vidc.iv32 - ir32_32.dll File not found
Drivers32: VIDC.IV41 - ir41_32.dll File not found
Drivers32: vidc.iv50 - ir50_32.dll File not found
Drivers32: VIDC.IYUV - iyuv_32.dll File not found
Drivers32: vidc.M261 - msh261.drv File not found
Drivers32: vidc.M263 - msh263.drv File not found
Drivers32: VIDC.MKVC - KMVIDC32.DLL File not found
Drivers32: vidc.MP42 - MPG4c32.dll File not found
Drivers32: vidc.MP43 - MPG4c32.dll File not found
Drivers32: vidc.MPG4 - MPG4c32.dll File not found
Drivers32: vidc.mrle - msrle32.dll File not found
Drivers32: vidc.msvc - msvidc32.dll File not found
Drivers32: VIDC.UYVY - msyuv.dll File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - vp6vfw.dll File not found
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: VIDC.X264 - x264vfw.dll File not found
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: VIDC.YUY2 - msyuv.dll File not found
Drivers32: VIDC.YVU9 - tsbyuv.dll File not found
Drivers32: VIDC.YVYU - msyuv.dll File not found
Drivers32: wave - wdmaud.drv File not found
Drivers32: wave1 - wdmaud.drv File not found
Drivers32: wavemapper - msacm32.drv File not found
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Fanda_2\Dokumenty\Fanda_2.
[2010.06.05 15:18:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.05 14:24:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fanda_2\Recent
[2010.06.05 14:20:01 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fanda_2\Plocha\OTL.exe
[2010.06.05 13:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.05 13:12:33 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.05 00:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
[2010.06.05 00:46:55 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010.06.05 00:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
[2010.06.04 22:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Dokumenty\gegl-0.0
[2010.06.03 18:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.06.03 18:09:33 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.06.03 18:09:33 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.06.03 18:09:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.06.03 18:09:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.06.03 18:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.05.30 20:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Local Settings\Data aplikací\Nova Vizija d.d
[2010.05.30 19:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Data aplikací\Recolored
[2010.05.30 18:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.05.30 18:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Local Settings\Data aplikací\Paint.NET
[2010.05.30 18:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Local Settings\Data aplikací\Thinstall
[2010.05.30 18:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Data aplikací\Thinstall
[2010.05.29 21:23:19 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.05.29 21:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Data aplikací\Uniblue
[2010.05.28 16:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\NeroInstall.bak
[2010.05.28 16:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Data aplikací\Nero
[2010.05.28 16:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Nero
[2010.05.24 21:38:55 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.05.21 15:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\iZ3D Driver
[2010.05.21 15:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\iZ3D Driver
[2010.05.21 14:28:59 | 000,000,000 | ---D | C] -- C:\Rain
[2010.05.19 15:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Data aplikací\Tropico 3
[2010.05.18 19:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Data aplikací\ProcessLasso
[2010.05.18 19:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\Process Lasso
[2010.05.18 17:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Dokumenty\My Games
[2010.05.18 16:11:28 | 000,880,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\WM8EUTIL.exe
[2010.05.17 20:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010.05.13 21:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator
[2010.05.13 21:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2010.05.13 21:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oodag
[2010.05.12 16:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso
[2010.05.11 15:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Dokumenty\iWisoft Free Video Converter
[2010.05.11 15:45:02 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2010.05.11 15:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\iWisoft Free Video Converter
[2010.05.11 15:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Local Settings\Data aplikací\ant.com
[2010.05.10 19:04:46 | 000,002,944 | ---- | C] (cansoft@livewiredev.com) -- C:\WINDOWS\System32\mbmiodrvr.sys
[2010.05.10 19:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Motherboard Monitor 5
[2010.05.09 16:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ConeXware
[2010.05.09 16:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\PowerArchiver
[2010.05.09 15:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanda_2\Dokumenty\Norton Ghost 15
[2010.05.07 16:29:09 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\WINDOWS\System32\DfSdkBt.exe

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Fanda_2\Dokumenty\Fanda_2.
[2010.06.05 16:10:42 | 000,001,052 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.06.05 15:59:01 | 000,000,590 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010.06.05 15:45:57 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.06.05 15:43:52 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.05 15:38:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.05 15:36:55 | 000,098,308 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.06.05 15:35:33 | 013,369,344 | -H-- | M] () -- C:\Documents and Settings\Fanda_2\ntuser.dat
[2010.06.05 15:35:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Fanda_2\ntuser.ini
[2010.06.05 15:35:27 | 006,508,676 | -H-- | M] () -- C:\Documents and Settings\Fanda_2\Local Settings\Data aplikací\IconCache.db
[2010.06.05 15:31:01 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.06.05 14:27:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fanda_2\Plocha\OTL.exe
[2010.06.05 01:06:11 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.06.05 01:06:10 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.06.05 00:46:55 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010.06.04 23:47:25 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.04 21:21:06 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Local Settings\Data aplikací\housecall.guid.cache
[2010.06.03 18:08:34 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.06.03 18:08:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.06.03 18:08:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.06.03 18:08:34 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.06.03 18:08:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.05.28 19:28:55 | 000,000,246 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Dokumenty\cc_20100528_192852.reg
[2010.05.28 19:27:05 | 001,173,452 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Dokumenty\cc_20100528_192654.reg
[2010.05.28 17:20:27 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Fanda_2\.rnd
[2010.05.28 15:38:34 | 000,001,102 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.28 15:38:34 | 000,000,269 | ---- | M] () -- C:\WINDOWS\system.ini

[crash01]

[2010.05.28 15:38:34 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.05.24 19:42:51 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-507921405-1202660629-1007Core.job
[2010.05.19 15:43:34 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.13 21:33:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\OODCNT.INI
[2010.05.10 18:30:38 | 000,123,330 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Dokumenty\Dokument12.zmf
[2010.05.10 17:39:21 | 000,004,484 | ---- | M] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys
[2010.05.09 15:42:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.07 16:29:56 | 000,070,248 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.05.07 15:43:17 | 000,289,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010.06.05 00:50:35 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010.06.05 00:50:35 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.06.04 21:21:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Fanda_2\Local Settings\Data aplikací\housecall.guid.cache
[2010.05.28 19:28:54 | 000,000,246 | ---- | C] () -- C:\Documents and Settings\Fanda_2\Dokumenty\cc_20100528_192852.reg
[2010.05.28 19:26:58 | 001,173,452 | ---- | C] () -- C:\Documents and Settings\Fanda_2\Dokumenty\cc_20100528_192654.reg
[2010.05.28 16:47:08 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Fanda_2\.rnd
[2010.05.24 19:42:51 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-507921405-1202660629-1007Core.job
[2010.05.21 15:52:24 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\PCGW32.DLL
[2010.05.13 21:33:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2010.05.11 15:45:02 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.05.11 15:45:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.05.11 15:29:13 | 000,006,053 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\AntLog.txt
[2010.05.10 18:30:38 | 000,123,330 | ---- | C] () -- C:\Documents and Settings\Fanda_2\Dokumenty\Dokument12.zmf
[2010.05.10 17:39:21 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys
[2010.05.09 17:00:40 | 000,001,429 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\DRIVER PNP Monitor.lnk
[2010.04.07 18:59:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010.03.30 15:53:03 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.01.05 22:24:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.01.05 22:17:46 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CDE SX200EXPORT.ini
[2009.10.18 13:55:35 | 000,000,309 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.05.03 13:42:42 | 000,000,590 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.01.29 18:11:31 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008.12.06 12:58:12 | 000,001,052 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.10.31 19:28:42 | 000,000,216 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008.10.18 18:30:01 | 000,000,217 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.10.18 18:29:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008.09.08 16:57:00 | 000,000,383 | ---- | C] () -- C:\WINDOWS\ADStahovac.INI
[2008.08.02 21:21:37 | 000,137,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.06.19 18:31:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4719.dll
[2008.06.19 18:31:37 | 000,467,264 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008.06.07 15:54:50 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2008.06.02 19:31:42 | 000,103,152 | ---- | C] () -- C:\WINDOWS\quake 3 arena.ini
[2008.04.08 19:37:52 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\greet.ini
[2008.04.08 19:37:35 | 000,030,848 | -H-- | C] () -- C:\WINDOWS\updater.ini
[2008.04.08 19:37:35 | 000,003,743 | -H-- | C] () -- C:\WINDOWS\mirc.ini
[2008.04.08 19:37:35 | 000,001,761 | -H-- | C] () -- C:\WINDOWS\servers.ini
[2008.04.08 19:37:35 | 000,000,267 | -H-- | C] () -- C:\WINDOWS\conn.ini
[2008.04.08 19:37:35 | 000,000,253 | ---- | C] () -- C:\WINDOWS\remote.ini
[2008.04.08 19:37:35 | 000,000,072 | -H-- | C] () -- C:\WINDOWS\perform.ini
[2008.04.08 19:37:35 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\partmsg.ini
[2008.04.08 19:37:35 | 000,000,011 | -H-- | C] () -- C:\WINDOWS\aliases.ini
[2008.03.24 15:55:24 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008.02.02 16:54:43 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Aurora MPEG To DVD.INI
[2008.01.31 22:08:17 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 Video Converter.INI
[2007.10.25 11:20:40 | 000,000,085 | ---- | C] () -- C:\WINDOWS\Muma60.INI
[2007.10.20 19:50:24 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007.08.14 16:17:46 | 000,000,077 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2007.07.19 17:56:13 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007.07.19 17:56:13 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007.06.06 15:56:19 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007.05.13 18:04:56 | 000,000,565 | ---- | C] () -- C:\WINDOWS\Spidey.ini
[2007.03.13 16:59:52 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.02.26 16:13:33 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\AdfuUd.sys
[2007.02.01 21:39:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\gfscore.ini
[2007.02.01 21:36:29 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2007.01.09 21:12:49 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.01.03 17:48:46 | 000,000,316 | ---- | C] () -- C:\WINDOWS\THPS3.INI
[2006.11.02 10:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006.10.06 21:50:53 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006.10.06 21:50:49 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2006.07.16 19:54:02 | 000,000,300 | ---- | C] () -- C:\WINDOWS\navrhcp.ini
[2006.06.30 14:28:06 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006.06.30 14:27:35 | 000,000,042 | ---- | C] () -- C:\WINDOWS\MeTcd.ini
[2006.06.13 19:41:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006.06.13 19:38:06 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006.06.13 19:38:06 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006.06.13 19:38:06 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006.06.13 19:23:34 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006.06.13 19:16:54 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.06.13 18:24:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2005.11.15 14:54:18 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\iebar.dll
[2005.10.14 12:56:50 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005.10.14 11:56:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2004.10.17 14:42:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\see32.dll
[2004.09.16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004.08.17 17:49:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002.03.26 20:18:27 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001.09.19 19:18:01 | 000,005,637 | ---- | C] () -- C:\WINDOWS\Zmodeler.ini
[2000.01.07 02:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000.01.07 02:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1993.07.23 19:31:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

========== LOP Check ==========

[2008.03.24 14:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ableton
[2010.04.22 21:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Agama Web Menus
[2008.07.14 17:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Azureus
[2008.05.28 16:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Blender Foundation
[2007.02.05 15:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BOONTY
[2006.11.29 18:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
[2010.05.09 16:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ConeXware
[2010.04.24 08:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.03.18 16:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2010.01.05 22:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EPSON
[2009.06.03 19:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.07.10 16:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FloodLightGames
[2009.04.30 19:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.05.21 15:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\iZ3D Driver
[2008.07.09 20:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\JollyBear
[2007.11.19 18:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
[2009.01.29 17:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
[2008.07.08 21:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PlayFirst
[2008.07.08 22:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sandlot Games
[2009.11.30 19:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SweetIM
[2008.11.10 16:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\tcpIQ
[2010.05.30 19:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.03.13 00:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2010.01.05 22:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\UDL
[2007.08.30 20:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WildTangent
[2010.04.20 20:39:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2008.03.24 14:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Ableton
[2010.04.28 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Autoclicker
[2010.05.07 17:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Azureus
[2010.05.30 17:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\BitComet
[2008.05.28 20:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Blender Foundation
[2008.03.15 23:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\BSplayer
[2010.04.24 08:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\DAEMON Tools Lite
[2010.01.05 23:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\EPSON
[2010.03.22 22:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\ESET
[2008.05.29 19:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\GetRightToGo
[2009.10.16 22:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\gtk-2.0
[2010.05.07 19:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\ICQ
[2008.07.14 10:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\ICQ Toolbar
[2009.10.04 00:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\IObit
[2010.04.12 18:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\iZ3D Driver
[2008.10.30 22:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\MiniLyrics
[2010.04.22 15:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\OpenOffice.org
[2008.05.29 18:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Opera
[2010.05.18 19:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\ProcessLasso
[2010.05.30 19:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Recolored
[2008.07.23 17:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Silver Style Entertainment
[2009.08.29 17:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\SPORE Creature Creator
[2010.05.30 18:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Thinstall
[2010.05.19 15:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Tropico 3
[2008.03.24 15:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\ubi.com
[2010.03.13 00:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Ubisoft
[2010.05.29 21:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Uniblue
[2010.03.22 22:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\VO
[2010.04.07 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Vso
[2008.12.07 00:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\VSO_HWE
[2010.02.04 17:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Xi
[2010.05.05 18:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Zoner
[2006.09.23 09:28:43 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1150220000.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 09:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 -- [2008.02.28 17:07:58 | 001,828,136 | ---- | M] (Nero AG)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"Advanced SystemCare 3" = "X:\Programy\IObit\Advanced SystemCare 3\AWC.exe" /startup -- [2009.01.09 16:54:42 | 002,262,352 | ---- | M] (IObit)
"Google Update" = "C:\Documents and Settings\Fanda_2\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2010.03.18 16:31:42 | 000,136,176 | ---- | M] (Google Inc.)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- File not found
"EPSON Stylus SX200 Series" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S115.tmp" /EF "HKCU" -- [2007.12.13 17:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.03.24 14:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Ableton
[2010.03.18 16:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Adobe
[2009.12.24 12:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\ArcSoft
[2010.04.28 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Autoclicker
[2010.05.07 17:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Azureus
[2010.05.30 17:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\BitComet
[2008.05.28 20:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Blender Foundation
[2008.03.15 23:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\BSplayer
[2010.04.24 08:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\DAEMON Tools Lite
[2008.07.12 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\DivX
[2010.01.05 23:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\EPSON
[2010.03.22 22:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\ESET
[2008.05.29 19:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\GetRightToGo
[2008.07.12 20:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Google
[2009.10.16 22:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\gtk-2.0
[2010.01.01 19:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Hamachi
[2010.04.13 20:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Help
[2008.08.31 14:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Hewlett-Packard
[2010.05.07 19:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\ICQ
[2008.07.14 10:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\ICQ Toolbar
[2008.03.15 23:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Identities
[2008.12.12 17:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\InstallShield
[2009.10.04 00:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\IObit
[2010.04.12 18:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\iZ3D Driver
[2008.03.19 20:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Macromedia
[2009.10.18 10:39:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft
[2008.10.30 22:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\MiniLyrics
[2008.09.08 16:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Mozilla
[2010.05.28 16:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Nero
[2008.03.19 23:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\NeroDCTemplates
[2010.04.22 15:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\OpenOffice.org
[2008.05.29 18:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Opera
[2010.05.18 19:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\ProcessLasso
[2010.05.30 19:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Recolored
[2008.07.23 17:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Silver Style Entertainment
[2010.03.01 15:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Skype
[2010.03.01 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\skypePM
[2009.08.29 17:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\SPORE Creature Creator
[2008.08.29 22:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Sun
[2009.07.22 19:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\teamspeak2
[2010.05.30 18:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Thinstall
[2010.05.19 15:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Tropico 3
[2008.03.24 15:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\ubi.com
[2010.03.13 00:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Ubisoft
[2010.05.29 21:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Uniblue
[2010.03.22 22:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\VO
[2010.04.07 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Vso
[2008.12.07 00:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\VSO_HWE
[2008.03.19 22:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\WinRAR
[2010.02.04 17:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Xi
[2008.07.12 20:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Yahoo!
[2010.05.05 18:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fanda_2\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2008.10.07 20:13:15 | 000,057,344 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
[2008.10.07 20:13:16 | 000,061,440 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
[2008.10.07 20:13:16 | 000,061,440 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
[2008.10.07 20:13:16 | 000,065,536 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
[2008.10.07 20:13:16 | 000,008,854 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\Uninstall_THAW_3293C06B003F40278380FFD79E38167D.exe
[2008.11.15 22:46:24 | 000,010,134 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{761C6060-F00C-43C6-9ADB-2F549C616403}\ARPPRODUCTICON.exe
[2008.11.15 22:46:24 | 000,065,536 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{761C6060-F00C-43C6-9ADB-2F549C616403}\readme.txt_761C6060F00C43C69ADB2F549C616403.exe
[2008.11.15 22:46:24 | 000,045,056 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{761C6060-F00C-43C6-9ADB-2F549C616403}\RushForBerlin.exe1_761C6060F00C43C69ADB2F549C616403.exe
[2008.11.15 22:46:24 | 000,045,056 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{761C6060-F00C-43C6-9ADB-2F549C616403}\RushForBerlin.exe_761C6060F00C43C69ADB2F549C616403.exe
[2008.11.15 22:46:24 | 000,065,536 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{761C6060-F00C-43C6-9ADB-2F549C616403}\RushForBerlin.url_761C6060F00C43C69ADB2F549C616403.exe
[2008.11.15 22:46:24 | 000,008,854 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{761C6060-F00C-43C6-9ADB-2F549C616403}\UNINST_Uninstall_R_761C6060F00C43C69ADB2F549C616403.exe
[2008.04.08 19:42:24 | 000,010,134 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_02B134C2304145325C4104.exe
[2008.04.08 19:42:24 | 000,010,134 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_678979B3177C8CD33AC7A8.exe
[2008.04.08 19:42:24 | 000,010,134 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_74394B127F8A73F414399A.exe
[2008.04.08 19:42:24 | 000,003,638 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_8820A84B83D1E46A3E99A4.exe
[2008.04.08 19:42:24 | 000,003,638 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_E9018E0E3FEAF3CF45514B.exe
[2008.11.10 16:34:41 | 000,029,926 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_324405953A38774B92DF01.exe
[2008.11.10 16:34:41 | 000,003,638 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_6F04BF382DFC3303FADFA3.exe
[2008.11.10 16:34:40 | 000,005,430 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_6FECB8B9CC6EAB57AC1A9A.exe
[2008.11.10 16:34:40 | 000,003,638 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_6FEFF9B68218417F98F549.exe
[2008.11.10 16:34:41 | 000,005,430 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_B9320CB6D43382A470631C.exe
[2008.11.10 16:34:41 | 000,003,638 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_D4DE8FFC8D1018F046DED7.exe
[2008.11.10 16:34:40 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_FD9F347D61CCB0C0304531.exe
[2010.03.13 02:05:42 | 000,010,134 | ---- | M] () -- C:\Documents and Settings\Fanda_2\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe


< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.17 15:57:28 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cryptsvc.dll
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\eventlog.dll
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\SoftwareDistribution\Download\24d1fd667c6a6d363e6ced5186970a96\sp2gdr\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 01:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 01:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 01:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\isapnp.sys
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\lsass.exe
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ndis.sys
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\netlogon.dll
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 09:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\smss.exe
[2008.04.14 09:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\svchost.exe
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.06.19 18:59:36 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=80082776F5F39852EE40C521806E1135 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\userinit.exe
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ws2_32.dll
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.04.24 08:25:18 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.06.19 18:51:34 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.06.13 09:42:58 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008.06.19 18:51:34 | 035,127,296 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.06.19 18:51:34 | 004,194,304 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >

< %systemroot%\system32\drivers\*.sys /3 >
[2010.06.05 00:46:55 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys

< %systemroot%\system32\*.* /3 >
[2010.06.03 18:08:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\deployJava1.dll
[2010.06.03 18:08:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
[2010.06.03 18:08:34 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javacpl.cpl
[2010.06.03 18:08:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe
[2010.06.03 18:08:34 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaws.exe
[2010.06.05 15:45:57 | 000,276,202 | ---- | M] () -- C:\WINDOWS\system32\NvApps.xml
[2010.06.05 15:36:55 | 000,098,308 | ---- | M] () -- C:\WINDOWS\system32\oodbs.lor
[2010.06.05 00:36:37 | 000,002,571 | ---- | M] () -- C:\WINDOWS\system32\sdkinst.log
[2010.06.05 15:43:52 | 000,002,228 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< End of report >

[Caroprd111]

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

[crash01]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6. 6. 2010 9:16:40
mbam-log-2010-06-06 (09-16-40).txt

Typ skenu: Úplný sken (C:\|X:\|)
Skenované objekty: 328584
Uplynulý čas: 5 hodina(y), 9 minuta(y), 25 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 20
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{3e6201fa-02dd-4a0b-8699-1328e0602314} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{df16c60e-f85b-4459-86ae-4977656339ec} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UninstallSXS (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ssnipe (Rogue.SpySnipe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\_OTL\MovedFiles\06052010_151821\C_Documents and Settings\fanda_2\dokumenty\norton ghost 15\keygen.exe (Trojan.Agent) -> No action taken.

[Caroprd111]

Vše, co našel MBAM smažte a napište stav PC.

[crash01]

Smazáno PC oněco rychlejší, ale občas stejně zamrzne.

[Caroprd111]

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Vložte do PC všechny flash disky, které používáte.
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[crash01]

ComboFix 10-06-05.01 - Fanda_2 . 06. 2010 10:41:13.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1653 [GMT 2:00]
Spuštěný z: c:\documents and settings\Fanda_2\Plocha\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dokumenty\Settings
c:\documents and settings\All Users\Dokumenty\Settings\config.ini
c:\documents and settings\Fanda_2\Dokumenty\cc_20100528_192654.reg
c:\windows\download
c:\windows\system\QTIM32.DLL
c:\windows\system32\dzgtactx.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_SSHNAS
-------\Service_Boonty Games


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-06 do 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 08:02 . 2010-06-06 08:03 -------- d-----w- c:\program files\Skype
2010-06-05 20:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-05 20:43 . 2010-06-05 20:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-05 20:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-05 19:05 . 2010-06-05 19:05 -------- d-----w- c:\program files\Microsoft.NET
2010-06-05 13:18 . 2010-06-05 13:18 -------- d-----w- C:\_OTL
2010-06-05 11:13 . 2010-06-05 11:19 -------- d-----w- c:\program files\trend micro
2010-06-05 11:12 . 2010-06-05 11:20 -------- d-----w- C:\rsit
2010-06-04 22:50 . 2010-06-04 23:06 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-06-04 22:50 . 2010-06-04 23:06 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-06-03 16:09 . 2010-06-03 16:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-03 16:08 . 2010-06-03 16:08 -------- d-----w- c:\program files\Java
2010-05-30 16:43 . 2010-05-30 16:43 -------- d-----w- c:\program files\MSXML 4.0
2010-05-29 19:23 . 2010-05-30 18:34 -------- d-----w- C:\Downloads
2010-05-28 14:51 . 2010-05-28 14:51 -------- d-----w- c:\program files\NeroInstall.bak
2010-05-24 19:38 . 2010-05-24 19:38 -------- d-----w- C:\found.000
2010-05-21 13:52 . 2009-04-10 15:19 185344 ----a-w- c:\windows\system32\PCGW32.DLL
2010-05-21 13:52 . 2010-05-21 13:52 -------- d-----w- c:\program files\iZ3D Driver
2010-05-21 12:28 . 2010-05-28 21:05 -------- d-----w- C:\Rain
2010-05-18 17:56 . 2010-05-18 17:57 -------- d-----w- c:\program files\Process Lasso
2010-05-18 14:11 . 2001-03-23 14:29 880912 ----a-w- c:\windows\WM8EUTIL.exe
2010-05-17 18:59 . 2010-05-17 18:59 -------- d-----w- c:\program files\Seagate
2010-05-13 19:59 . 2010-05-13 20:24 -------- d-----w- c:\program files\HDD Regenerator
2010-05-13 19:31 . 2010-05-13 19:31 -------- d-----w- c:\program files\OO Software
2010-05-13 19:26 . 2010-06-04 19:17 -------- d-----w- c:\windows\system32\oodag
2010-05-12 14:46 . 2010-05-12 14:46 -------- d-----w- c:\program files\Kalypso
2010-05-11 13:45 . 2009-09-29 18:57 758018 ----a-w- c:\windows\system32\xvidcore.dll
2010-05-11 13:45 . 2008-12-04 19:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-11 13:45 . 2010-05-11 13:47 -------- d-----w- c:\program files\iWisoft Free Video Converter
2010-05-10 17:04 . 2004-04-10 07:42 2944 ----a-w- c:\windows\system32\mbmiodrvr.sys
2010-05-10 17:04 . 2010-05-10 17:04 -------- d-----w- c:\program files\Motherboard Monitor 5
2010-05-10 15:39 . 2010-05-10 15:39 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2010-05-09 14:13 . 2010-06-05 19:01 -------- d-----w- c:\program files\PowerArchiver
2010-05-07 14:29 . 2009-08-24 19:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 19:23 . 2002-12-05 12:00 91788 ----a-w- c:\windows\system32\perfc005.dat
2010-06-05 19:23 . 2002-12-05 12:00 476474 ----a-w- c:\windows\system32\perfh005.dat
2010-06-05 12:11 . 2008-02-13 14:30 -------- d-----w- c:\program files\Google
2010-06-03 16:10 . 2007-12-16 17:43 -------- d-----w- c:\program files\Common Files\Java
2010-05-28 14:45 . 2007-01-09 17:37 -------- d-----w- c:\program files\Common Files\Nero
2010-05-17 18:57 . 2008-02-15 16:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-11 13:36 . 2010-05-05 16:43 -------- d-----w- c:\program files\Avi2Dvd
2010-05-05 16:46 . 2010-05-05 16:46 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-05 16:18 . 2010-05-05 16:18 -------- d-----w- c:\program files\Zoner
2010-05-03 14:50 . 2010-05-03 14:50 -------- d-----w- c:\program files\Utherverse Digital Inc
2010-04-30 14:30 . 2010-04-30 14:29 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-29 09:47 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-28 09:50 . 2008-07-16 15:58 600680 -c--a-w- c:\windows\system32\NVUNINST.EXE
2010-04-25 18:21 . 2010-04-25 18:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-25 14:53 . 2010-04-25 14:53 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-04-24 08:35 . 2010-04-24 08:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-24 06:25 . 2007-03-13 14:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-23 19:06 . 2010-04-23 19:05 -------- d-----w- c:\program files\BitComet
2010-04-23 13:55 . 2010-04-23 13:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-23 13:08 . 2010-04-23 13:08 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-22 20:08 . 2010-04-22 20:08 82552 ----a-w- c:\windows\system32\prfc0405.dat
2010-04-22 20:08 . 2010-04-22 20:08 437832 ----a-w- c:\windows\system32\prfh0405.dat
2010-04-22 18:27 . 2010-04-22 18:27 -------- d-----w- c:\program files\Yamicsoft
2010-04-16 15:10 . 2003-11-07 12:28 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-16 15:10 . 2003-11-07 12:28 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-14 14:43 . 2010-04-11 16:56 -------- d-----w- c:\program files\ICQ7.1
2010-04-12 20:05 . 2010-04-12 20:06 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-12 20:05 . 2010-04-13 03:25 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-07 17:07 . 2006-06-13 17:09 737280 -c--a-w- c:\windows\iun6002.exe
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:23 . 2010-04-03 17:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-04-03 17:23 . 2010-04-03 17:23 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 11:16 . 2010-03-18 11:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 11:16 . 2010-03-18 11:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 08:09 . 2010-03-18 08:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 08:09 . 2010-03-18 08:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 08:09 . 2010-03-18 08:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 08:09 . 2010-03-18 08:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-16 00:08 . 2010-04-09 19:18 4332136 ----a-w- c:\windows\system32\NVStWiz.exe
2010-03-10 06:17 . 2004-08-17 13:49 420352 ----a-w- c:\windows\system32\vbscript.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpeedUpMyPC"="x:\sprava systemu\SpeedUpMyPC\launcher.exe" [2010-04-14 46376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-23 135168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-23 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-23 163840]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"NBKeyScan"="x:\nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVP"="x:\sprava systemu\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DRIVER PNP Monitor.lnk - c:\program files\Digital Camera\DRIVERM.exe [2009-12-31 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0\0te\0oodbs\0\0\0M

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lqu16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 14:31 136176 ----atw- c:\documents and settings\Fanda_2\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessGovernor]
2010-05-04 13:49 232464 ----a-w- c:\program files\Process Lasso\ProcessGovernor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessLassoManagementConsole]
2010-05-04 13:49 416784 ----a-w- c:\program files\Process Lasso\ProcessLasso.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"O&O Defrag"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"PnkBstrA"=2 (0x2)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"InterBaseServer"=3 (0x3)
"InterBaseGuardian"=2 (0x2)
"IDriverT"=3 (0x3)
"Hamachi2Svc"=2 (0x2)
"gupdate1ca2e1dedcf2d6c"=2 (0x2)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"S3D Service (Win32)"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"x:\\Hry\\Battlefield 2\\BF2.exe"=
"x:\\Hry\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"x:\\Hry\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"x:\\Hry\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"x:\\Hry\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"16487:TCP"= 16487:TCP:BitComet 16487 TCP
"16487:UDP"= 16487:UDP:BitComet 16487 UDP
"17423:TCP"= 17423:TCP:BitComet 17423 TCP
"17423:UDP"= 17423:UDP:BitComet 17423 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14. 10. 2009 20:18 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12. 4. 2010 22:06 64288]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5. 7. 2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13. 3. 2007 16:59 691696]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14. 9. 2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2. 10. 2009 18:39 19472]
S0 Lqu16;Lqu16;c:\windows\system32\Drivers\Lqu16.sys --> c:\windows\system32\Drivers\Lqu16.sys [?]
S1 kcp;kcp; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S3 DfSdkS;Defragmentation-Service;x:\programy\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [7. 5. 2010 16:29 406016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [26. 7. 2009 12:54 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [26. 7. 2009 12:54 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [26. 7. 2009 12:54 42112]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29. 5. 2007 14:30 508160]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
S4 gupdate1ca2e1dedcf2d6c;Služba Google Update (gupdate1ca2e1dedcf2d6c);c:\program files\Google\Update\GoogleUpdate.exe [5. 9. 2009 13:42 133104]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [25. 10. 2001 16:00 3584]
S4 S3D Service (Win32);S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [21. 5. 2010 15:52 360960]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = hxxp://bfirst.info/in.cgi?2&key=free+software+downloads
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí NetXferu - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Stáhnout vše pomocí Net&Xferu - c:\program files\Xi\NetXfer\NXAddList.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-nwiz - nwiz.exe
SafeBoot-Lavasoft Ad-Aware Service
AddRemove-Czech Soccer Manager 2002 Final Edition - c:\program files\CSM2002FE\DeIsL1.isu
AddRemove-QUICKMEDIACONVERTER - c:\program files\QuickMediaConverter\WDUNINST.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 11:44
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8AA6E8F0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> prosync1.sys @ 0xb85b26c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7cffbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d0ca21
SendHandler -> NDIS.sys @ 0xb7cea87b
user & kernel MBR OK
PE file found in sector at 0x06FC7CCF !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="DC2D991700E749955FAEC38DA32D7A2C07250156BF114C3EBF3885365B76B48EBB50A1321600B4D81E8FBE0A1EBC5C36B628701B2F9F61604A77117725C546BA7079F0E0A4128F2FF988940E42148D5DEC6F01BB51402D9111462113AB78E59509A72C5E9C6529CDF82DA70ECE1FECA2C9427789CD24C03FEA437A5A9D23F51B316FB797D792D3DB43A71FB4621BDD7C8B00DA0EAD4EAF4C4FA125D00C2EDABBBEF6BD2F10076576A2B26862801C4AD21998F7845D96138EDEA56EB0EDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA2D97226D213B5559DB7CE019D40AA5CE02F29111F9D6F7500A9BCCD848704C64B444341643CE8A7BA095D5DF9574E79BFDE9C8B216A8FFD3E25BF7EF2224BE65856410B35EEE4F981BFB10B1EC33E426C4A65E5616A56573F4C718B135A21A79FF3F69DD5AB4B62873B3D0CE017AFE672F0265C480037C5D04FE0E922147756549DFE48F9FB29D706EBC9260B996CA4B05872CF53D35AF097E310337578F1A47FDA69FD682841368A499146F75572A1D88554C593D21C698AC1F4A5F1F5E8AAFEB33956FC3E083D764FC47B1998F466F30747E72F2D8A9FF5A5F823903DE9E10337640CA511270F81F9087AF1785BDFD9E8BD01DDD6EAE77850F931E04333A81076577D67377D34B2CDF39A9ACA3F5CBB429C826F07B2FB88074A7B0541BCC17E07EF2DD7899A17E9D113D8BF2B6E131B29BB83C23B8EF9EA92B0CCB334ABD2FC03814423A7C488D610665321796D9A4FB869BA4D335DE23D3E6619B55DDE670A07D38B09F1763A0216E1CE9457F0EE829167051AF2341CEEDB9AF66AC1E56C7BB52171DA10DBC443776D34802D6472B357E7644542D86FC33FEC1E452C05B679B3980B026BD6A3C84BE58DE12565E73631967D7FAC48895242756DCA26B5F9822CDD0EF9B27D36942C198CC92FC7F7B0CB0F180F0530FB09BF3D689404A351E44C0755CF5818BEFCB74D835BFE91AF9DD4E3A2CC5C753D251A4333535AAF3D47C41F5E2811A6E5AA91396BCE0AFDFE4C0218ADA68D30A4BBB5F89647816E9C224C254FBA5757369BDF8A60F10CF9B95E8A266D1CB22AF134F944834917A839C19B8D6CD16B929F22CD5FA1A30529994B2979BB442CE3444955000A407C5ABBC671BD234ECD707563094C9158B7E0B95E1D7514C79F12238D36F860AB553432270E927F21C33EEED9C5D93B97AAAD1BB5AB6D1A64F399F66293F1DF1F8D1B10AAB859B553D8FE2753B90349002ACC22C39CAB0F6B55970D00642087C0CF272BED39551CFEDAE69F701FB98ABFC33198D0B9EADD41B4DB17F2A6AE78C80F253E62DE3DAED4DBE0B82936DF741C4C8028F554DE935F45692A1A593B7807FE9467CC7BBD"
"OODEFRAG12.00.00.01PROFESSIONAL"="F6B5A1D1EF2722A0A8434E037586A18D4C9D8B3D0847AC5E03058B759E9BEBCEF28A2BF6B1FDC437F961E8F19E0EBDDF36C73716D5FCB0E0627B933D5C8F5099FAC372229AAD7EAE388502AE837AEE1DD46A3157FA099CE02A95107F9D190AA1946CF47DCF645E78AFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C5EE628C4BBED302368D6653178C0D4FD2E972907716389982BF954C0E26E3030C2FFD531358F13AE16EEBBB9F31DDB1F54142CF90018D2B21C99D37EF99B80F98A07F7B77505212F3C78AD69DD5933448DF47D332588A02C7B78A4192F83BB17CABCF6EE090D50A904E41405742781B1D653D0DA5627E471BB8ED4FDEA8669950AB79A779B841735D2BB72AD9F03AFC4E6AFE82F7942276C4EF80DE84BB19492EEF2D38B19A3CF508FAB5DB771368C738F891CEF91E10E1F3F49C7E75FC1816B33E3EC3BA3C530BBECEA7AA418A79393B8C981F41DFC4AED7D1C052E6698A2A054DA5028D58778336AC9E8790F048E53B99DD37A66BA4D3A7861090D3337B8147C97EC0E4DEFB80A48CCF72810F10B5228551EB470C741E9D855104793F5A6F26D388DEBFF01A79475C147FF3667263DCAA83A8043EDF30F4B5EF0DDAA67B99507E27D1E0E56E39DD7C68D80DA976805A562A6B033075FC72F1F99E3DB794F9F7D3639FCFC678DEAAC1ECBCB44104EE114A9F452D48A5CE598AA240ABF341DDD24D69E7D7D31E5CF6F4E77B164868E778BCE1DEAE9E4941F341428DF31102E69D5C0858070026780CD4C179220D56F60E591270F880194690CD51342877BA8A16E4B3B732EE3D4E3C9086328C9562FB523CF6C8C26DB422805AEF799F4630157EBE055B6F7D754ED8CDE731CD16852949F8F9CA031A9D6C1986E13372CD11201E3636301ABAC037BB263B98A2FD1E877B1429EC786E3A94B4660C4D8014E9A1BE0B28B852E6F9243F26F71D0AE96D747608B7B7A3885558AF7E7B466AD230DC30F15E86797ADB7D434EBC0948AE191CCAC2F8CB49389D4E6DCBDDB297F6BAEBC4128244389F0602AA1549B766D2A8858CA7E859F202A55E51BC85B831A244BCD2875D2CF8B37F455FE1829B30920B87D40B2428EE9D62464735EA95A62BEB913463E110EA4A2F2EC992F1BAB5DD92CCC037ED914C782F16BC0BA716A919B600C9A8215202A961F65D78442DCA5772D5EE6B2A0461B3CAB2A1897B9DAF2C0BF0F24FD5EDF34DC6AD89D64AA109D645F68658E4824722D6D56D70492573D334241A445A6C3C62F3B6C9E9F857CA6809D7AE244BA2DA4DDA0B98F01737F2B6E129A666AEEF1B4B60C8975BE8A5304B9E7315E8AE8E3DF240B221B49073702EA8E60A8AF62C931F69"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1468)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll
c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\NVRSCS.DLL
c:\windows\system32\nvapi.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
c:\program files\NVIDIA Corporation\nView\nvshell.dll
c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
x:\sprava systemu\SpeedUpMyPC\sump.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\igfxsrvc.exe
x:\sprava systemu\klwtblfs.exe
.
**************************************************************************
.
Celkový čas: 2010-06-06 11:58:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-06 09:58

Před spuštěním: Volných bajtů: 35 534 757 888
Po spuštění: Volných bajtů: 38 750 494 720

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 1A97771F6D21638A4122C857F5B9B96B

[Caroprd111]

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[crash01]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys >>UNKNOWN [0x8AB885D0]<<
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x06FC7CCF !

[Caroprd111]

OK, ještě log z Gmer.

[crash01]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-06 13:11:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Fanda_2\LOCALS~1\Temp\ugtdypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB4E2DECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB4E2DF74]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Ještě druhý log z Gmer.

[crash01]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-06 17:38:41
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Fanda_2\LOCALS~1\Temp\ugtdypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB4E2E58C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB4E2EE0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB4E2F922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB4E2FE94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB4E2F0EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB4E2D436]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB4E2FD6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB4E2E192]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB4E2FC28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB4E2E34E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB4E2FFC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB4E31C08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB4E2EAAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB4E2FCCA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB4E315FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB4E2D9FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB4E2DD88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB4E2F576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB4E325CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB4E2DECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB4E2DF74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB4E2F382]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB4E3168C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB4E2D412]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB4E2D424]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB4E31CBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB4E2E0C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB4E2FF36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB4E2EE8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB4E2D5DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB4E2FE04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB4E2E792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB4E31C32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB4E30068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB4E2E6B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB4E2E01E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB4E2DC46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB4E31FD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB4E2D896]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB4E31922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB4E2DB0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB4E2D2B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB4E303F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB4E302B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB4E3139A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB4E34E2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB4E324AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB4E2D248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB4E2F65C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB4E2ECC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB4E30C4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB4E31786]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB4E32114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB4E2D71E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB4E321F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB4E32320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB4E31526]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB4E2E90A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB4E2E860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB4E31E8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB4E2E9EA]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B4E234DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B4E238B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C98 80504534 16 Bytes [4E, E3, E2, B4, C6, FF, E2, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D54 805045F0 12 Bytes [8C, 16, E3, B4, 12, D4, E2, ...] {MOV WORD [ESI], SS; JECXZ 0xffffffffffffffb8; ADC DL, AH; LOOP 0xffffffffffffffbc; AND AL, 0xd4; LOOP 0xffffffffffffffc0}
.text ntkrnlpa.exe!ZwCallbackReturn + 2ED0 8050476C 16 Bytes [0E, DB, E2, B4, B0, D2, E2, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [F8, 21, E3, B4, 20, 23, E3, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 80504870 8 Bytes JMP 68B0FD57
.text ...
.xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xB7F67000, 0xC58, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7376380, 0x566445, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB4EDFA00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B48EACC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B48EACC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\prodrv06 \Device\ProDrv06 E1D9A008
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-1f prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E100D230

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5E 0xB0 0xB5 0x48 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x88 0x96 0xAE 0x85 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0x46 0x0C 0x84 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xED 0x40 0xF5 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD7 0xE4 0xB6 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x88 0x96 0xAE 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0x46 0x0C 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE3 0xE7 0x5B 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD7 0xE4 0xB6 0x3F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x88 0x96 0xAE 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0x46 0x0C 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE3 0xE7 0x5B 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5E 0xB0 0xB5 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x5C 0x7B 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x88 0x96 0xAE 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0x95 0xAE 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x76 0xB4 0x0D 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x94 0x59 0x66 0x9D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5E 0xB0 0xB5 0x48 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x88 0x96 0xAE 0x85 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x12 0x46 0x0C 0x84 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x39 0x18 0xD7 0x13 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5E 0xB0 0xB5 0x48 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x5C 0x7B 0x7D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x88 0x96 0xAE 0x85 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0x95 0xAE 0x2B ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x76 0xB4 0x0D 0x7A ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x94 0x59 0x66 0x9D ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION DC2D991700E749955FAEC38DA32D7A2C07250156BF114C3EBF3885365B76B48EBB50A1321600B4D81E8FBE0A1EBC5C36B628701B2F9F61604A77117725C546BA7079F0E0A4128F2FF988940E42148D5DEC6F01BB51402D9111462113AB78E59509A72C5E9C6529CDF82DA70ECE1FECA2C9427789CD24C03FEA437A5A9D23F51B316FB797D792D3DB43A71FB4621BDD7C8B00DA0EAD4EAF4C4FA125D00C2EDABBBEF6BD2F10076576A2B26862801C4AD21998F7845D96138EDEA56EB0EDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA2D97226D213B5559DB7CE019D40AA5CE02F29111F9D6F7500A9BCCD848704C64B444341643CE8A7BA095D5DF9574E79BFDE9C8B216A8FFD3E25BF7EF2224BE65856410B35EEE4F981BFB10B1EC33E426C4A65E5616A56573F4C718B135A21A79FF3F69DD5AB4B62873B3D0CE017AFE672F0265C480037C5D04FE0E922147756549DFE48F9FB29D706EBC9260B996CA4B05872CF53D35AF097E310337578F1A47FDA69FD682841368A499146F75572A1D88554C593D21C698AC1F4A5F1F5E8AAFEB33956FC3E083D764FC47B1998F466F30747E72F2D8A9FF5A5F823903DE9E10337640CA511270F81F9087AF1785BDFD9E8BD01DDD6EAE77850F931E04333A810765
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL F6B5A1D1EF2722A0A8434E037586A18D4C9D8B3D0847AC5E03058B759E9BEBCEF28A2BF6B1FDC437F961E8F19E0EBDDF36C73716D5FCB0E0627B933D5C8F5099FAC372229AAD7EAE388502AE837AEE1DD46A3157FA099CE02A95107F9D190AA1946CF47DCF645E78AFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808C5EE628C4BBED302368D6653178C0D4FD2E972907716389982BF954C0E26E3030C2FFD531358F13AE16EEBBB9F31DDB1F54142CF90018D2B21C99D37EF99B80F98A07F7B77505212F3C78AD69DD5933448DF47D332588A02C7B78A4192F83BB17CABCF6EE090D50A904E41405742781B1D653D0DA5627E471BB8ED4FDEA8669950AB79A779B841735D2BB72AD9F03AFC4E6AFE82F7942276C4EF80DE84BB19492EEF2D38B19A3CF508FAB5DB771368C738F891CEF91E10E1F3F49C7E75FC1816B33E3EC3BA3C530BBECEA7AA418A79393B8C981F41DFC4AED7D1C052E6698A2A054DA5028D58778336AC9E8790F048E53B99DD37A66BA4D3A7861090D3337B8147C97EC0E4DEFB80A48CCF72810F10B5228551EB470C741E9D855104793F5A6F26D388DEBFF01A79475C147FF3667263DCAA83A8043EDF30F4B5EF0DDAA67B99507E27D1E0E56

---- EOF - GMER 1.0.15 ----