VIRY.CZ

Klikni na Start, prejdi na Spustit, do nej zadej prikaz: "%userprofile%\plocha\win32kdiag.exe" -f -r , klikni na Ok

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= -
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
File::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
Folder::
c:\program files\Ask.com
Extra::
FireFox::
FF - ProfilePath - c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - Ext: PandoraTV Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Sukoku: {7AB6D133-2A14-4C11-B3AD-35B1548D38F9} - c:\program files\Mozilla Firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
RESTORE::
c:\windows\regedit.exe

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

Nový log.

ComboFix 11-03-01.03 - Ostravak 07.03.2011 21:45:42.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.233 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ostravak\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ostravak\Plocha\CFScript.txt
AV: F-Secure Profi Antivirus 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -

FILE ::
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitAutoCompleteSearch.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitAutoCompleteSearch.xpt
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.idl
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.xpt
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.xpt
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.xpt
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults\default_radio_skin.xml
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults\fbAlert.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome.manifest
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome\zynga.jar
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\install.rdf
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\lib\xpcom.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\manifest.mf
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\zigbert.rsa
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\zigbert.sf
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.gif
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.ico
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.PNG
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.src
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.xml
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\version.txt
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\datastore\cache.sqlite
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\defaults.js.bak
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome.manifest
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\about.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\about.xul
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\cache.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\constants.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\core.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\custom-command-listener.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\events.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\feeds.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\json.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\lifecycle.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\listeners.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\locale.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\logger.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\network.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\observer.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\options.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\options.xul
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\preferences.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\prefetch.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\ss-popup-bindings.xml
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\suggestions.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\update.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\utilities.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\webframe-bindings.xml
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\webframe-manager.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\widget-controller.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\widget-popup.xul
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\content\widgets.js
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\amazon_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\ask_kmp1.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\ask_mail.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\bg.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\blogs.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\business.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\celebrity.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\close.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\cnn_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\dictionary.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\email_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\facebook_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\games_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\globe_18x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\gripper.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\highlight_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\highlighter_off.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\highlighter_on.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\chevron.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\icon_history_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\icons_business_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\images.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\labels-de.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\labels-en.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\labels-es.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\labels-fr.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\labels-it.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\labels-nl.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\labels-pt.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\labels-ru.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\links-BR.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\links-DE.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\links-ES.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\links-EU.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\links-FR.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\links-IT.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\links-NL.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\links-RU.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\links-UK.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\links-US.properties
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\logo_32x32.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\magnify_search.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\magnify_search_grey_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\maps.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\news.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\personas.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\preferences.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\ptv.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_ask.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_ask_de.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_ask_es.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_ask_fr.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_ask_it.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_ask_nl.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pl.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pt.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_ask_ru.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_cobrand.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_current_site.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_de.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_es.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_fr.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_grey_73x24.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_it.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_nl.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_pl.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_pt.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\search_ru.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\shopping.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\stocks.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\titlebar_bg.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\toolbar.css
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\toolbar.xul
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\weather.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\weather_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\web.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\wordoftheday_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\youtube_16x.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\skin\zoomall.png
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-18-Oct-2010-16-44-19-GMT\ff-config.zip
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\install.rdf
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\logs\asktb-log-1296670298690.html
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\logs\asktb-log-1296813387250.html
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\logs\asktb-log-1298570066921.html
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\logs\asktb-log-1298572282888.html
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\logs\asktb-log-1299236696171.html
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\logs\asktb-log-1299274421296.html
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\logs\asktb-log-1299275836697.html
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\logs\asktb-log-1299314919466.html
c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\toolbar@ask.com\searchplugins\askcom.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Ostravak\Data aplikací\PriceGong\Data\z.xml
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_4d.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Mozilla Firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}
c:\program files\Mozilla Firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}\chrome\sukoku.jar
c:\program files\Mozilla Firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}\install.rdf
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

c:\windows\regedit.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-07 do 2011-03-07 )))))))))))))))))))))))))))))))
.

2011-03-05 07:36 . 2008-04-14 08:52 147968 ------w- c:\windows\regedit.exe
2011-03-04 11:03 . 2011-03-04 11:04 -------- d-----w- C:\rsit
2011-03-04 11:03 . 2011-03-04 11:04 -------- d-----w- c:\program files\trend micro
2011-03-04 10:35 . 2011-03-04 10:44 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z....Z..ZZ.Z
2011-03-04 10:00 . 2011-03-04 10:01 -------- d-----w- c:\program files\CCleaner
2011-03-04 09:56 . 2011-03-04 09:59 -------- d-----w- c:\program files\RegCleaner
2011-03-04 08:04 . 2011-03-04 08:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 19:56 . 2010-11-21 18:11 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-02 13:51 . 2011-01-02 13:51 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-02 13:51 . 2011-01-02 13:51 138056 -c--a-w- c:\documents and settings\Ostravak\Data aplikací\PnkBstrK.sys
2011-01-02 13:51 . 2011-01-02 13:51 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-02 13:51 . 2011-01-02 13:51 189248 -c--a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-02 13:51 . 2011-01-02 13:51 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-31 14:04 . 2004-08-17 13:44 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-17 13:49 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-22 07:32 . 2009-11-05 17:25 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2010-12-20 23:52 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-17 13:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:52 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:25 . 2004-08-17 13:49 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2010-12-15 12:43 . 2009-11-05 17:26 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-12-09 15:15 . 2004-08-17 13:48 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 13:45 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2004-08-17 15:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-17 . 6F877BF8DC01A550CD666F3BEDB2213C . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2008-04-14 03:21 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-17 13:49 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . C0BD34A62508BA68F146E22CE45919F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 2B269C916766BDB43404F043B763427D . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . BEF7BB41E666EAA34BE7E99C2B107DB8 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . C868F3AE15CF71A93F2AA3A32856D839 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . C868F3AE15CF71A93F2AA3A32856D839 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-17 . C72C15EE57E248C66E57C76CAB086CF2 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll

[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 3D107D45CCFDB266E91D84B52CD7F430 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 4F9F7B567970B524F31D9970A23F7C24 . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-09 . 33081FED75032291EE0E008D5385E86F . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . F0D2AE69035092BF22DAD6B50FAB85C2 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . F0D2AE69035092BF22DAD6B50FAB85C2 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-17 . 6E401E61F952FBBF708AFBECEFAFAE81 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe

[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 398314DF0B21338C4996B469101750D1 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:25 . BE68EA4457E2E5717231CF91BE5448E0 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:19 . 3440C414044935B124B5821C0994B37F . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 03:21 . 260C69FD67687B0DC062FC3D31655857 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 03:21 . 260C69FD67687B0DC062FC3D31655857 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-17 13:49 . 972378B907070F64932A87C90A035487 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll

[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . 9A4D2A6C4B7BD60851553C095CD71AF8 . 984576 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 0D8F61460F84139BBE5E391D8DE18D9A . 990208 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 8D18BA8E854890074B6FB92D7D0C02FA . 987648 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . FD91CD95A1C663DF54DD371CC8A234DE . 988160 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . FD91CD95A1C663DF54DD371CC8A234DE . 988160 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-17 . 98DA079F61265BC26D4587E280B79F30 . 982016 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll

[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . EC8D5E09C6CA5F52858A5EB71F308FDF . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-17 . AB47015B67531572BE46C0C08222C84C . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2001-10-25 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . B6CEC406351EA5EF131416D5F52D006F . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . A6E79B60AC73241E5721AB6A573D2B24 . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 37BABA5DBD9027837FDC27E5D6EF33E1 . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . AAC97DAB5F8A0573CF10E0EAC42A7724 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . AAC97DAB5F8A0573CF10E0EAC42A7724 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-17 . 64C078BD4EFD441C3F159EDC5EA4420A . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 859F7735F199C90403340183A3DDFB78 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 859F7735F199C90403340183A3DDFB78 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-17 . C2B86666FC44B48903AD6016D15A23DF . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-17 . FAABA83BE47C5B15F620FAA53267A9B8 . 345088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll

[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2001-10-25 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-14 03:21 . 6199B2AE3F9DB9CB6DB230471A1DC601 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-17 13:49 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll

[-] 2008-04-14 03:21 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 03:21 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-17 13:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-17 . 8ECC475F5BAD26DB85943F888D62E364 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 3B8AE11A3419DF8239183E94888702FA . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 3B8AE11A3419DF8239183E94888702FA . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-17 . A19F5837E52D57DB66D9DB55BFCC7796 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . EDAD701F01FFD9B5799B8FCF1CF6BDA7 . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . EDAD701F01FFD9B5799B8FCF1CF6BDA7 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-17 . 0F9A5DD4503E82B085D8B1336B961A81 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 03:21 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 03:21 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-17 13:49 . 33F14F23DFAE4B43CDD4E535CD7C1963 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-17 . 6C08FF4B76506676617E03C34ECCFB11 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-17 . E472BDA53A4DCD2142143AF9FD25C99A . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . FA4E1CDBA256787F2149F4AAD07BC91F . 176640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . FA4E1CDBA256787F2149F4AAD07BC91F . 176640 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-17 . 2CEEBB402187AE56B585701F3D191FB3 . 176128 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll

[-] 2008-04-14 . C1CDD9275F6A115BB0AE1D55D8D27BA6 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . C1CDD9275F6A115BB0AE1D55D8D27BA6 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-17 . 0645CCDDDD27F96EEA3534C1DEF736D9 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-03-05_08.09.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-07 20:48 . 2011-03-07 20:48 16384 c:\windows\temp\Perflib_Perfdata_664.dat
- 2010-08-29 08:06 . 2010-07-05 13:13 18296 c:\windows\system32\spmsg.dll
+ 2010-08-29 08:06 . 2010-02-22 14:20 18296 c:\windows\system32\spmsg.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 66560 c:\windows\system32\mshtmled.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 02:31 . 2010-12-20 23:52 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 02:31 . 2010-11-06 00:23 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 25600 c:\windows\system32\jsproxy.dll
- 2009-06-29 19:35 . 2010-11-06 00:23 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-29 19:35 . 2010-12-20 23:52 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-07-29 08:35 . 2010-11-06 00:23 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-07-29 08:35 . 2010-12-20 23:52 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:10 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 206848 c:\windows\system32\occache.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 206848 c:\windows\system32\occache.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 611840 c:\windows\system32\mstime.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 611840 c:\windows\system32\mstime.dll
- 2009-03-08 02:32 . 2010-11-06 00:23 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 02:32 . 2010-12-20 23:52 602112 c:\windows\system32\msfeeds.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 184320 c:\windows\system32\iepeers.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 184320 c:\windows\system32\iepeers.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-17 13:49 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-17 13:49 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
- 2008-05-31 14:48 . 2010-12-16 08:38 118152 c:\windows\system32\FNTCACHE.DAT
+ 2008-05-31 14:48 . 2011-03-07 19:27 118152 c:\windows\system32\FNTCACHE.DAT
- 2004-08-17 13:49 . 2010-11-06 00:23 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 916480 c:\windows\system32\dllcache\wininet.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44 440320 c:\windows\system32\dllcache\shimgvw.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-07-29 08:35 . 2010-11-06 00:23 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-07-29 08:35 . 2010-12-20 23:52 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-05-31 15:48 . 2009-06-25 08:27 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-31 15:48 . 2010-12-20 17:25 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:27 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:27 . 2009-06-25 08:27 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-29 19:35 . 2010-12-20 23:52 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-29 19:35 . 2010-11-06 00:23 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-10 13:32 . 2010-11-06 00:23 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-10 13:32 . 2010-12-20 23:52 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-17 13:49 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-17 13:49 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2010-04-20 05:32 . 2010-10-28 13:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-04-20 05:32 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-03-05 08:59 . 2010-07-05 13:13 391032 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-03-05 08:59 . 2010-07-05 13:13 233848 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-03-05 08:58 . 2010-11-06 00:23 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-03-05 08:58 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2004-08-17 13:49 . 2010-12-20 23:52 1210880 c:\windows\system32\urlmon.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 1210880 c:\windows\system32\urlmon.dll
- 2004-08-17 13:49 . 2010-07-27 06:30 8466432 c:\windows\system32\shell32.dll
+ 2004-08-17 13:49 . 2011-01-21 14:44 8466432 c:\windows\system32\shell32.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 5961216 c:\windows\system32\mshtml.dll
- 2009-03-08 02:32 . 2010-11-06 00:23 1991680 c:\windows\system32\iertutil.dll
+ 2009-03-08 02:32 . 2010-12-20 23:52 1991680 c:\windows\system32\iertutil.dll
+ 2009-02-09 14:07 . 2010-12-31 14:04 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-17 13:49 . 2010-12-20 23:52 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8466432 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8466432 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 5961216 c:\windows\system32\dllcache\mshtml.dll
- 2009-06-29 19:35 . 2010-11-06 00:23 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2009-06-29 19:35 . 2010-12-20 23:52 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2009-03-08 02:39 . 2010-12-20 10:52 11080704 c:\windows\system32\ieframe.dll
- 2009-03-08 02:39 . 2010-11-06 00:23 11080704 c:\windows\system32\ieframe.dll
- 2009-06-29 19:35 . 2010-11-06 00:23 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-29 19:35 . 2010-12-20 10:52 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-05 08:58 . 2010-11-06 00:23 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-13 20:08 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-13 3911776]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [5.11.2009 18:26 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [5.11.2009 18:25 82120]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.6.2009 13:25 685816]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [5.11.2009 18:25 68064]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31.5.2008 16:07 246520]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [5.11.2009 18:24 130728]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [5.11.2009 18:25 63992]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.12.2010 18:02 136176]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [5.11.2009 18:24 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [5.11.2009 18:24 25184]
.
Obsah adresáře 'Naplánované úlohy'

2011-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 17:01]

2011-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 17:01]

2011-03-07 c:\windows\Tasks\User_Feed_Synchronization-{AF5711A5-05BD-4F67-B03B-ADFDA1A2896E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
uInternet Connection Wizard,ShellNext = iexplore
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
BHO-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Toolbar-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-07 21:50
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\F-Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(776)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
c:\program files\F-Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'explorer.exe'(3884)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(696)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2011-03-07 21:55:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-07 20:55
ComboFix2.txt 2011-03-05 08:14

Před spuštěním: Volných bajtů: 18 483 986 432
Po spuštění: Volných bajtů: 18 872 057 856

- - End Of File - - E228E7F67694F48CFDD558FD13971C0D

stiahnes na plochu>Download>spustis>>vloz zelený text a klik >look,,log vloz sem

Kód: Vybrat vše

:filefind
regedit.exe
regedit.ex_

Nový log.

SystemLook 04.09.10 by jpshortstuff
Log created at 22:35 on 07/03/2011 by Ostravak
Administrator - Elevation successful

========== filefind ==========

Searching for "regedit.exe"
C:\WINDOWS\regedit.exe ------- 147968 bytes [07:36 05/03/2011] [08:52 14/04/2008] FDEB1D02CAE38665CBF114F44E6B997E
C:\WINDOWS\$NtServicePackUninstall$\regedit.exe -----c- 147968 bytes [19:55 29/06/2009] [13:49 17/08/2004] CB5A91928D94224E7E30EE277B45E8A3
C:\WINDOWS\ServicePackFiles\i386\regedit.exe ------- 147968 bytes [03:22 14/04/2008] [03:22 14/04/2008] FDEB1D02CAE38665CBF114F44E6B997E

Searching for "regedit.ex_"
No files found.

-= EOF =-

Combofix uz je po zaruke, odinstaluj
Premenuj ikonu combofixu na uninstall.exe
a spust.

Stiahni novu verziu, combofixu na plochu
http://www.bleepingcomputer.com/combofi ... t-combofix
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
FCOPY::
C:\WINDOWS\ServicePackFiles\i386\regedit.exe | C:\WINDOWS\regedit.exe

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

ja už dnes koncim, vloz sem log, zajtra pokracujeme.

Vkládám nový log.

ComboFix 11-03-05.01 - Ostravak 08.03.2011 20:01:47.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.283 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ostravak\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ostravak\Plocha\CFScript.txt
AV: F-Secure Profi Antivirus 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\regedit.exe . . . je infikován!!
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\regedit.exe --> c:\windows\regedit.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-08 do 2011-03-08 )))))))))))))))))))))))))))))))
.
.
2011-03-05 07:36 . 2008-04-14 03:22 147968 ----a-w- c:\windows\regedit.exe
2011-03-04 11:03 . 2011-03-04 11:04 -------- d-----w- C:\rsit
2011-03-04 11:03 . 2011-03-04 11:04 -------- d-----w- c:\program files\trend micro
2011-03-04 10:35 . 2011-03-04 10:44 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z....Z..ZZ.Z
2011-03-04 10:00 . 2011-03-04 10:01 -------- d-----w- c:\program files\CCleaner
2011-03-04 09:56 . 2011-03-04 09:59 -------- d-----w- c:\program files\RegCleaner
2011-03-04 08:04 . 2011-03-04 08:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 19:56 . 2010-11-21 18:11 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-02 13:51 . 2011-01-02 13:51 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-02 13:51 . 2011-01-02 13:51 138056 -c--a-w- c:\documents and settings\Ostravak\Data aplikací\PnkBstrK.sys
2011-01-02 13:51 . 2011-01-02 13:51 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-02 13:51 . 2011-01-02 13:51 189248 -c--a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-02 13:51 . 2011-01-02 13:51 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-31 14:04 . 2004-08-17 13:44 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-17 13:49 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-22 07:32 . 2009-11-05 17:25 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2010-12-20 23:52 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-17 13:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:52 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:25 . 2004-08-17 13:49 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2010-12-15 12:43 . 2009-11-05 17:26 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-12-09 15:15 . 2004-08-17 13:48 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 13:45 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2004-08-17 15:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
.
------- Sigcheck -------
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1B6162FE7F66B1A71A4B70F941C4AA9B . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-17 . 6F877BF8DC01A550CD666F3BEDB2213C . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 249276D3EF1E74B992299CB96099E4D7 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 72E1E9E2977BE08BDEEDB6D8FD9D4D40 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 03:21 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-17 13:49 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 19395D092FD85DDC2D9C7729CF5A2AC8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . C0BD34A62508BA68F146E22CE45919F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 2B269C916766BDB43404F043B763427D . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . BEF7BB41E666EAA34BE7E99C2B107DB8 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . C868F3AE15CF71A93F2AA3A32856D839 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . C868F3AE15CF71A93F2AA3A32856D839 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-17 . C72C15EE57E248C66E57C76CAB086CF2 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
.
[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 3D107D45CCFDB266E91D84B52CD7F430 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 4F9F7B567970B524F31D9970A23F7C24 . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-09 . 33081FED75032291EE0E008D5385E86F . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . F0D2AE69035092BF22DAD6B50FAB85C2 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . F0D2AE69035092BF22DAD6B50FAB85C2 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-17 . 6E401E61F952FBBF708AFBECEFAFAE81 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
.
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . F3AB0933CBD166D271992F411C27CCAF . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 398314DF0B21338C4996B469101750D1 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:25 . BE68EA4457E2E5717231CF91BE5448E0 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:19 . 3440C414044935B124B5821C0994B37F . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 03:21 . 260C69FD67687B0DC062FC3D31655857 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 03:21 . 260C69FD67687B0DC062FC3D31655857 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-17 13:49 . 972378B907070F64932A87C90A035487 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll
.
[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 6C60CA8AC7470AC01CFD3D24C7283CD1 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . 9A4D2A6C4B7BD60851553C095CD71AF8 . 984576 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 0D8F61460F84139BBE5E391D8DE18D9A . 990208 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 8D18BA8E854890074B6FB92D7D0C02FA . 987648 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . FD91CD95A1C663DF54DD371CC8A234DE . 988160 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . FD91CD95A1C663DF54DD371CC8A234DE . 988160 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-17 . 98DA079F61265BC26D4587E280B79F30 . 982016 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
.
[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 7FDE9FC15765E02B23E1756930165AD1 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . C66BA7BD13C8FB8BEC4863B88641C763 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . D165DFCB4EA452510E53416F573018BB . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . EC8D5E09C6CA5F52858A5EB71F308FDF . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-17 . AB47015B67531572BE46C0C08222C84C . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2001-10-25 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . B6CEC406351EA5EF131416D5F52D006F . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . A6E79B60AC73241E5721AB6A573D2B24 . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 37BABA5DBD9027837FDC27E5D6EF33E1 . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . AAC97DAB5F8A0573CF10E0EAC42A7724 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . AAC97DAB5F8A0573CF10E0EAC42A7724 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-17 . 64C078BD4EFD441C3F159EDC5EA4420A . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . C2ED0E3408F50BBC149D4F0936E67832 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 9FA69781CAA7A1DA981A24F240A61A60 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 830CE8951C71F361D7D2F38416CC8BC1 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 5EE949255BABC0B17C09DDB2E59E3878 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . C2546CD7A398476F9DF5614B2AE160E8 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 951D473917C51F21496D914CF6E5DDD1 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 859F7735F199C90403340183A3DDFB78 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 859F7735F199C90403340183A3DDFB78 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-17 . C2B86666FC44B48903AD6016D15A23DF . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . EAA4BB9EDB3FB10CF8979FE65E63658F . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 2EE99F67C930931EB404DADCE57E976E . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . B927443008910B412BEC72FC41C1BAD0 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-17 . FAABA83BE47C5B15F620FAA53267A9B8 . 345088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . 6B8E7A90E576D4FE308F97C69060A171 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2001-10-25 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2008-04-14 03:21 . 6199B2AE3F9DB9CB6DB230471A1DC601 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-17 13:49 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
[-] 2008-04-14 03:21 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 03:21 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-17 13:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 651BD90DCEE5B7BDC74A2EB7C9266F9E . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-17 . 8ECC475F5BAD26DB85943F888D62E364 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 3B8AE11A3419DF8239183E94888702FA . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 3B8AE11A3419DF8239183E94888702FA . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-17 . A19F5837E52D57DB66D9DB55BFCC7796 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . EDAD701F01FFD9B5799B8FCF1CF6BDA7 . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . EDAD701F01FFD9B5799B8FCF1CF6BDA7 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-17 . 0F9A5DD4503E82B085D8B1336B961A81 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 03:21 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 03:21 . 16C195EBC0A3EC35C48D0C2D9A346BAB . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-17 13:49 . 33F14F23DFAE4B43CDD4E535CD7C1963 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . 1682285F7C0934C764A0EBBC568153CA . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-17 . 6C08FF4B76506676617E03C34ECCFB11 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . 614F8186BDAB926E3B1D8927A4161B54 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-17 . E472BDA53A4DCD2142143AF9FD25C99A . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . FA4E1CDBA256787F2149F4AAD07BC91F . 176640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . FA4E1CDBA256787F2149F4AAD07BC91F . 176640 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-17 . 2CEEBB402187AE56B585701F3D191FB3 . 176128 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . C1CDD9275F6A115BB0AE1D55D8D27BA6 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . C1CDD9275F6A115BB0AE1D55D8D27BA6 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-17 . 0645CCDDDD27F96EEA3534C1DEF736D9 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-03-07_20.50.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-08 19:07 . 2011-03-08 19:07 16384 c:\windows\temp\Perflib_Perfdata_670.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-13 20:08 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-13 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [5.11.2009 18:26 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [5.11.2009 18:25 82120]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.6.2009 13:25 685816]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [5.11.2009 18:25 68064]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31.5.2008 16:07 246520]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [5.11.2009 18:24 130728]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [5.11.2009 18:25 63992]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.12.2010 18:02 136176]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [5.11.2009 18:24 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [5.11.2009 18:24 25184]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 17:01]
.
2011-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 17:01]
.
2011-03-07 c:\windows\Tasks\User_Feed_Synchronization-{AF5711A5-05BD-4F67-B03B-ADFDA1A2896E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
uInternet Connection Wizard,ShellNext = iexplore
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
.
- - - - - - - > 'lsass.exe'(776)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
c:\program files\F-Secure\FWES\Program\fsdc32.dll
.
- - - - - - - > 'explorer.exe'(3660)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(696)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2011-03-08 20:18:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-08 19:18
ComboFix2.txt 2011-03-08 18:56
ComboFix3.txt 2011-03-07 20:55
ComboFix4.txt 2011-03-05 08:14
.
Před spuštěním: Volných bajtů: 18 882 400 256
Po spuštění: Volných bajtů: 18 871 808 000
.
- - End Of File - - DA3ACEC3DD224636A919BA78B860192C

Otestuj na http://WWW.Virustotal.com
c:\windows\regedit.exe
c:\windows\system32\svchost.exe
Vypise ze uz subor bolo testovane,, preto daj REANALYSE, link z testu vloz sem.

Test píše že je Ok. Link nemůžu vložit protože ihned po zkopírování zamrzne počítač a já ho nemůžu ani uložit.

Po dlouhé době přece.

http://www.virustotal.com/file-scan/rep ... 1299616569

Toto ma viac zaujima,otestuj, Reanalyse.
c:\windows\regedit.exe

Stahni OTListIt2>> OTL
Označ položku Pro všechny uživatele.
Označ položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
do okna >vloz zeleny text a klik Klikn na tlačítko Prohledat
Po dokončení, sem vlož logy OTL.Txt a Extras.txt

Kód: Vybrat vše

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
regedit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

Nové logy.

http://www.virustotal.com/file-scan/rep ... 1299682048

OTL

OTL logfile created on: 9.3.2011 15:30:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ostravak\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 256,00 Mb Available Physical Memory | 50,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 17,40 Gb Free Space | 59,40% Space Free | Partition Type: NTFS
Drive D: | 47,03 Gb Total Space | 40,99 Gb Free Space | 87,15% Space Free | Partition Type: NTFS
Drive F: | 7,53 Gb Total Space | 3,60 Gb Free Space | 47,79% Space Free | Partition Type: FAT32

Computer Name: HANA | User Name: Ostravak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.03.09 14:37:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ostravak\Plocha\OTL.exe
PRC - [2011.02.02 15:22:23 | 000,918,184 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2011.02.02 15:22:06 | 000,508,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2011.01.04 14:29:17 | 000,372,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2010.12.20 15:53:26 | 000,063,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2010.05.24 19:56:11 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
PRC - [2009.10.27 10:27:00 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.08.05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSMA32.EXE
PRC - [2009.08.05 16:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSM32.EXE
PRC - [2009.08.05 16:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSHDLL32.EXE
PRC - [2009.08.05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.16 14:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

========== Modules (SafeList) ==========

MOD - [2011.03.09 14:37:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ostravak\Plocha\OTL.exe
MOD - [2010.08.23 17:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010.12.20 15:53:26 | 000,063,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.05.24 19:56:11 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009.10.27 10:27:00 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.08.05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009.08.05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)

========== Driver Services (SafeList) ==========

DRV - [2010.12.22 08:32:22 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2010.12.15 13:43:55 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010.11.30 14:46:58 | 000,130,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009.08.05 16:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009.08.05 16:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009.08.05 16:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009.06.04 13:25:13 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.04.25 15:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.08.17 16:43:40 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-839522115-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
IE - HKU\S-1-5-21-1935655697-839522115-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1935655697-839522115-725345543-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1935655697-839522115-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&o ... &gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{872A1C39-DF0B-4c8b-AD84-12BA24A3B781}: C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\FFToolbar
FF - HKLM\software\mozilla\Firefox\Extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF
FF - HKLM\software\mozilla\Firefox\Extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files\Media Access Startup\1.5.6.910\FF
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.08.27 18:09:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.28 16:10:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 21:30:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.08.27 18:09:46 | 000,000,000 | ---D | M]

[2008.05.31 15:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Extensions
[2011.03.07 22:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions
[2010.08.27 20:36:17 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.01.02 14:21:12 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\extensions\battlefieldheroespatcher@ea.com
[2011.03.04 12:04:57 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\searchplugins\askcom.xml
[2010.01.20 11:19:10 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\searchplugins\conduit.xml
[2011.03.04 22:47:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\searchplugins\icqplugin-1.xml
[2009.12.18 15:12:20 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\searchplugins\icqplugin-2.xml
[2010.01.06 19:33:49 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\searchplugins\icqplugin-3.xml
[2010.02.23 16:57:20 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\searchplugins\icqplugin-4.xml
[2010.04.01 06:09:42 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\searchplugins\icqplugin-5.xml
[2009.11.05 10:22:20 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\searchplugins\icqplugin.xml
[2011.03.07 22:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.31 13:37:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.21 07:00:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.26 07:38:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.21 09:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2008.05.31 15:54:14 | 000,000,000 | ---D | M] (Stahuj.cz) -- C:\Program Files\Mozilla Firefox\extensions\stahuj@centrum.cz
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OSTRAVAK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\6XXC0BOW.DEFAULT\EXTENSIONS\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OSTRAVAK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\6XXC0BOW.DEFAULT\EXTENSIONS\BATTLEFIELDHEROESPATCHER@EA.COM
[2010.08.21 06:31:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.08.27 18:09:46 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.06.23 06:35:04 | 000,001,619 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\FFToolbar.xml
[2010.10.22 15:41:48 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.10.22 15:41:48 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.10.22 15:41:48 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.10.22 15:41:48 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.10.29 20:00:17 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\sukoku125.xml
[2010.10.22 15:41:48 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.03.08 20:13:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-839522115-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ostravak\Dokumenty\Obrázky\Pozadí plochy.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ostravak\Dokumenty\Obrázky\Pozadí plochy.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.31 15:37:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vykreslování vektorové grafiky (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Datové vazby jazyka DHTML pro jazyk Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Vylepšené vytváření obsahu
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Třídy DirectAnimation jazyka Java
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Plánovač úloh
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011.03.09 15:28:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ostravak\Plocha\OTL.exe
[2011.03.08 20:06:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.03.08 19:49:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.03.08 19:49:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.03.08 19:49:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.03.08 19:49:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.03.05 08:43:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.03.05 08:25:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.03.05 08:19:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.03.04 12:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.03.04 12:03:53 | 000,000,000 | ---D | C] -- C:\rsit
[2011.03.04 11:35:35 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z....Z..ZZ.Z
[2011.03.04 11:04:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ostravak\Recent
[2011.03.04 11:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.03.04 10:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.03.09 15:30:34 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF5711A5-05BD-4F67-B03B-ADFDA1A2896E}.job
[2011.03.09 15:27:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.03.09 15:27:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.09 15:26:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.09 15:26:16 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.09 14:37:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ostravak\Plocha\OTL.exe
[2011.03.08 20:13:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.03.08 19:12:42 | 004,281,003 | R--- | M] () -- C:\Documents and Settings\Ostravak\Plocha\ComboFix.exe
[2011.03.07 22:34:51 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Ostravak\Plocha\SystemLook.exe
[2011.03.07 22:07:14 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.07 20:43:04 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Ostravak\Plocha\Win32kDiag.exe
[2011.03.07 20:27:57 | 000,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.03.05 09:59:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.03.05 08:44:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.03.04 22:35:03 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Ostravak\Plocha\mbr.exe
[2011.03.04 11:57:47 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Ostravak\Plocha\RSIT.exe
[2011.03.04 11:01:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.03.04 10:56:32 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\Ostravak\Plocha\RegCleaner.lnk
[2011.02.24 18:48:28 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Ostravak\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.03.08 19:58:54 | 004,281,003 | R--- | C] () -- C:\Documents and Settings\Ostravak\Plocha\ComboFix.exe
[2011.03.08 19:49:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.03.08 19:49:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.03.08 19:49:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.03.08 19:49:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.03.08 19:49:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.03.07 22:34:50 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Ostravak\Plocha\SystemLook.exe
[2011.03.07 20:50:30 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Ostravak\Plocha\Win32kDiag.exe
[2011.03.05 09:58:27 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.03.05 08:44:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.03.05 08:43:50 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.03.04 22:35:02 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\Ostravak\Plocha\mbr.exe
[2011.03.04 11:57:46 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Ostravak\Plocha\RSIT.exe
[2011.03.04 11:01:05 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.03.04 10:56:32 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\Ostravak\Plocha\RegCleaner.lnk
[2011.01.02 14:51:51 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.01.02 14:51:50 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Ostravak\Data aplikací\PnkBstrK.sys
[2011.01.02 14:51:32 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011.01.02 14:51:26 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.12.06 18:08:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.11.05 18:26:12 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009.08.31 10:55:57 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.06.01 17:04:43 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Ostravak\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.01 16:49:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.05.31 17:01:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.05.31 16:59:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008.05.31 15:48:05 | 000,118,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.31 15:40:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.05.31 15:33:14 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005.10.14 10:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 10:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 10:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2004.08.17 14:58:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.04.23 14:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003.02.18 17:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2001.10.25 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 15:00:00 | 000,318,732 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 15:00:00 | 000,316,844 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 15:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 15:00:00 | 000,049,260 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 15:00:00 | 000,043,236 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 15:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010.02.10 10:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
[2010.08.27 20:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ashampoo
[2009.05.31 16:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.11.05 18:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\f-secure
[2010.02.10 09:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy2
[2010.05.24 19:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\fssg
[2009.11.27 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.08.27 18:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
[2010.08.27 18:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009.12.22 18:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.01.31 17:59:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{F14A989E-0102-460B-ADB5-BC208314A307}
[2010.08.27 20:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ostravak\Data aplikací\Ashampoo
[2010.08.18 16:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ostravak\Data aplikací\Black Sea Studios
[2009.05.31 16:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ostravak\Data aplikací\ESET
[2009.11.05 18:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ostravak\Data aplikací\F-Secure
[2011.02.02 15:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ostravak\Data aplikací\ICQ
[2010.08.27 18:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ostravak\Data aplikací\Nokia
[2010.08.27 18:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ostravak\Data aplikací\PC Suite
[2011.03.09 15:30:34 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AF5711A5-05BD-4F67-B03B-ADFDA1A2896E}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.06.29 20:52:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.06.29 20:52:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.06.29 20:52:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.06.29 20:52:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 14:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004.08.17 14:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: REGEDIT.EXE >
[2004.08.17 14:49:28 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=CB5A91928D94224E7E30EE277B45E8A3 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 04:22:42 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=FDEB1D02CAE38665CBF114F44E6B997E -- C:\WINDOWS\regedit.exe
[2008.04.14 04:22:42 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=FDEB1D02CAE38665CBF114F44E6B997E -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe

< MD5 for: SCECLI.DLL >
[2004.08.17 14:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.06.04 13:25:13 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.05.31 15:47:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.05.31 15:47:08 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.05.31 15:47:08 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010.12.15 13:43:55 | 000,042,664 | ---- | M] () -- C:\WINDOWS\system32\drivers\fsbts.sys
[2010.12.22 08:32:22 | 000,082,120 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\system32\drivers\fsdfw.sys
[2011.01.02 14:51:50 | 000,138,056 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:671329E4

< End of report >

EXTRAS

OTL Extras logfile created on: 9.3.2011 15:30:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Ostravak\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 256,00 Mb Available Physical Memory | 50,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 17,40 Gb Free Space | 59,40% Space Free | Partition Type: NTFS
Drive D: | 47,03 Gb Total Space | 40,99 Gb Free Space | 87,15% Space Free | Partition Type: NTFS
Drive F: | 7,53 Gb Total Space | 3,60 Gb Free Space | 47,79% Space Free | Partition Type: FAT32

Computer Name: HANA | User Name: Ostravak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1935655697-839522115-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DB775C7-E32D-11D5-B2A8-00C04F538F89}" = Army Men RTS
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6889EE56-1816-4E89-94DF-9F56E7804039}_is1" = Counter-Strike 1.6 Non-Steam patch v36
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{84BAD30E-07CD-496A-AC88-EE9C8DFE2327}_is1" = FlatOut
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90850405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DVD Flick_is1" = DVD Flick 1.3.0.7
"F-Secure Product 277" = F-Secure Profi Antivirus
"GameSpy Arcade" = GameSpy Arcade
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{4DB775C7-E32D-11D5-B2A8-00C04F538F89}" = Army Men RTS
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"Nokia Ovi Suite" = Nokia Ovi Suite
"OpenAL" = OpenAL
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 0.9.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4.3.2011 6:42:36 | Computer Name = HANA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 4.3.2011 6:50:04 | Computer Name = HANA | Source = OviSuite | ID = 1
Description =

Error - 4.3.2011 6:52:50 | Computer Name = HANA | Source = F-Secure Management Agent | ID = 103
Description = 1 2011-03-04 11:52:49+02:00 hana HANA\Ostravak F-Secure Management
Agent The incremental policy file (policy.ipf) was corrupted and a backup copy
of it was successfully taken into use. Some local settings or statistics may have
been lost.

Error - 4.3.2011 17:46:19 | Computer Name = HANA | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2011-03-04 22:45:27+02:00 hana HANA\Ostravak F-Secure Anti-Virus

An error occurred while scanning \DEVICE\HARDDISKVOLUME1\WINDOWS\TASKS\GOOGLEUPDATETASKMACHINEUA.JOB.

Error - 4.3.2011 17:46:27 | Computer Name = HANA | Source = F-Secure Anti-Virus | ID = 103
Description = 2 2011-03-04 22:46:09+02:00 hana HANA\Ostravak F-Secure Anti-Virus

An error occurred while scanning \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\OSTRAVAK\PLOCHA\MBR.EXE:ZONE.IDENTIFIER.

Error - 7.3.2011 17:06:01 | Computer Name = HANA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3989, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 7.3.2011 17:32:41 | Computer Name = HANA | Source = F-Secure Management Agent | ID = 103
Description = 1 2011-03-07 22:32:40+02:00 hana HANA\Ostravak F-Secure Management
Agent The incremental policy file (policy.ipf) was corrupted and a backup copy
of it was successfully taken into use. Some local settings or statistics may have
been lost.

Error - 7.3.2011 17:46:57 | Computer Name = HANA | Source = F-Secure Management Agent | ID = 103
Description = 1 2011-03-07 22:46:56+02:00 hana HANA\Ostravak F-Secure Management
Agent The incremental policy file (policy.ipf) was corrupted and a backup copy
of it was successfully taken into use. Some local settings or statistics may have
been lost.

Error - 8.3.2011 14:37:40 | Computer Name = HANA | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2011-03-08 19:37:39+02:00 hana HANA\Ostravak F-Secure Anti-Virus

Spyware detected: Type: adware Family: Name: Adware.Generic.147356 Object:
C:\System Volume Information\_restore{D67D004D-5BF5-4A64-974D-7B293C4D1C33}\RP445\A0457891.dll

Error - 8.3.2011 15:44:16 | Computer Name = HANA | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2011-03-08 20:42:35+02:00 hana HANA\Ostravak F-Secure Anti-Virus

An error occurred while scanning \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\JAVA\JRE6\BIN\CLIENT\JVM.DLL.

[ System Events ]
Error - 5.3.2011 3:51:44 | Computer Name = HANA | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 5.3.2011 3:51:45 | Computer Name = HANA | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 5.3.2011 3:51:46 | Computer Name = HANA | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 5.3.2011 3:51:48 | Computer Name = HANA | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 5.3.2011 3:51:50 | Computer Name = HANA | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 5.3.2011 3:51:51 | Computer Name = HANA | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 5.3.2011 3:51:52 | Computer Name = HANA | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 5.3.2011 3:51:54 | Computer Name = HANA | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 5.3.2011 3:51:55 | Computer Name = HANA | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 5.3.2011 3:51:57 | Computer Name = HANA | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

< End of report >

Spust program OTL
skopiruj do okna zeleny text a teraz klikni na gombik OPRAVIT
log po restarte vloz sem.

Kód: Vybrat vše

:OTL
SRV - [2009.10.27 10:27:00 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1935655697-839522115-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
IE - HKU\S-1-5-21-1935655697-839522115-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1935655697-839522115-725345543-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1935655697-839522115-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - HKLM\software\mozilla\Firefox\Extensions\\{872A1C39-DF0B-4c8b-AD84-12BA24A3B781}: C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\FFToolbar
FF - HKLM\software\mozilla\Firefox\Extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF
FF - HKLM\software\mozilla\Firefox\Extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files\Media Access Startup\1.5.6.910\FF
[2011.03.04 12:04:57 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\searchplugins\askcom.xml
[2010.01.20 11:19:10 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Ostravak\Data aplikací\Mozilla\Firefox\Profiles\6xxc0bow.default\searchplugins\conduit.xml
[2009.10.29 20:00:17 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\sukoku125.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
[2011.03.04 11:35:35 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z....Z..ZZ.Z
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:671329E4
:Files
ipconfig /flushdns /c
:Commands
[purity] 
[resethosts]
[emptytemp]
[clearallrestorepoints]
[EMPTYFLASH]
[start explorer]
[Reboot]

Error - 5.3.2011 3:51:57 | Computer Name = HANA | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

klik start>.spustit>>do okna napis prikaz cmd [enter]
Do cierneho okna napis prikaz chkdsk /f/r
[enter]
Suhlasis {Y}
Enter
Restartujes pocitac, a nechas aby chkdsk opravil pevný disk.

Potom napis ako je na tom pocitac.

Pořád to samé. Chvíli jede a potom se sekne.

Preco nerobis to co som napisal??

pust program OTL
skopiruj do okna zeleny text a teraz klikni na gombik OPRAVIT
log po restarte vloz sem...........................................

VIRY.CZ

Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC

Re: Pomalý internet a zamrzání PC