VIRY.CZ

Zdravím, netuším zda jde přímoo facebook virus,ale mám to podezření, jelikož se podivné věci začalydít právě po tom,co jsem na fb klikla na něčí video odkaz, následně se stejné video bez mého vědomí začalo rozesílat na zdi stránek skupin jejichž členem jsem byla. Skupiny jsem proto opustila, ale tím se nic neřeší. Krom toho se mi samovolně otvírají nové záložky v prohlížeči,kdy mě facebook aplikace žadají o povolení, i když nepovolím, následně je mám v používaných povolených aplikacích.
PC už jsem projela Avastem, Spyware Terminatorem, CCleaner a ješte nejakym Malewarem.. pouze spyware mi našel asi 5 infekcí byly to nejake cookies,které jsem odstranila..ostatní programy nenašly žádný vir.
Nějak moc by mi nevadilo odstranit profil na facebooku, ale stejně se tím nic nevyřeší. Navíc při otevírání odkazu mi stránka nabíhá dost pomalu (oproti dřívějšku).
Jsem naprostá antitechnička, takže žádám o radu..díky moc

posílám log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by xp at 2012-01-13 17:00:34
Microsoft Windows 7 Home Premium
System drive C: has 89 GB (47%) free of 192 GB
Total RAM: 1790 MB (45% free)


======Scheduled tasks folder======

C:\windows\tasks\Check Updates for Windows Live Toolbar.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files\McAfee\SiteAdvisor
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\Toolbar\firefox\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/SAFFPlugin]
"Description"=
"Path"=C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
wikipedia-cz.xml

C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\
centrumpomocnik@centrum.cz
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2012-01-03 1237240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-23 342192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll [2011-11-22 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-08-11 258120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
KMPlayer Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-11-17 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-08-11 258120]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]
{D4027C7F-154A-4066-A1AD-4243D8127440} - KMPlayer Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-11-17 1515688]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTor.dll [2011-05-09 176936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-23 342192]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2012-01-03 1237240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2009-08-10 13797920]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-24 7625248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-23 1537320]
"VeriFaceManager"=C:\Program Files\Lenovo\VeriFace\PManage.exe [2009-11-02 3122440]
"EnergyUtility"=C:\Program Files\Lenovo\Energy Management\utility.exe [2009-07-15 4081480]
"Energy Management"=C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2009-06-25 5064520]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-10-25 74752]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-11-17 901800]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SpywareTerminatorShield"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2012-01-10 2779824]
"SpywareTerminatorUpdater"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2012-01-10 3621040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-11-22 39408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Users\xp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-13 17:00:39 ----D---- C:\Program Files\trend micro
2012-01-13 17:00:33 ----D---- C:\rsit
2012-01-13 16:50:32 ----SHD---- C:\Config.Msi
2012-01-10 21:35:03 ----D---- C:\Users\xp\AppData\Roaming\Malwarebytes
2012-01-10 21:34:18 ----D---- C:\ProgramData\Malwarebytes
2012-01-10 18:59:03 ----D---- C:\Program Files\CCleaner
2012-01-10 18:00:42 ----D---- C:\Program Files\Crawler
2012-01-10 18:00:20 ----A---- C:\windows\system32\drivers\sp_rsdrv2.sys
2012-01-10 18:00:19 ----D---- C:\Users\xp\AppData\Roaming\Spyware Terminator
2012-01-10 18:00:19 ----D---- C:\ProgramData\Spyware Terminator
2012-01-10 17:42:42 ----D---- C:\Program Files\Spyware Terminator
2011-12-26 18:17:31 ----D---- C:\Program Files\Zoner
2011-12-26 17:40:53 ----D---- C:\uprav
2011-12-26 17:20:24 ----D---- C:\100_FUJI
2011-12-25 20:15:49 ----A---- C:\windows\IsUninst.exe
2011-12-25 19:58:21 ----D---- C:\Users\xp\AppData\Roaming\Zoner
2011-12-25 19:58:17 ----D---- C:\ProgramData\Zoner
2011-12-25 18:54:19 ----D---- C:\profil
2011-12-18 19:41:21 ----A---- C:\AtmApInit.txt
2011-12-17 10:11:08 ----D---- C:\škola

======List of files/folders modified in the last 1 month======

2012-01-13 17:00:52 ----D---- C:\windows\Temp
2012-01-13 17:00:50 ----D---- C:\windows\Prefetch
2012-01-13 17:00:39 ----RD---- C:\Program Files
2012-01-13 16:55:45 ----D---- C:\windows\system32\config
2012-01-13 16:52:00 ----SHD---- C:\windows\Installer
2012-01-13 16:50:05 ----D---- C:\windows\System32
2012-01-13 16:46:33 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-01-13 16:46:30 ----D---- C:\windows\inf
2012-01-13 16:38:43 ----D---- C:\ProgramData\VeriFace
2012-01-12 22:15:10 ----D---- C:\Users\xp\AppData\Roaming\Skype
2012-01-11 21:01:54 ----D---- C:\windows\system32\drivers
2012-01-11 09:40:22 ----D---- C:\windows\system32\catroot2
2012-01-11 09:39:25 ----D---- C:\Windows
2012-01-10 22:52:02 ----D---- C:\Program Files\The KMPlayer
2012-01-10 22:28:20 ----RD---- C:\Filmy
2012-01-10 21:34:18 ----HD---- C:\ProgramData
2012-01-10 19:01:43 ----D---- C:\Users\xp\AppData\Roaming\Winamp
2012-01-10 19:01:40 ----D---- C:\Users\xp\AppData\Roaming\uTorrent
2012-01-10 19:01:10 ----D---- C:\windows\Panther
2012-01-10 19:01:08 ----D---- C:\windows\Logs
2012-01-10 19:01:08 ----D---- C:\windows\debug
2012-01-09 22:31:37 ----SHD---- C:\System Volume Information
2012-01-07 16:13:19 ----D---- C:\GYMZL
2012-01-06 20:35:45 ----D---- C:\windows\system32\catroot
2012-01-06 20:35:43 ----D---- C:\windows\system32\DriverStore
2012-01-02 12:26:30 ----SD---- C:\Users\xp\AppData\Roaming\Microsoft
2011-12-31 12:56:52 ----D---- C:\Program Files\Mozilla Firefox
2011-12-28 18:07:45 ----D---- C:\FOTO
2011-12-17 14:59:05 ----D---- C:\ProgramData\Norton
2011-12-17 14:58:58 ----D---- C:\windows\system32\Tasks
2011-12-17 14:58:57 ----D---- C:\windows\Tasks
2011-12-17 14:58:57 ----D---- C:\ProgramData\Symantec
2011-12-17 14:58:27 ----D---- C:\Program Files\Winamp
2011-12-17 14:48:50 ----D---- C:\Program Files\Common Files\Symantec Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-05-31 260648]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2009-06-30 2505720]
R3 Cam5607;Lenovo EasyCamera ; C:\windows\System32\Drivers\BisonC07.sys [2009-07-29 1182320]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-07-24 2664032]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda32v.sys [2009-08-11 66080]
R3 nvsmu;nvsmu; C:\windows\system32\DRIVERS\nvsmu.sys [2009-07-17 17920]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-07-23 212912]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-08-06 128104]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-07-01 582944]
R2 DvmMDES;DeviceVM Meta Data Export Service; C:\QSTART.SYS\config\DVMExportService.exe [2009-07-08 323584]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2009-08-10 211488]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2012-01-10 482992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-22 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-22 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-11-22 182768]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]

-----------------EOF-----------------

jasně ja budu ráda za každou radu a pomoc, takže si klidně počkám:)

Proboha,to mi bude trvat tak týden...
btw nechala jsem pc projet spyware teerminatorem a zas to naslo jakousi 1 infekci....

mám lenovo s12 mininotebook..takže predpokladam že to ma jen 32 bit..jinak nevim kde to zjistit

po spusteni wincheck se v rportu neobjevilo vubec nic...takze nechapu co mam kopirovat

Xue tr v založce process žadny seznam není... nevím,co dělám blbě

nevim jestlimi ztoho zdhpiag melo vypadnout tohle...

Rapport de ZHPDiag v1.28.310 par Nicolas Coolman, Update du 11/01/2012
Run by xp at 13.1.2012 18:55:56
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Your version is update.


---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 9.0.1 v9.0.1 (Defaut)
GCIE: Google Chrome v16.0.912.75

---\\ Windows Product Information
~ Langage: Anglais
Windows 7 Home Premium Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1790 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 87 GB (46%) free of 188 GB

---\\ Logged in mode
~ Computer Name: XP-PC
~ User Name: xp
~ All Users Names: xp, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\xp\AppData\Roaming\
~ %Desktop% : C:\Users\xp\Desktop\
~ %Favorites% : C:\Users\xp\Favorites\
~ %LocalAppData% : C:\Users\xp\AppData\Local\
~ %StartMenu% : C:\Users\xp\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\windows\
~ %System% : C:\windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 87 Go of 188 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 29 Go of 30 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Scan Security Center in 00mn 00s



---\\ Search Generic System Files
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Průzkumník Windows.) (.14.7.2009 - 2:14:20.) -- C:\windows\Explorer.exe [2613248]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Hostitelský proces systému Windows (Rundll32).) (.14.7.2009 - 2:14:31.) -- C:\windows\system32\rundll32.exe [44544]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14.7.2009 - 2:14:45.) -- C:\windows\system32\Wininit.exe [96256]
[MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Internet Extensions for Win32.) (.14.7.2009 - 2:16:19.) -- C:\windows\system32\wininet.dll [977920]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Windows Logon Application.) (.14.7.2009 - 2:14:45.) -- C:\windows\system32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Knihovna licencování softwaru.) (.14.7.2009 - 2:16:15.) -- C:\windows\system32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14.7.2009 - 0:12:38.) -- C:\windows\system32\drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14.7.2009 - 2:26:15.) -- C:\windows\system32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14.7.2009 - 0:11:15.) -- C:\windows\system32\drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14.7.2009 - 0:11:26.) -- C:\windows\system32\drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14.7.2009 - 0:14:17.) -- C:\windows\system32\drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14.7.2009 - 0:50:56.) -- C:\windows\system32\drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14.7.2009 - 0:11:24.) -- C:\windows\system32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14.7.2009 - 0:54:29.) -- C:\windows\system32\drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14.7.2009 - 0:14:26.) -- C:\windows\system32\drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14.7.2009 - 0:12:21.) -- C:\windows\system32\drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - NT File System Driver.) (.14.7.2009 - 2:20:44.) -- C:\windows\system32\drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14.7.2009 - 0:45:35.) -- C:\windows\system32\drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14.7.2009 - 0:54:34.) -- C:\windows\system32\drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14.7.2009 - 0:53:41.) -- C:\windows\system32\drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14.7.2009 - 0:12:11.) -- C:\windows\system32\drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.14.7.2009 - 2:19:10.) -- C:\windows\system32\drivers\volsnap.sys [245328]
~ Scan Generic Processes in 00mn 01s



---\\ Hidden files state (Hidden/Total)
~ Mes musiques (My Musics) : 1879/7066
~ Mes Favoris (My Favorites) : 2/12
~ Mes Documents (My Documents) : 9/13
~ Mon Bureau (My Desktop) : 1/1034
~ Menu demarrer (Programs) : 6/30
~ Scan Hidden Files in 00mn 36s



---\\ Running Processes
[MD5.36916E254D0843603D65485FA45B3D87] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248] [PID.2032]
[MD5.954C14C065024E115A05F0A5E6CCCEBD] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320] [PID.112]
[MD5.078A495CA11D9F93E850A0694536BF16] - (.Lenovo - VeriFace Tray Icon Manager.) -- C:\Program Files\Lenovo\VeriFace\PManage.exe [3122440] [PID.336]
[MD5.E1F4FAA43B9338F9DF0D33AD2259A6F5] - (.Lenovo(beijing) Limited - Lenovo Battery Management Software Ver3.0.) -- C:\Program Files\Lenovo\Energy Management\utility.exe [4081480] [PID.824]
[MD5.2E98F9CEAE2E002E9E31B84DCA0B07B9] - (.Lenovo (Beijing) Limited - Lenovo Energy Management Software.) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064520] [PID.1048]
[MD5.E2B4488830B9F047930BB5FE0E4FD71B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3722416] [PID.1172]
[MD5.3B798C97A8FA230545EEA44A26052947] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.2092]
[MD5.B3B494C7392026E7F2177C26FB7DB2FF] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [482992] [PID.]
[MD5.29540385606F9338E5D75AB160BF1B36] - (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files\Winamp\winampa.exe [74752] [PID.1788]
[MD5.71200E7924D30860F032C7BE3EDDCB3B] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [901800] [PID.368]
[MD5.3A9B7BC69554824F4C163A2C381CC2F6] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2779824] [PID.2452]
[MD5.8FA3B3964C41EC2F0960DAE9289250E6] - (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3621040] [PID.4052]
[MD5.73165EE830627D2B974124F57209F98F] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [795936] [PID.3832]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [11322880] [PID.3552]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [11314688] [PID.3596]
[MD5.11CCA710674739E3DB8F7450A5B650B6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.4620]
[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\windows\system32\wuauclt.exe [47104] [PID.5952]
[MD5.B8E421C0890356CD4A793D8A346D9096] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712] [PID.5764]
[MD5.0619C9E7A3682C54BD226A831897CD06] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.6132]
[MD5.3270CB86F79B3E23720BAFC2E48BE3BE] - (.OldTimer Tools - No comment.) -- C:\Users\xp\Downloads\OTL.exe [584192] [PID.1208]
[MD5.677AA6F796F95633E9D06613D79A8999] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.4276]
~ Scan Processes Running in 00mn 07s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\xp\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G2 - GCE: Preference [User Data\Default] [aaaaoggiphohkihibdkcnhnokmkfmhnj] Pandora tv Toolbar v.7.13.2.0 (Activé)
G2 - GCE: Preference [User Data\Default] [bejbohlohkkgompgecdcbbglkpjfjgdj] uTorrentBar v.2.3.0.15 (Activé)
G2 - GCE: Preference [User Data\Default] [fheoggkfdfchfphceeifdbepaooicaho] SiteAdvisor v.3.40.135.1 (Activé)
G2 - GCE: Preference [User Data\Default] [icmlaeflemplmjndnaapfdbbnpncnbda] avast! WebRep v.6.0.1289 (Activé)
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\prefs.js
M3 - MFPP: Plugins - [xp] -- C:\Program Files\Mozilla FireFox\searchplugins\crawlersrch.xml
M3 - MFPP: Plugins - [xp] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [xp] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-cz.xml
M0 - MFSP: prefs.js [xp - unm5xtbq.default] http://www.seznam.cz
M2 - MFEP: prefs.js [xp - unm5xtbq.default\centrumpomocnik@centrum.cz] [] Centrum doménový pomocník v1.1 (.Centrum Holdings s.r.o..)
M2 - MFEP: prefs.js [xp - unm5xtbq.default\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] [] uTorrentBar Community Toolbar v3.9.0.3 (.Conduit Ltd..)
M2 - MFEP: prefs.js [xp - unm5xtbq.default\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}] [] Centrum.cz nastavenĂ­ v1.0.2 (.CLEEVIO s.r.o. + Centrum holdings s.r.o..)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.6.3.633.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@mcafee.com/SAFFPlugin] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files\uTorrentBar\prxtbuTor.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internetový prohlížeč.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) (3,4,0,135) -- C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files\uTorrentBar\prxtbuTor.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} . (.Crawler.com - Crawler Toolbar Browser Object.) -- C:\Program Files\Crawler\Toolbar\ctbr.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} . (.Microsoft Corporation - Windows Live Toolbar for Internet Explorer.) -- C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll
~ Scan BHO in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} . (.Microsoft Corporation - Windows Live Toolbar for Internet Explorer.) -- C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} . (.Crawler.com - Crawler Toolbar Browser Object.) -- C:\Program Files\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
~ Scan Toolbar in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\System32\nvcpl.dll
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VeriFaceManager] . (.Lenovo - VeriFace Tray Icon Manager.) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Battery Management Software Ver3.0.) -- C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] . (.Lenovo (Beijing) Limited - Lenovo Energy Management Software.) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [WinampAgent] . (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2916264042-1160319529-460798846-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 01s



---\\ Other User Links (O4)
O4 - Global Startup: C:\Users\xp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\xp\Desktop\AdobeAIRInstaller – zástupce (2).lnk . (.Adobe Systems Inc..) -- C:\Program Files\AdobeAIRInstaller.exe
O4 - Global Startup: C:\Users\xp\Desktop\AdobeAIRInstaller – zástupce.lnk . (.Adobe Systems Inc..) -- C:\Program Files\AdobeAIRInstaller.exe
O4 - Global Startup: C:\Users\xp\Desktop\Downloads.lnk . (...) -- C:\Users\xp\Downloads
O4 - Global Startup: C:\Users\xp\Desktop\Enter-the-Void(0000166735).srt – zástupce.lnk . (...) -- C:\Filmy\Enter-the-Void(0000166735).srt (.not file.)
O4 - Global Startup: C:\Users\xp\Desktop\KMPlayer.lnk . (.Pandora.TV.) -- C:\Program Files\The KMPlayer\KMPlayer.exe
O4 - Global Startup: C:\Users\xp\Desktop\OneKey Recovery.lnk . (.CyberLink.) -- C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe
O4 - Global Startup: C:\Users\xp\Desktop\OOo_3.3.0_Win_x86_install_cs – zástupce.lnk . (...) -- C:\Program Files\OOo_3.3.0_Win_x86_install_cs.exe
O4 - Global Startup: C:\Users\xp\Desktop\PDFCreator – zástupce.lnk . (.pdfforge http://www.pdfforge.org/.) -- C:\Users\xp\Downloads\PDFCreator.exe
O4 - Global Startup: C:\Users\xp\Desktop\Super Mp3 Recorder Professional.lnk . (...) -- C:\Program Files\Admiresoft\Super Mp3 Recorder Professional\smrpro.exe
O4 - Global Startup: C:\Users\xp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk . (.Google Inc..) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\xp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\xp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk . (.Nullsoft, Inc..) -- C:\Program Files\Winamp\winamp.exe
O4 - Global Startup: C:\Users\xp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 13 FREE.lnk . (.ZONER software.) -- C:\Program Files\Zoner\Photo Studio 13\Program32\Zps.exe
~ Scan Global Startup in 00mn 01s



---\\ IE Options icon not visible in Control Panel (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s



---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: &Windows Live Search . (.Microsoft Corporation - Windows Live Toolbar for Internet Explorer.) -- c:\Program Files\Windows Live Toolbar\msntb.dll
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... . (...) -- C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... . (...) -- C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} . (.Unknown owner - EtnXP Module.) -- C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} . (.Unknown owner - EtnXP Module.) -- C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Internetový překladač... - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\Lenovo\Bluetooth Software\bt_hot_icon.ico
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Poskytovatel služeb Microsoft Windows Sockets 2.0.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\System32\NapiNSP.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\System32\wshbth.dll
~ Scan Winsock in 00mn 00s



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
~ Scan Objets ActiveX in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F1D5242-5211-45E3-AF62-548102BBA985}: DhcpNameServer = 10.0.2.254 10.0.3.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F1D5242-5211-45E3-AF62-548102BBA985}: DhcpNameServer = 10.0.2.254 10.0.3.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F1D5242-5211-45E3-AF62-548102BBA985}: DhcpNameServer = 10.0.2.254 10.0.3.1
~ Scan Domain in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} . (.Microsoft Corporation - Microsoft Office Web Components 2003.) -- C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
O18 - Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} . (.Crawler.com - Crawler Toolbar Browser Object.) -- C:\Program Files\Crawler\Toolbar\ctbr.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Scan Protocole Additionnel in 00mn 01s



---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s



---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) . (.Google Inc. - Instalační program Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) . (.McAfee, Inc. - SiteAdvisor.) - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 186.6.) - C:\Windows\System32\nvvsvc.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield (ST2012_Svc) . (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) - C:\Program Files\Spyware Terminator\st_rsser.exe
~ Scan Services in 00mn 02s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ Scan Keys in 00mn 00s



---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.14426438EDA546F331650854F4CD63A8] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe
~ Scan Scheduled Task in 00mn 34s



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\windows\system32\wmp.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s



---\\ Drivers launched at startup (O41)
O41 - Driver: C:\windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: C:\windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\windows\system32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\windows\system32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Plánovač paketů technologie QoS.) - C:\windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\windows\system32\drivers\rdprefmp.sys
O41 - Driver: (sp_rsdrv2) . (...) - C:\windows\system32\drivers\sp_rsdrv2.sys
O41 - Driver: C:\windows\system32\tcpipcfg.dll (Tcpip) . (.Microsoft Corporation - TCP/IP Driver.) - C:\windows\system32\drivers\tcpip.sys
O41 - Driver: C:\windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\windows\system32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 05s



---\\ Software installed (O42)
O42 - Logiciel: 2007 Microsoft Office system - (.Microsoft Corporation.) [HKLM] -- PROHYBRIDR
O42 - Logiciel: Activation Assistant for the 2007 Microsoft Office suites - (.Microsoft Corporation.) [HKLM] -- Activation Assistant for the 2007 Microsoft Office suites
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- {FE23D063-934D-4829-A0D8-00634CE79B4A}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader X (10.1.2) - Czech - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1029-7B44-AA1000000001}
O42 - Logiciel: Adobe Shockwave Player 11.6 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE}
O42 - Logiciel: Broadcom Gigabit Integrated Controller - (.Broadcom Corporation.) [HKLM] -- {49F3D04B-B849-4C89-AB31-2366A004EA28}
O42 - Logiciel: Broadcom WLAN - (.Unknown owner.) [HKLM] -- {8991E763-21F5-4DEA-A938-5D9D77DCB488}
O42 - Logiciel: Business Contact Manager pro aplikaci Outlook 2007 SP1 - (.Microsoft Corporation.) [HKLM] -- Business Contact Manager
O42 - Logiciel: Business Contact Manager pro aplikaci Outlook 2007 SP1 - (.Microsoft Corporation.) [HKLM] -- {432282b5-d708-431a-9ada-abbbbac3f205}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Energy Management - (.Lenovo.) [HKLM] -- {AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Last.fm 1.5.4.27091 - (.Last.fm.) [HKLM] -- LastFM_is1
O42 - Logiciel: Lenovo Bluetooth with Enhanced Data Rate Software - (.Broadcom Corporation.) [HKLM] -- {9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
O42 - Logiciel: Lenovo EasyCamera - (.Lenovo EasyCamera.) [HKLM] -- {4BB1DCED-84D3-47F9-B718-5947E904593E}
O42 - Logiciel: Lenovo OneKey Recovery - (.CyberLink Corp..) [HKLM] -- InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}
O42 - Logiciel: Lenovo OneKey Recovery - (.CyberLink Corp..) [HKLM] -- {46F4D124-20E5-4D12-BE52-EC177A7A4B42}
O42 - Logiciel: Lenovo Quick Start - (.DeviceVM, Inc..) [HKLM] -- {357B11ED-5417-4CF3-8EB2-386299BC30E0}
O42 - Logiciel: McAfee SiteAdvisor - (.McAfee, Inc..) [HKLM] -- {35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}
O42 - Logiciel: Microsoft Office 2003 Web Components - (.Microsoft Corporation.) [HKLM] -- {90A40405-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft Office 2007 Primary Interop Assemblies - (.Microsoft Corporation.) [HKLM] -- {50120000-1105-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Access MUI (Czech) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0405-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (Czech) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0405-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (Czech) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0405-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (Czech) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0405-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Hybrid 2007 - (.Microsoft Corporation.) [HKLM] -- {91120000-0031-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Czech) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0405-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Slovak) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-041B-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (Czech) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0405-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Publisher MUI (Czech) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0405-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (Czech) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0405-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (Czech) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0405-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 - (.Microsoft Corporation.) [HKLM] -- Microsoft SQL Server 2005
O42 - Logiciel: Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) - (.Microsoft Corporation.) [HKLM] -- {2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
O42 - Logiciel: Microsoft SQL Server Native Client - (.Microsoft Corporation.) [HKLM] -- {BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
O42 - Logiciel: Microsoft SQL Server Setup Support Files (English) - (.Microsoft Corporation.) [HKLM] -- {53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
O42 - Logiciel: Microsoft SQL Server VSS Writer - (.Microsoft Corporation.) [HKLM] -- {56B4002F-671C-49F4-984C-C760FE3806B5}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Mozilla Firefox 9.0.1 (x86 cs) - (.Mozilla.) [HKLM] -- Mozilla Firefox 9.0.1 (x86 cs)
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: OpenOffice.org 3.3 - (.OpenOffice.org.) [HKLM] -- {D5B94160-4A07-4956-9C73-8C5EEFEF180F}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM] -- {DC24971E-1946-445D-8A82-CE685433FA7D}
O42 - Logiciel: Skype™ 5.5 - (.Skype Technologies S.A..) [HKLM] -- {AA59DDE4-B672-4621-A016-4C248204957A}
O42 - Logiciel: Slovník Verdict Free (a internetový překladač) - (.Unknown owner.) [HKCU] -- Verdict Free
O42 - Logiciel: Součásti připojení sady Microsoft Office Small Business - (.Microsoft Corporation.) [HKLM] -- {A939D341-5A04-4E0A-BB55-3E65B386432D}
O42 - Logiciel: Spyware Terminator 2012 - (.Crawler.com.) [HKLM] -- {56736259-613E-4A3B-B428-6235F2E76F44}_is1
O42 - Logiciel: Super Mp3 Recorder Professional v6.2 - (.AdmireSoft Co., Ltd..) [HKLM] -- Super Mp3 Recorder Professional_is1
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: The KMPlayer (remove only) - (.Unknown owner.) [HKLM] -- The KMPlayer
O42 - Logiciel: Update for Office 2007 (KB934528) - (.Unknown owner.) [HKLM] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}
O42 - Logiciel: Update for Office System 2007 Setup (KB929722) - (.Unknown owner.) [HKLM] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}
O42 - Logiciel: VeriFace - (.Lenovo.) [HKLM] -- VeriFace
O42 - Logiciel: Web Security Guard with Crawler Toolbar - (.Crawler, LLC.) [HKLM] -- CToolbar_UNINSTALL
O42 - Logiciel: WinRAR 4.01 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp
O42 - Logiciel: Winamp Detector Plug-in - (.Nullsoft, Inc.) [HKCU] -- Winamp Detect
O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] -- Windows Live Toolbar
O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] -- {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
O42 - Logiciel: Zoner Photo Studio 13 FREE - (.ZONER software.) [HKLM] -- ZonerPhotoStudio13_EN_is1
O42 - Logiciel: avast! Free Antivirus - (.AVAST Software.) [HKLM] -- avast
O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726}
O42 - Logiciel: uTorrentBar Toolbar - (.uTorrentBar.) [HKLM] -- uTorrentBar Toolbar
O42 - Logiciel: µTorrent - (.Unknown owner.) [HKLM] -- uTorrent

---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\AskToolbar]
[HKCU\Software\AppDataLow\Software\Conduit]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\uTorrentBar]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\AppDataLow]
[HKCU\Software\Applications]
[HKCU\Software\Ask.com]
[HKCU\Software\Avast Software]
[HKCU\Software\BitTorrent]
[HKCU\Software\CDDB]
[HKCU\Software\CToolbar]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\GRETECH]
[HKCU\Software\Google]
[HKCU\Software\Guy]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\KMPlayer]
[HKCU\Software\Last.fm]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Microton]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\PDFCreator]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\Skype]
[HKCU\Software\Spyware Terminator]
[HKCU\Software\Synaptics]
[HKCU\Software\Trolltech]
[HKCU\Software\Widcomm]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Winamp]
[HKCU\Software\ZONER]
[HKCU\Software\pidgin]
[HKLM\Software\APN]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Adobe]
[HKLM\Software\America Online]
[HKLM\Software\AppDataLow]
[HKLM\Software\AskToolbar]
[HKLM\Software\BisonCam]
[HKLM\Software\Broadcom WLAN]
[HKLM\Software\CDDB]
[HKLM\Software\CToolbar]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conduit]
[HKLM\Software\CyberLink]
[HKLM\Software\DeviceVM]
[HKLM\Software\GRETECH]
[HKLM\Software\Google]
[HKLM\Software\Guy]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\KMPlayer]
[HKLM\Software\Last.fm]
[HKLM\Software\Lenovo EasyCamera]
[HKLM\Software\Lenovo]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfee]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nullsoft]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\SiteAdvisor]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\Spyware Terminator]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\Waves Audio]
[HKLM\Software\WebCam]
[HKLM\Software\Widcomm]
[HKLM\Software\WinRAR]
[HKLM\Software\ZONER]
[HKLM\Software\mozilla.org]
[HKLM\Software\uTorrentBar]
~ Scan Softwares in 00mn 01s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 2.11.2009 - 16:39:08 - [12,096] ----D- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
O43 - CFD: 7.12.2011 - 17:05:30 - [9,555] ----D- C:\Program Files\Admiresoft
O43 - CFD: 27.11.2011 - 23:08:10 - [113,104] ----D- C:\Program Files\Adobe
O43 - CFD: 22.11.2011 - 17:27:14 - [2,827] ----D- C:\Program Files\Ask.com
O43 - CFD: 22.11.2011 - 15:57:44 - [245,292] ----D- C:\Program Files\AVAST Software
O43 - CFD: 2.11.2009 - 16:26:02 - [0,540] ----D- C:\Program Files\BisonCam
O43 - CFD: 2.11.2009 - 16:19:04 - [1,053] ----D- C:\Program Files\Broadcom
O43 - CFD: 2.11.2009 - 16:22:20 - [14,210] ----D- C:\Program Files\Broadcom 11g
O43 - CFD: 10.1.2012 - 18:59:14 - [4,137] ----D- C:\Program Files\CCleaner
O43 - CFD: 8.12.2011 - 17:19:22 - [353,650] ----D- C:\Program Files\Common Files
O43 - CFD: 23.11.2011 - 16:38:28 - [0,609] ----D- C:\Program Files\Conduit
O43 - CFD: 10.1.2012 - 18:01:04 - [16,547] ----D- C:\Program Files\Crawler
O43 - CFD: 2.11.2009 - 16:49:42 - [206,168] ----D- C:\Program Files\Downloaded Installations
O43 - CFD: 26.11.2011 - 13:21:02 - [79,364] ----D- C:\Program Files\DVD Maker
O43 - CFD: 22.11.2011 - 17:00:44 - [265,388] ----D- C:\Program Files\Google
O43 - CFD: 26.11.2011 - 14:08:24 - [0] ----D- C:\Program Files\GRETECH
O43 - CFD: 2.11.2009 - 16:53:32 - [33,179] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 29.11.2011 - 14:21:56 - [4,277] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 24.11.2011 - 16:57:04 - [18,066] ----D- C:\Program Files\Last.fm
O43 - CFD: 2.11.2009 - 16:53:32 - [682,705] ----D- C:\Program Files\Lenovo
O43 - CFD: 22.11.2011 - 16:19:00 - [0,085] ----D- C:\Program Files\licenses
O43 - CFD: 4.12.2011 - 10:55:16 - [9,713] ----D- C:\Program Files\McAfee
O43 - CFD: 29.7.2009 - 11:50:56 - [140,920] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 2.11.2009 - 16:37:14 - [487,035] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 2.11.2009 - 16:37:50 - [30,855] ----D- C:\Program Files\Microsoft Small Business
O43 - CFD: 2.11.2009 - 16:34:50 - [188,642] ----D- C:\Program Files\Microsoft SQL Server
O43 - CFD: 2.11.2009 - 16:29:54 - [0,014] ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 2.11.2009 - 16:30:08 - [3,032] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 2.11.2009 - 16:34:52 - [8,768] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 31.12.2011 - 12:56:54 - [36,536] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 14.7.2009 - 5:52:32 - [0,025] ----D- C:\Program Files\MSBuild
O43 - CFD: 22.11.2011 - 16:28:04 - [328,088] ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD: 14.7.2009 - 3:37:06 - [0] ----D- C:\Program Files\PerfLogs
O43 - CFD: 22.11.2011 - 17:08:36 - [0,001] ----D- C:\Program Files\Pidgin
O43 - CFD: 22.11.2011 - 16:19:00 - [0,027] ----D- C:\Program Files\readmes
O43 - CFD: 2.11.2009 - 16:16:32 - [133,812] ----D- C:\Program Files\Realtek
O43 - CFD: 22.11.2011 - 16:19:00 - [9,261] ----D- C:\Program Files\redist
O43 - CFD: 14.7.2009 - 5:52:32 - [36,686] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 23.11.2011 - 15:43:44 - [16,555] R---D- C:\Program Files\Skype
O43 - CFD: 10.1.2012 - 18:01:32 - [18,486] ----D- C:\Program Files\Spyware Terminator
O43 - CFD: 2.11.2009 - 16:20:28 - [25,475] ----D- C:\Program Files\Synaptics
O43 - CFD: 2.11.2009 - 16:17:24 - [0] --H-D- C:\Program Files\Temp
O43 - CFD: 10.1.2012 - 22:52:04 - [58,607] ----D- C:\Program Files\The KMPlayer
O43 - CFD: 13.1.2012 - 17:00:44 - [0,741] ----D- C:\Program Files\trend micro
O43 - CFD: 14.7.2009 - 5:53:24 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 23.11.2011 - 16:32:26 - [0,381] ----D- C:\Program Files\uTorrent
O43 - CFD: 23.11.2011 - 16:32:18 - [4,769] ----D- C:\Program Files\uTorrentBar
O43 - CFD: 22.11.2011 - 9:56:54 - [5,148] ----D- C:\Program Files\Verdict Free
O43 - CFD: 17.12.2011 - 14:58:28 - [59,327] ----D- C:\Program Files\Winamp
O43 - CFD: 22.11.2011 - 9:55:44 - [0,148] ----D- C:\Program Files\Winamp Detect
O43 - CFD: 26.11.2011 - 13:21:00 - [2,893] ----D- C:\Program Files\Windows Defender
O43 - CFD: 26.11.2011 - 13:21:00 - [6,681] ----D- C:\Program Files\Windows Journal
O43 - CFD: 2.11.2009 - 16:51:40 - [8,876] ----D- C:\Program Files\Windows Live Toolbar
O43 - CFD: 29.11.2011 - 14:22:08 - [5,843] ----D- C:\Program Files\Windows Mail
O43 - CFD: 29.11.2011 - 14:22:04 - [6,685] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 13.11.2011 - 19:21:04 - [11,627] ----D- C:\Program Files\Windows NT
O43 - CFD: 26.11.2011 - 13:21:02 - [4,209] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14.7.2009 - 5:52:34 - [0,181] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 26.11.2011 - 13:21:02 - [6,513] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 24.11.2011 - 16:47:46 - [3,724] ----D- C:\Program Files\WinRAR
O43 - CFD: 13.1.2012 - 18:57:16 - [10,093] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 26.12.2011 - 18:17:32 - [107,514] ----D- C:\Program Files\Zoner
O43 - CFD: 27.11.2011 - 23:08:58 - [3,650] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 27.11.2011 - 12:17:14 - [37,554] ----D- C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 2.11.2009 - 16:29:54 - [0,089] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2.11.2009 - 16:16:24 - [1,943] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 3.12.2011 - 13:16:20 - [0,784] ----D- C:\Program Files\Common Files\McAfee
O43 - CFD: 22.11.2011 - 16:23:44 - [224,081] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 22.11.2011 - 9:54:26 - [4,559] ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 14.7.2009 - 3:37:06 - [0,003] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14.7.2009 - 3:37:06 - [39,200] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 17.12.2011 - 14:48:52 - [0] ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD: 29.11.2011 - 14:22:18 - [41,788] ----D- C:\Program Files\Common Files\System
O43 - CFD: 27.11.2011 - 23:17:24 - [152,799] ----D- C:\ProgramData\Adobe
O43 - CFD: 14.7.2009 - 5:53:56 - [0] -SH-D- C:\ProgramData\Application Data

O43 - CFD: 22.11.2011 - 15:57:44 - [16,657] ----D- C:\ProgramData\AVAST Software
O43 - CFD: 13.11.2011 - 19:21:04 - [0] -SH-D- C:\ProgramData\Data aplikací
O43 - CFD: 14.7.2009 - 5:53:56 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14.7.2009 - 5:53:56 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 13.11.2011 - 19:21:04 - [0] -SH-D- C:\ProgramData\Dokumenty
O43 - CFD: 14.7.2009 - 5:53:56 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 22.11.2011 - 17:01:12 - [0,514] ----D- C:\ProgramData\Google
O43 - CFD: 24.11.2011 - 16:58:24 - [1,308] ----D- C:\ProgramData\Last.fm
O43 - CFD: 10.1.2012 - 21:34:20 - [0,014] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 4.12.2011 - 10:55:16 - [0,294] ----D- C:\ProgramData\McAfee
O43 - CFD: 21.11.2011 - 14:44:30 - [147,555] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 2.11.2009 - 16:32:34 - [0,057] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 13.11.2011 - 19:21:04 - [0] -SH-D- C:\ProgramData\Nabídka Start
O43 - CFD: 17.12.2011 - 14:59:06 - [0,000] ----D- C:\ProgramData\Norton
O43 - CFD: 22.11.2011 - 17:15:22 - [0,671] ----D- C:\ProgramData\NortonInstaller
O43 - CFD: 2.11.2009 - 16:18:44 - [0,230] ----D- C:\ProgramData\NVIDIA
O43 - CFD: 13.11.2011 - 19:21:04 - [0] -SH-D- C:\ProgramData\Oblíbené položky
O43 - CFD: 13.11.2011 - 19:21:04 - [0] -SH-D- C:\ProgramData\Plocha
O43 - CFD: 2.11.2009 - 16:48:56 - [0,000] ----D- C:\ProgramData\SiteAdvisor
O43 - CFD: 21.11.2011 - 16:18:08 - [17,984] ----D- C:\ProgramData\Skype
O43 - CFD: 13.1.2012 - 16:41:00 - [31,285] ----D- C:\ProgramData\Spyware Terminator
O43 - CFD: 14.7.2009 - 5:53:56 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 17.12.2011 - 14:58:58 - [0] ----D- C:\ProgramData\Symantec
O43 - CFD: 2.11.2009 - 16:52:12 - [0,035] ----D- C:\ProgramData\Temp
O43 - CFD: 14.7.2009 - 5:53:56 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 13.1.2012 - 16:38:44 - [0,001] ----D- C:\ProgramData\VeriFace
O43 - CFD: 25.12.2011 - 19:58:18 - [0,009] ----D- C:\ProgramData\Zoner
O43 - CFD: 2.11.2009 - 16:39:08 - [6,585] ----D- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
O43 - CFD: 13.11.2011 - 19:21:04 - [0] -SH-D- C:\ProgramData\Šablony
O43 - CFD: 27.11.2011 - 23:10:06 - [1,546] ----D- C:\Users\xp\AppData\Roaming\Adobe
O43 - CFD: 22.11.2011 - 18:18:48 - [0] ----D- C:\Users\xp\AppData\Roaming\Google
O43 - CFD: 13.11.2011 - 19:21:48 - [0] ----D- C:\Users\xp\AppData\Roaming\Identities
O43 - CFD: 13.11.2011 - 19:40:56 - [0,057] ----D- C:\Users\xp\AppData\Roaming\Macromedia
O43 - CFD: 10.1.2012 - 21:35:04 - [0,002] ----D- C:\Users\xp\AppData\Roaming\Malwarebytes
O43 - CFD: 29.7.2009 - 11:50:56 - [0] ----D- C:\Users\xp\AppData\Roaming\Media Center Programs
O43 - CFD: 2.1.2012 - 12:26:32 - [4,486] -S--D- C:\Users\xp\AppData\Roaming\Microsoft
O43 - CFD: 23.11.2011 - 16:01:10 - [46,320] ----D- C:\Users\xp\AppData\Roaming\Mozilla
O43 - CFD: 22.11.2011 - 16:37:24 - [1,495] ----D- C:\Users\xp\AppData\Roaming\OpenOffice.org
O43 - CFD: 12.1.2012 - 22:15:12 - [6,931] ----D- C:\Users\xp\AppData\Roaming\Skype
O43 - CFD: 10.1.2012 - 18:00:20 - [0] ----D- C:\Users\xp\AppData\Roaming\Spyware Terminator
O43 - CFD: 10.1.2012 - 19:01:42 - [2,343] ----D- C:\Users\xp\AppData\Roaming\uTorrent
O43 - CFD: 10.1.2012 - 19:01:44 - [0,619] ----D- C:\Users\xp\AppData\Roaming\Winamp
O43 - CFD: 24.11.2011 - 16:49:08 - [0,000] ----D- C:\Users\xp\AppData\Roaming\WinRAR
O43 - CFD: 26.12.2011 - 18:19:08 - [0,021] ----D- C:\Users\xp\AppData\Roaming\Zoner
O43 - CFD: 27.11.2011 - 23:10:06 - [14,341] ----D- C:\Users\xp\AppData\Local\Adobe
O43 - CFD: 22.11.2011 - 17:23:52 - [0,154] ----D- C:\Users\xp\AppData\Local\APN
O43 - CFD: 13.11.2011 - 19:23:18 - [0] ----D- C:\Users\xp\AppData\Local\Broadcom
O43 - CFD: 23.11.2011 - 16:32:10 - [0,063] ----D- C:\Users\xp\AppData\Local\Conduit
O43 - CFD: 13.11.2011 - 19:21:20 - [0] -SH-D- C:\Users\xp\AppData\Local\Data aplikací
O43 - CFD: 24.12.2011 - 11:57:22 - [0] ----D- C:\Users\xp\AppData\Local\ElevatedDiagnostics
O43 - CFD: 22.11.2011 - 17:59:16 - [13,346] ----D- C:\Users\xp\AppData\Local\Google
O43 - CFD: 13.11.2011 - 19:21:20 - [0] -SH-D- C:\Users\xp\AppData\Local\History
O43 - CFD: 7.1.2012 - 13:44:56 - [0,196] ----D- C:\Users\xp\AppData\Local\Last.fm
O43 - CFD: 27.11.2011 - 23:10:06 - [97,595] ----D- C:\Users\xp\AppData\Local\Microsoft
O43 - CFD: 23.11.2011 - 16:01:04 - [986,467] ----D- C:\Users\xp\AppData\Local\Mozilla
O43 - CFD: 13.1.2012 - 18:58:30 - [0,473] ----D- C:\Users\xp\AppData\Local\Temp
O43 - CFD: 13.11.2011 - 19:21:20 - [0] -SH-D- C:\Users\xp\AppData\Local\Temporary Internet Files
O43 - CFD: 13.11.2011 - 19:22:14 - [0] ----D- C:\Users\xp\AppData\Local\VirtualStore
O43 - CFD: 26.12.2011 - 18:18:24 - [68,202] ----D- C:\Users\xp\AppData\Local\Zoner
~ Scan Program Folder in 01mn 01s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11.1.2012 - 9:39:25 ---A- . (...) -- C:\windows\setuperr.log [0]
O44 - LFC:[MD5.A53A317D9E178ECC58A8D1833519BABE] - 13.1.2012 - 16:38:15 -S-A- . (...) -- C:\windows\bootstat.dat [67584]
O44 - LFC:[MD5.FD7E6F9DCCD7FEEBDD6E8D3F14AD24F8] - 13.1.2012 - 16:38:18 ---A- . (...) -- C:\windows\setupact.log [392]
O44 - LFC:[MD5.D031D44D62B800AC4D9D600C459968EA] - 13.1.2012 - 16:38:49 ---A- . (...) -- C:\AtmApInit.txt [89]
O44 - LFC:[MD5.554FBB8955326696FB963176217307A8] - 13.1.2012 - 16:46:33 ---A- . (...) -- C:\windows\system32\PerfStringBackup.INI [1585432]
O44 - LFC:[MD5.7B163B8E38819EFEF1DF74F8BA14A79D] - 13.1.2012 - 16:46:33 ---A- . (...) -- C:\windows\system32\perfc005.dat [137522]
O44 - LFC:[MD5.569874698195F8EC0FBA5492D4B45D11] - 13.1.2012 - 16:46:33 ---A- . (...) -- C:\windows\system32\perfc009.dat [121934]
O44 - LFC:[MD5.CEAD647B46D54572B5A67D338E7ED74B] - 13.1.2012 - 16:46:33 ---A- . (...) -- C:\windows\system32\perfh005.dat [672622]
O44 - LFC:[MD5.3DF97645661BEBC16FBDCBC3F2B50032] - 13.1.2012 - 16:46:33 ---A- . (...) -- C:\windows\system32\perfh009.dat [656802]
O44 - LFC:[MD5.D64D134B97F3E793D49C893B99223ACB] - 13.1.2012 - 16:47:13 ---A- . (...) -- C:\windows\WindowsUpdate.log [1839002]
O44 - LFC:[MD5.8CAE32DC20F95178926FE452F101DA2E] - 13.1.2012 - 18:50:27 --H-- . (...) -- C:\dvmexp.idx [177]
O44 - LFC:[MD5.7B426B8E809EDF081D771EF429345528] - 21.6.2011 - 11:24:06 ---A- . (...) -- C:\windows\system32\drivers\sp_rsdrv2.sys [32768]
O44 - LFC:[MD5.1CB7DA79902F61D6EDB3E33C3AE628C5] - 8.1.2012 - 22:23:58 ---A- . (...) -- C:\maturita_topics_-_profilova_-_komplet.doc [81920]
O44 - LFC:[MD5.515E4684008E955DE0C81E6A7AEA1C2A] - 25.12.2011 - 20:15:49 ---A- . (.InstallShield Software Corporation - InstallShield® unInstaller.) -- C:\windows\IsUninst.exe [306688]
~ Scan Files in 00mn 23s



---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Windows Security Configuration Editor Client Engine.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ Scan Keys in 00mn 01s



---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Serial Mouse Filter Driver.) -- C:\windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Serial Mouse Filter Driver.) -- C:\windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 03s



---\\ MountPoints2 Shell Key (MPKS) (O51) (None)

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ Scan Keys in 00mn 03s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53) (None)

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.87114EFEDEB94AF49323CA61F344716D] - 2.11.2009 - 14:43:08 ---A- . (.Lenovo Corporation - ACPI Virtual Power Controller Driver.) -- C:\windows\system32\drivers\AcpiVpc.sys [21520]
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 10.6.2009 - 2:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\windows\system32\drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 13.7.2009 - 2:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\windows\system32\drivers\adpahci.sys [297552]
O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 13.7.2009 - 2:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\windows\system32\drivers\adpu320.sys [146512]
O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14.7.2009 - 2:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\windows\system32\drivers\aliide.sys [14400]
O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 10.6.2009 - 2:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\windows\system32\drivers\amdsata.sys [79952]
O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 10.6.2009 - 2:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\windows\system32\drivers\amdsbs.sys [159312]
O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 13.7.2009 - 2:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\windows\system32\drivers\amdxata.sys [23616]
O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 13.7.2009 - 2:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\windows\system32\drivers\arc.sys [76368]
O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 13.7.2009 - 2:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\windows\system32\drivers\arcsas.sys [86608]
O58 - SDL:[MD5.C47623FFD181A1E7D63574DDE2A0A711] - 22.11.2011 - 22:36:12 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\windows\system32\drivers\aswFsBlk.sys [20568]
O58 - SDL:[MD5.4804753A4EC7D67CC22D226BFFD1C1E3] - 22.11.2011 - 22:36:26 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\windows\system32\drivers\aswMonFlt.sys [54616]
O58 - SDL:[MD5.36239E24470A3DD81FAE37510953CC6C] - 22.11.2011 - 22:36:38 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\windows\system32\drivers\aswRdr.sys [34392]
O58 - SDL:[MD5.CAA846E9C83836BDC3D2D700C678DB65] - 22.11.2011 - 22:38:05 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\windows\system32\drivers\aswSnx.sys [442200]
O58 - SDL:[MD5.748AE7F2D7DA33ADB063FE05704A9969] - 22.11.2011 - 22:37:53 ---A- . (.AVAST Software - avast! self protection module.) -- C:\windows\system32\drivers\aswSP.sys [320856]
O58 - SDL:[MD5.CA9925CE1DBD07FFE1EB357752CF5577] - 22.11.2011 - 22:36:36 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\windows\system32\drivers\aswTdi.sys [52568]
O58 - SDL:[MD5.6F41A4C5745BB99F89406F57164F099E] - 2.11.2009 - 2:43:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\windows\system32\drivers\b57nd60x.sys [260648]
O58 - SDL:[MD5.AD068203F32FC25C3FE5830290E37B2F] - 2.11.2009 - 12:23:44 ---A- . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless driver.) -- C:\windows\system32\drivers\BCMWL6.SYS [2505720]
O58 - SDL:[MD5.C0E9AB06406DA41BA3823B2C2DD69778] - 2.11.2009 - 16:13:36 ---A- . (.Bison Electronics. Inc. - Universal Serial Bus Camera Driver.) -- C:\windows\system32\drivers\BisonC07.sys [1182320]
O58 - SDL:[MD5.4030BE8AD4EF793D34CC64D783F95F2E] - 2.11.2009 - 16:41:04 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Unified Crash Dump (x86).) -- C:\windows\system32\drivers\bnxcdx.sys [192040]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 14.7.2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 14.7.2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14.7.2009 - 1:57:25 ---A- . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\windows\system32\drivers\BrSerId.sys [272128]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 14.7.2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 14.7.2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 14.7.2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.D57D29132EFE13A83133D9BD449E0CF1] - 2.11.2009 - 5:46:14 ---A- . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\windows\system32\drivers\btwaudio.sys [86056]
O58 - SDL:[MD5.D282C14A69357D0E1BAFAECC2CA98C3A] - 2.11.2009 - 5:46:12 ---A- . (.Broadcom Corporation. - Broadcom Bluetooth AVDT Service.) -- C:\windows\system32\drivers\btwavdt.sys [108072]
O58 - SDL:[MD5.AAFD7CB76BA61FBB08E302DA208C974A] - 2.11.2009 - 8:32:50 ---A- . (.Broadcom Corporation. - Broadcom Bluetooth L2CAP Service.) -- C:\windows\system32\drivers\btwl2cap.sys [29472]
O58 - SDL:[MD5.02EB4D2B05967DF2D32F29C84AB1FB17] - 2.11.2009 - 5:46:04 ---A- . (.Broadcom Corporation. - Bluetooth Remote Control HID Minidriver.) -- C:\windows\system32\drivers\btwrchid.sys [18344]
O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 10.6.2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\windows\system32\drivers\bxvbdx.sys [430080]
O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14.7.2009 - 2:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\windows\system32\drivers\cmdide.sys [15952]
O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 10.6.2009 - 2:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\windows\system32\drivers\djsvs.sys [70720]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 10.6.2009 - 2:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\windows\system32\drivers\elxstor.sys [453712]
O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 10.6.2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\windows\system32\drivers\evbdx.sys [3100160]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13.7.2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\windows\system32\drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 13.7.2009 - 2:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\windows\system32\drivers\HpSAMD.sys [67152]
O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 10.6.2009 - 2:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\windows\system32\drivers\iaStorV.sys [332352]
O58 - SDL:[MD5.AD626F6964F4D364D226C39E06872DD3] - 10.6.2009 - 22:19:30 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\windows\system32\drivers\igdkmd32.sys [4756480]
O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 13.7.2009 - 2:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\windows\system32\drivers\iirsp.sys [41040]
O58 - SDL:[MD5.C4C95805B85BCE1EB9D20F4A02FC5F9B] - 13.7.2009 - 23:02:49 ---A- . (.Broadcom Corporation - Broadcom NetLink (TM) Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\windows\system32\drivers\k57nd60x.sys [229888]
O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 13.7.2009 - 2:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\windows\system32\drivers\lsi_fc.sys [95824]
O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 13.7.2009 - 2:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\windows\system32\drivers\lsi_sas.sys [89168]
O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 13.7.2009 - 2:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\windows\system32\drivers\lsi_sas2.sys [54864]
O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 13.7.2009 - 2:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\windows\system32\drivers\lsi_scsi.sys [96848]
O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 10.6.2009 - 2:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\windows\system32\drivers\megasas.sys [30800]
O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 13.7.2009 - 2:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\windows\system32\drivers\MegaSR.sys [235584]
O58 - SDL:[MD5.58218EC6B61B1169CF54AAB0D00F5FE2] - 10.6.2009 - 23:02:51 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\windows\system32\drivers\netw5v32.sys [4231168]
O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 13.7.2009 - 2:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\windows\system32\drivers\nfrd960.sys [44624]
O58 - SDL:[MD5.D2F4C4B22969236382CA853B8DAA2D4E] - 20.8.2009 - 9:45:48 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\windows\system32\drivers\nvhda32v.sys [66080]
O58 - SDL:[MD5.519D5E6B7FA9542C42437B2DFDCFAFD1] - 9.9.2009 - 9:21:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 186.69.) -- C:\windows\system32\drivers\nvlddmkm.sys [9824416]
O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 13.7.2009 - 2:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\windows\system32\drivers\nvraid.sys [117312]
O58 - SDL:[MD5.7C8575FF76E52F6D92DE54C2DE247760] - 22.7.2009 - 4:29:26 ---A- . (.NVIDIA Corporation - NVIDIA nForce(TM) SMU Microcontroller Driver.) -- C:\windows\system32\drivers\nvsmu.sys [17920]
O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 10.6.2009 - 2:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\windows\system32\drivers\nvstor.sys [142416]
O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 10.6.2009 - 2:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\windows\system32\drivers\ql2300.sys [1383488]
O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 13.7.2009 - 2:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\windows\system32\drivers\ql40xx.sys [106064]
O58 - SDL:[MD5.E345EC27C8DFF8728F5C6F0413699DC5] - 2.11.2009 - 11:18:48 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\windows\system32\drivers\RTKVHDA.sys [2664032]
O58 - SDL:[MD5.52532A4CA8B251775DECC87C4813ABFB] - 2.11.2009 - 12:53:12 ---A- . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for Vista.) -- C:\windows\system32\drivers\RTSTOR.sys [64000]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 14.7.2009 - 21:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 10.6.2009 - 2:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\windows\system32\drivers\sisraid2.sys [40016]
O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 13.7.2009 - 2:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\windows\system32\drivers\sisraid4.sys [77888]
O58 - SDL:[MD5.7B426B8E809EDF081D771EF429345528] - 10.1.2012 - 11:24:06 ---A- . (...) -- C:\windows\system32\drivers\sp_rsdrv2.sys [32768]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13.7.2009 - 2:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\windows\system32\drivers\stexstor.sys [21072]
O58 - SDL:[MD5.292307A8E0DDCE66E8D5DFA2635F72A5] - 7.8.2009 - 10:33:38 ---A- . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\windows\system32\drivers\SynTP.sys [212912]
O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 14.7.2009 - 2:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\windows\system32\drivers\viaide.sys [16976]
O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 10.6.2009 - 2:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\windows\system32\drivers\vsmraid.sys [141904]
O58 - SDL:[MD5.BAEDC491374DEFD5E76336901D6D397D] - 2.11.2009 - 22:14:58 ---A- . (.CyberLink - WIN32.) -- C:\windows\system32\drivers\wsvd.sys [81704]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13.7.2009 - 22:40:41 ---A- . (...) -- C:\windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13.7.2009 - 22:40:44 ---A- . (...) -- C:\windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13.7.2009 - 22:40:40 ---A- . (...) -- C:\windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13.7.2009 - 22:40:43 ---A- . (...) -- C:\windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13.7.2009 - 22:40:43 ---A- . (...) -- C:\windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13.7.2009 - 22:40:23 ---A- . (...) -- C:\windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13.7.2009 - 22:40:31 ---A- . (...) -- C:\windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13.7.2009 - 22:40:35 ---A- . (...) -- C:\windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13.7.2009 - 22:40:39 ---A- . (...) -- C:\windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13.7.2009 - 22:40:27 ---A- . (...) -- C:\windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13.7.2009 - 22:40:11 ---A- . (...) -- C:\windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13.7.2009 - 22:40:15 ---A- . (...) -- C:\windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13.7.2009 - 22:40:17 ---A- . (...) -- C:\windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13.7.2009 - 22:40:19 ---A- . (...) -- C:\windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13.7.2009 - 22:40:13 ---A- . (...) -- C:\windows\system32\NTIO804.SYS [34672]
~ Scan Drivers in 00mn 17s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: RSIT - (.random/random.)
~ Scan ADS in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 30.12.1899 - C:\windows\system32\Drivers\aswFsBlk.sys (aswFsBlk) .(.AVAST Software - avast! File System Access Blocking Driver.) - LEGACY_ASWFSBLK
O64 - Services: CurCS - 6.9.2011 - C:\windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - 30.12.1899 - C:\windows\system32\Drivers\aswRdr.sys (aswRdr) .(.AVAST Software - avast! TDI RDR Driver.) - LEGACY_ASWRDR
O64 - Services: CurCS - 30.12.1899 - C:\windows\system32\Drivers\aswSnx.sys (aswSnx) .(.AVAST Software - avast! Virtualization Driver.) - LEGACY_ASWSNX
O64 - Services: CurCS - 30.12.1899 - C:\windows\system32\Drivers\aswSP.sys (aswSP) .(.AVAST Software - avast! self protection module.) - LEGACY_ASWSP
O64 - Services: CurCS - 30.12.1899 - C:\windows\system32\Drivers\aswTdi.sys (aswTdi) .(.AVAST Software - avast! TDI Filter Driver.) - LEGACY_ASWTDI
O64 - Services: CurCS - 30.12.1899 - C:\windows\system32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 21.6.2011 - C:\windows\system32\drivers\sp_rsdrv2.sys - Spyware Terminator 2012 Realtime Shield Driver (sp_rsdrv2) .(...) - LEGACY_SP_RSDRV2
O64 - Services: CurCS - 21.7.2009 - C:\windows\system32\DRIVERS\wsvd.sys (wsvd) .(.CyberLink - WIN32.) - LEGACY_WSVD
~ Scan Services in 00mn 03s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\windows\system32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor registru.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\windows\system32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor registru.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Live Search) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - ( ) - http://search.conduit.com
~ Scan Keys in 00mn 00s



---\\ Search Svchost Services (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Služba Funkčnost aplikací.) -- C:\windows\system32\aelupsvc.dll [62464]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation Service.) -- C:\windows\system32\certprop.dll [67584]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation Service.) -- C:\windows\system32\certprop.dll [67584]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\windows\system32\srvsvc.dll [168448]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Klient zásad skupiny.) -- C:\windows\system32\gpsvc.dll [591360]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\windows\system32\ikeext.dll [667136]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\windows\system32\Audiosrv.dll [473088]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\windows\system32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Správce vzdáleného přístupu.) -- C:\windows\system32\rasmans.dll [285184]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\windows\system32\mprdim.dll [75264]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\windows\system32\sens.dll [49664]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\windows\system32\ipnathlp.dll [300544]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\windows\system32\tapisrv.dll [241664]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote Connections Manager.) -- C:\windows\system32\termsrv.dll [543232]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\windows\system32\wuaueng.dll [1912832]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Služba inteligentního přenosu na pozadí.) -- C:\windows\system32\qmgr.dll [589312]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\windows\system32\shsvcs.dll [328192]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over an IPv4 network..) -- C:\windows\system32\iphlpsvc.dll [497152]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\windows\system32\seclogon.dll [21504]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Služba Informace o aplikaci.) -- C:\windows\system32\appinfo.dll [46592]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\windows\system32\iscsiexe.dll [114688]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\windows\system32\mmcss.dll [49664]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\windows\system32\wercplsupport.dll [61440]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\windows\system32\eapsvc.dll [98304]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\windows\system32\profsvc.dll [162816]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Služba Plánovač úloh.) -- C:\windows\system32\schedsvc.dll [743424]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\windows\system32\kmsvc.dll [71168]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\windows\system32\sessenv.dll [99328]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\windows\system32\wbem\WMIsvc.dll [168960]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\windows\system32\browser.dll [102400]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\windows\system32\themeservice.dll [37376]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\windows\system32\bdesvc.dll [76800]
~ Scan Services in 00mn 01s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.440DB52A73EDA39E7F197B56FCA69C57] [SPRF][27.11.2011] (.Adobe Systems Incorporated - Adobe Self Extractor.) -- C:\Program Files\AdbeRdr1010_cs_CZ(1).exe [39938968]
[MD5.F165E25A4210E7471A89309249D855CA] [SPRF][27.11.2011] (...) -- C:\Program Files\AdbeRdr1010_cs_CZ.exe [15542872]
[MD5.98E8E46A72919905D6A686605AB38E64] [SPRF][9.11.2011] (.Adobe Systems Inc. - Adobe AIR Installer.) -- C:\Program Files\AdobeAIRInstaller.exe [15160720]
[MD5.A2C4D720F7DA016A7AFD3D5C6BC8A95E] [SPRF][22.11.2011] (...) -- C:\Program Files\directx_Jun2010_redist.exe [348160]
[MD5.37CB881DBE258C5CC687D2922632137B] [SPRF][27.2.2011] (...) -- C:\Program Files\OOo_3.3.0_Win_x86_install_cs.exe [135681640]
[MD5.68A410862FB7339C16E2C524704F9E60] [SPRF][18.1.2011] (...) -- C:\Program Files\setup.exe [475016]
[MD5.3A79D756F8977E8C5D887B8D3E732C2D] [SPRF][14.11.2011] (.Unknown owner - AVAST Software Setup Engine.) -- C:\Program Files\setup_av_free.exe [61657056]
~ Scan Files in 00mn 16s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "{7C48801A-5D76-4865-BB8C-23785B0D6001}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe (.not file.)
O87 - FAEL: "{4564F37C-759A-4D5B-B65D-C05E66C97CAA}" | In - None - P6 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O87 - FAEL: "{B9C85366-BEA8-4C61-B700-A4F6BE7A17A3}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{D9006C79-E4A7-4F1C-BE45-46FBB572A940}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "TCP Query User{C69E1717-CD40-4A68-8E8C-4E415735DEC2}C:\program files\winamp\winamp.exe" | In - Private - P6 - TRUE | .(.Nullsoft, Inc. - Winamp.) -- C:\Program Files\Winamp\winamp.exe
O87 - FAEL: "UDP Query User{88FBEDCB-44DC-40E1-BBA3-362E45C03BFF}C:\program files\winamp\winamp.exe" | In - Private - P17 - TRUE | .(.Nullsoft, Inc. - Winamp.) -- C:\Program Files\Winamp\winamp.exe
O87 - FAEL: "TCP Query User{FB6F4804-9392-4932-A2F0-1427AF167E8B}C:\program files\winamp\winamp.exe" | In - Public - P6 - TRUE | .(.Nullsoft, Inc. - Winamp.) -- C:\Program Files\Winamp\winamp.exe
O87 - FAEL: "UDP Query User{8C5ED325-5125-4D90-9150-3B313E6CD1DC}C:\program files\winamp\winamp.exe" | In - Public - P17 - TRUE | .(.Nullsoft, Inc. - Winamp.) -- C:\Program Files\Winamp\winamp.exe
O87 - FAEL: "{40612137-EE2B-4C78-BB89-DF4B4CB662DF}" | In - Private - P6 - TRUE | .(.Crawler.com - Spyware Terminator 2012.) -- C:\Program Files\Spyware Terminator\SpywareTerminator.exe
O87 - FAEL: "{AAD3F92E-002C-497A-A549-23FD69399914}" | In - Private - P17 - TRUE | .(.Crawler.com - Spyware Terminator 2012.) -- C:\Program Files\Spyware Terminator\SpywareTerminator.exe
O87 - FAEL: "{E9780213-1FAB-4977-945D-727E690D923F}" | In - Private - P6 - TRUE | .(.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O87 - FAEL: "{E4D05EC3-0010-43F5-8905-AFC36C97D5CE}" | In - Private - P17 - TRUE | .(.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O87 - FAEL: "TCP Query User{A6A658DA-8B06-4771-92D1-3D51B151C406}C:\program files\spyware terminator\spywareterminatorupdate.exe" | In - Public - P6 - TRUE | .(.Crawler.com.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O87 - FAEL: "UDP Query User{0D25C244-CCA5-4368-8074-35FFEDFE8E93}C:\program files\spyware terminator\spywareterminatorupdate.exe" | In - Public - P17 - TRUE | .(.Crawler.com.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
~ Scan Firewall in 00mn 09s



---\\ Additionnal Scan (O88)
Database Version : 8956 - (11/01/2012)
Clés trouvées (Keys found) : 63
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler] =>Toolbar.Crawler
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.AskSBar
[HKLM\Software\Classes\ctbcommon.Buttons] =>Toolbar.Crawler
[HKLM\Software\Classes\ctbr.r404pro] =>Toolbar.Crawler
[HKLM\Software\Classes\CToolbar.TB4Client] =>Toolbar.Crawler
[HKLM\Software\Classes\ctoolbar.tb4script] =>Toolbar.Crawler
[HKLM\Software\Classes\CToolbar.TB4Server] =>Toolbar.Crawler
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.AskSBar
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.AskSBar
[HKLM\Software\Classes\Toolbar.CT2786678] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}] =>Toolbar.Crawler
[HKLM\Software\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}] =>Adware.BHO
[HKLM\Software\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}] =>Toolbar.Crawler
[HKLM\Software\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}] =>Toolbar.Crawler
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}] =>Toolbar.Crawler
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}] =>Toolbar.Crawler
[HKLM\Software\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}] =>Toolbar.Crawler
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.AskSBar
[HKLM\Software\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}] =>Toolbar.Crawler
[HKLM\Software\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] =>Toolbar.Crawler
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] =>Toolbar.Crawler
[HKLM\Software\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}] =>Toolbar.Crawler
[HKLM\Software\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}] =>Toolbar.Crawler
[HKLM\Software\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}] =>Toolbar.Crawler
[HKLM\Software\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}] =>Toolbar.Crawler
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.AskSBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}] =>Toolbar.Crawler
[HKLM\Software\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}] =>Toolbar.Crawler
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.AskSBar
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.AskSBar
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.AskSBar
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}] =>Toolbar.Crawler
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar
[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar
[HKLM\Software\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}] =>Adware.BHO
[HKLM\Software\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}] =>Toolbar.Crawler
[HKLM\Software\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}] =>Toolbar.Crawler
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}] =>Adware.BHO
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar
[HKCU\Software\APN] =>Toolbar.Agent
[HKLM\Software\APN] =>Toolbar.Agent
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\Ask.com] =>Toolbar.AskBarDis
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\CToolbar] =>Toolbar.Crawler
[HKLM\Software\CToolbar] =>Toolbar.Crawler
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL] =>Toolbar.Crawler
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{4B3803EA-5230-4DC3-A7FC-33638F3D3542} =>Toolbar.Crawler
[HKLM\Software\Mozilla\Firefox\Extensions]:{4B3803EA-5230-4DC3-A7FC-33638F3D3542} =>Toolbar.Crawler
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater =>Toolbar.Ask
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Users\xp\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\xp\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\xp\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\windows\system32\Tasks\Scheduled Update for Ask Toolbar =>Toolbar.AskTBar
~ Scan Additionnel in 00mn 43s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 13.1.2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 6.9.2011 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 2.11.2009 582944 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
SS - | Auto 22.11.2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22.11.2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22.11.2011 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 10.8.2011 94880 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
SR - | Auto 2.11.2009 211488 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 10.1.2012 482992 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe
SR - | Auto 14.7.2009 20992 | C:\windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Scan Services in 00mn 49s



End of the scan (1180 lines in 05mn 59s)(0)

když dám v seznamu založky process klik na firefox a klik na view modules tak se otevre nejaky dalsi seznam ...
to export display nemam dat nahodou uz tam kdyz otviram nabidku pravym klikem na firefox?


ty rezidentní štíty už jsem davno vypla...

jo to mi tam naskakovalo, že to avast musi otevřít v sandboxu..

jo uz asi vim jaks to myslel-..doufam ze ej to ono...teda spíš to není ono,protože enchapu co z tohoto lze vycist

[XueTr][[firefox.exe]Process Modules(139)]: 139
Module Path Base Size File Corporation
C:\Program Files\Mozilla Firefox\firefox.exe 0x00C90000 0x000E0000 Mozilla Corporation
C:\windows\SYSTEM32\ntdll.dll 0x771A0000 0x0013C000 Microsoft Corporation
C:\windows\system32\kernel32.dll 0x76DC0000 0x000D4000 Microsoft Corporation
C:\windows\system32\KERNELBASE.dll 0x75390000 0x0004A000 Microsoft Corporation
C:\Program Files\AVAST Software\Avast\snxhk.dll 0x752C0000 0x00034000 AVAST Software
C:\windows\system32\USER32.dll 0x76A60000 0x000C9000 Microsoft Corporation
C:\windows\system32\GDI32.dll 0x770A0000 0x0004E000 Microsoft Corporation
C:\windows\system32\LPK.dll 0x772E0000 0x0000A000 Microsoft Corporation
C:\windows\system32\USP10.dll 0x77330000 0x0009D000 Microsoft Corporation
C:\windows\system32\msvcrt.dll 0x75730000 0x000AC000 Microsoft Corporation
C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll 0x724F0000 0x0009B000 Microsoft Corporation
C:\windows\system32\IMM32.DLL 0x76A40000 0x0001F000 Microsoft Corporation
C:\windows\system32\MSCTF.dll 0x76BD0000 0x000CC000 Microsoft Corporation
C:\Program Files\Mozilla Firefox\nspr4.dll 0x6A630000 0x0002D000 Mozilla Foundation
C:\windows\system32\ADVAPI32.dll 0x76B30000 0x000A0000 Microsoft Corporation
C:\windows\SYSTEM32\sechost.dll 0x76A20000 0x00019000 Microsoft Corporation
C:\windows\system32\RPCRT4.dll 0x770F0000 0x000A1000 Microsoft Corporation
C:\windows\system32\WSOCK32.dll 0x731D0000 0x00007000 Microsoft Corporation
C:\windows\system32\WS2_32.dll 0x772F0000 0x00035000 Microsoft Corporation
C:\windows\system32\NSI.dll 0x758F0000 0x00006000 Microsoft Corporation
C:\windows\system32\WINMM.dll 0x73490000 0x00032000 Microsoft Corporation
C:\Program Files\Mozilla Firefox\mozutils.dll 0x6A680000 0x0000C000 Mozilla Foundation
C:\Program Files\Mozilla Firefox\plc4.dll 0x6A670000 0x00007000 Mozilla Foundation
C:\Program Files\Mozilla Firefox\plds4.dll 0x6A660000 0x00007000 Mozilla Foundation
C:\Program Files\Mozilla Firefox\mozalloc.dll 0x6A610000 0x00006000 Mozilla Foundation
C:\Program Files\Mozilla Firefox\mozsqlite3.dll 0x68830000 0x000C6000 sqlite.org
C:\Program Files\Mozilla Firefox\nssutil3.dll 0x6A5F0000 0x00018000 Mozilla Foundation
C:\Program Files\Mozilla Firefox\softokn3.dll 0x6A5C0000 0x00028000 Mozilla Foundation
C:\Program Files\Mozilla Firefox\nss3.dll 0x68930000 0x0009D000 Mozilla Foundation
C:\Program Files\Mozilla Firefox\ssl3.dll 0x68AF0000 0x00024000 Mozilla Foundation
C:\Program Files\Mozilla Firefox\smime3.dll 0x68AD0000 0x00018000 Mozilla Foundation
C:\Program Files\Mozilla Firefox\mozjs.dll 0x68620000 0x00206000
C:\Program Files\AVAST Software\Avast\aswJsFlt.dll 0x68AB0000 0x00019000 AVAST Software
C:\windows\system32\ole32.dll 0x75910000 0x0015C000 Microsoft Corporation
C:\Program Files\Mozilla Firefox\xul.dll 0x67680000 0x00F95000 Mozilla Foundation
C:\windows\system32\SHELL32.dll 0x75DD0000 0x00C49000 Microsoft Corporation
C:\windows\system32\SHLWAPI.dll 0x76D30000 0x00057000 Microsoft Corporation
C:\windows\system32\VERSION.dll 0x747B0000 0x00009000 Microsoft Corporation
C:\windows\system32\WINSPOOL.DRV 0x73BE0000 0x00051000 Microsoft Corporation
C:\windows\system32\COMDLG32.dll 0x75CC0000 0x0007B000 Microsoft Corporation
C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\COMCTL32.dll 0x741E0000 0x0019E000 Microsoft Corporation
C:\windows\system32\MSIMG32.dll 0x73630000 0x00005000 Microsoft Corporation
C:\windows\system32\PSAPI.DLL 0x757E0000 0x00005000 Microsoft Corporation
C:\windows\system32\OLEAUT32.dll 0x75D40000 0x0008F000 Microsoft Corporation
C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll 0x71D70000 0x00087000 Microsoft Corporation
C:\windows\system32\uxtheme.dll 0x740A0000 0x00040000 Microsoft Corporation
C:\windows\system32\dwmapi.dll 0x73D80000 0x00013000 Microsoft Corporation
C:\Program Files\Mozilla Firefox\xpcom.dll 0x6A620000 0x00007000 Mozilla Foundation
C:\windows\system32\dwrite.dll 0x67570000 0x00109000 Microsoft Corporation
C:\windows\system32\dbghelp.dll 0x71760000 0x000EB000 Microsoft Corporation
C:\windows\system32\CRYPTBASE.dll 0x75230000 0x0000C000 Microsoft Corporation
c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll 0x6E2E0000 0x00008000 McAfee, Inc.
C:\windows\system32\CLBCatQ.DLL 0x76CA0000 0x00083000 Microsoft Corporation
C:\windows\system32\SETUPAPI.dll 0x75A70000 0x0019D000 Microsoft Corporation
C:\windows\system32\CFGMGR32.dll 0x753E0000 0x00027000 Microsoft Corporation
C:\windows\system32\DEVOBJ.dll 0x75370000 0x00012000 Microsoft Corporation
C:\windows\system32\propsys.dll 0x740E0000 0x000F5000 Microsoft Corporation
C:\windows\system32\ntmarta.dll 0x73770000 0x00021000 Microsoft Corporation
C:\windows\system32\WLDAP32.dll 0x75C10000 0x00045000 Microsoft Corporation
C:\windows\system32\mswsock.dll 0x74D10000 0x0003C000 Microsoft Corporation
C:\windows\System32\wshtcpip.dll 0x74840000 0x00005000 Microsoft Corporation
C:\windows\system32\iphlpapi.dll 0x73450000 0x0001C000 Microsoft Corporation
C:\windows\system32\WINNSI.DLL 0x73440000 0x00007000 Microsoft Corporation
C:\Program Files\Mozilla Firefox\components\browsercomps.dll 0x68A90000 0x0001C000 Mozilla Foundation
C:\windows\system32\feclient.dll 0x691B0000 0x0000C000 Microsoft Corporation
C:\windows\system32\WindowsCodecs.dll 0x73AC0000 0x000FB000 Microsoft Corporation
C:\windows\system32\apphelp.dll 0x751E0000 0x0004B000 Microsoft Corporation
C:\Program Files\AVAST Software\Avast\ashShell.dll 0x708D0000 0x00022000 AVAST Software
C:\windows\system32\msi.dll 0x70680000 0x00240000 Microsoft Corporation
C:\windows\system32\EhStorShell.dll 0x70620000 0x00031000 Microsoft Corporation
C:\windows\system32\ntshrui.dll 0x705B0000 0x0006F000 Microsoft Corporation
C:\windows\system32\srvcli.dll 0x75110000 0x00019000 Microsoft Corporation
C:\windows\system32\cscapi.dll 0x73140000 0x0000B000 Microsoft Corporation
C:\windows\system32\slc.dll 0x735A0000 0x0000A000 Microsoft Corporation
C:\windows\system32\IcnOvrly.dll 0x10000000 0x00184000
C:\windows\system32\CRYPTSP.dll 0x74E10000 0x00016000 Microsoft Corporation
C:\windows\system32\rsaenh.dll 0x74AF0000 0x0003B000 Microsoft Corporation
C:\windows\system32\RpcRtRemote.dll 0x75240000 0x0000E000 Microsoft Corporation
C:\windows\System32\MMDevApi.dll 0x73DA0000 0x00039000 Microsoft Corporation
C:\windows\system32\AUDIOSES.DLL 0x6F5D0000 0x00036000 Microsoft Corporation
C:\Program Files\Lenovo\Bluetooth Software\btmmhook.dll 0x021E0000 0x00038000 Broadcom Corporation.
C:\windows\system32\WINTRUST.dll 0x75410000 0x0002D000 Microsoft Corporation
C:\windows\system32\CRYPT32.dll 0x75440000 0x0011C000 Microsoft Corporation
C:\windows\system32\MSASN1.dll 0x75360000 0x0000C000 Microsoft Corporation
C:\windows\system32\t2embed.dll 0x68A70000 0x0001D000 Microsoft Corporation
C:\windows\system32\NLAapi.dll 0x73620000 0x00010000 Microsoft Corporation
C:\windows\system32\DNSAPI.dll 0x74BA0000 0x00044000 Microsoft Corporation
C:\windows\System32\winrnr.dll 0x70460000 0x00008000 Microsoft Corporation
C:\windows\system32\napinsp.dll 0x70450000 0x00010000 Microsoft Corporation
C:\windows\system32\pnrpnsp.dll 0x70430000 0x00012000 Microsoft Corporation
C:\windows\system32\wshbth.dll 0x70420000 0x0000D000 Microsoft Corporation
C:\windows\system32\mscms.dll 0x67190000 0x00079000 Microsoft Corporation
C:\windows\system32\USERENV.dll 0x74910000 0x00017000 Microsoft Corporation
C:\windows\system32\profapi.dll 0x75250000 0x0000B000 Microsoft Corporation
C:\windows\System32\wship6.dll 0x74E00000 0x00006000 Microsoft Corporation
C:\windows\system32\rasadhlp.dll 0x70370000 0x00006000 Microsoft Corporation
C:\windows\System32\fwpuclnt.dll 0x733C0000 0x00038000 Microsoft Corporation
C:\Program Files\Mozilla Firefox\nssdbm3.dll 0x67170000 0x00019000 Mozilla Foundation
C:\Program Files\Mozilla Firefox\freebl3.dll 0x67120000 0x00044000 Mozilla Foundation
C:\Program Files\Mozilla Firefox\nssckbi.dll 0x670C0000 0x00059000 Mozilla Foundation
C:\windows\system32\explorerframe.dll 0x709A0000 0x0016F000 Microsoft Corporation
C:\windows\system32\DUser.dll 0x73E20000 0x0002F000 Microsoft Corporation
C:\windows\system32\DUI70.dll 0x73E50000 0x000B2000 Microsoft Corporation
C:\Program Files\AVAST Software\Avast\aswCmnBS.dll 0x71A10000 0x0004E000 AVAST Software
C:\Program Files\AVAST Software\Avast\aswCmnOS.dll 0x719F0000 0x0001A000 AVAST Software
C:\Program Files\AVAST Software\Avast\aswCmnIS.dll 0x719C0000 0x00029000 AVAST Software
C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll 0x71910000 0x000A3000 Microsoft Corporation
C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll 0x71880000 0x0008E000 Microsoft Corporation
C:\Program Files\AVAST Software\Avast\Aavm4h.dll 0x713D0000 0x00052000 AVAST Software
C:\Program Files\AVAST Software\Avast\AavmRpch.dll 0x713B0000 0x00013000 AVAST Software
C:\Program Files\AVAST Software\Avast\ashBase.dll 0x71850000 0x0002F000 AVAST Software
C:\Program Files\AVAST Software\Avast\aswEngLdr.dll 0x731C0000 0x0000D000 AVAST Software
C:\Program Files\AVAST Software\Avast\ashTask.dll 0x71530000 0x00026000 AVAST Software
C:\Program Files\AVAST Software\Avast\aswAux.dll 0x71580000 0x000A8000 AVAST Software
C:\Program Files\AVAST Software\Avast\aswProperty.dll 0x71430000 0x00033000 AVAST Software
C:\windows\system32\shdocvw.dll 0x6FF20000 0x0002E000 Microsoft Corporation
C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll 0x08010000 0x00021000
C:\windows\system32\LINKINFO.dll 0x70F30000 0x00009000 Microsoft Corporation
C:\windows\system32\dhcpcsvc.DLL 0x73240000 0x00012000 Microsoft Corporation
C:\windows\system32\dhcpcsvc6.DLL 0x732B0000 0x0000D000 Microsoft Corporation
C:\Windows\system32\urlmon.dll 0x755F0000 0x00135000 Microsoft Corporation
C:\windows\system32\iertutil.dll 0x76EA0000 0x001F9000 Microsoft Corporation
C:\windows\system32\SspiCli.dll 0x751C0000 0x0001A000 Microsoft Corporation
C:\windows\system32\WININET.dll 0x757F0000 0x000F4000 Microsoft Corporation
C:\windows\system32\Normaliz.dll 0x75900000 0x00003000 Microsoft Corporation
C:\windows\system32\RASAPI32.dll 0x6CE70000 0x00052000 Microsoft Corporation
C:\windows\system32\rasman.dll 0x6CD80000 0x00015000 Microsoft Corporation
C:\windows\system32\rtutils.dll 0x71750000 0x0000D000 Microsoft Corporation
C:\windows\system32\sensapi.dll 0x72080000 0x00006000 Microsoft Corporation
C:\windows\System32\Wpc.dll 0x72A50000 0x0004F000 Microsoft Corporation
C:\windows\System32\wevtapi.dll 0x75090000 0x00042000 Microsoft Corporation
C:\windows\system32\samcli.dll 0x739A0000 0x0000F000 Microsoft Corporation
C:\windows\system32\SAMLIB.dll 0x74660000 0x00012000 Microsoft Corporation
C:\windows\system32\netutils.dll 0x739C0000 0x00009000 Microsoft Corporation
C:\Program Files\Windows Defender\MpOav.dll 0x73880000 0x00010000 Microsoft Corporation
C:\windows\system32\DEVRTL.dll 0x74930000 0x0000E000 Microsoft Corporation
C:\windows\system32\MPR.dll 0x731A0000 0x00012000 Microsoft Corporation
C:\windows\system32\icm32.dll 0x71170000 0x00038000 Microsoft Corporation
C:\windows\system32\imagehlp.dll 0x76D90000 0x0002A000 Microsoft Corporation

tady je ten wincheck

PID 0 Parent PID 0 [System Process]
PID 4 Parent PID 0 System
PID 300 Parent PID 4 kind {Session manager} C:\Windows\System32\smss.exe
PID 428 Parent PID 376 kind {Client Server Runtime Process} C:\Windows\System32\csrss.exe
PID 488 Parent PID 376 kind {Windows Start-Up Application} C:\Windows\System32\wininit.exe
PID 500 Parent PID 480 kind {Client Server Runtime Process} C:\Windows\System32\csrss.exe
PID 536 Parent PID 488 kind {Services.exe} C:\Windows\System32\services.exe
PID 552 Parent PID 488 kind {lsass} C:\Windows\System32\lsass.exe
PID 560 Parent PID 488 kind {Local Session Manager Service} C:\Windows\System32\lsm.exe
PID 680 Parent PID 536 kind {DCom Server} C:\Windows\System32\svchost.exe
PID 748 Parent PID 480 kind {WinLogon} C:\Windows\System32\winlogon.exe
PID 800 Parent PID 536 service {nvsvc} C:\Windows\System32\nvvsvc.exe
PID 840 Parent PID 536 kind {RPC Service} C:\Windows\System32\svchost.exe
PID 904 Parent PID 536 kind {DHCP Client} C:\Windows\System32\svchost.exe
PID 968 Parent PID 536 kind {Wired AutoConfig Service} C:\Windows\System32\svchost.exe
PID 1016 Parent PID 536 kind {Extensible Authentication Protocol Service} C:\Windows\System32\svchost.exe
PID 1144 Parent PID 536 kind {WebClient} C:\Windows\System32\svchost.exe
PID 1228 Parent PID 800 service {nvsvc} C:\Windows\System32\nvvsvc.exe
PID 1256 Parent PID 536 kind {DNS Client} C:\Windows\System32\svchost.exe
PID 1372 Parent PID 536 service {avast! Antivirus} C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PID 1380 Parent PID 968 C:\Windows\System32\wlanext.exe
PID 1396 Parent PID 428 kind {Console Window Host} C:\Windows\System32\conhost.exe
PID 1612 Parent PID 968 kind {Desktop Window Manager} C:\Windows\System32\dwm.exe
PID 1624 Parent PID 1604 kind {Explorer} C:\Windows\explorer.exe
PID 2032 Parent PID 1624 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PID 112 Parent PID 1624 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID 336 Parent PID 1624 C:\Program Files\Lenovo\VeriFace\PManage.exe
PID 380 Parent PID 536 kind {Print Spooler} C:\Windows\System32\spoolsv.exe
PID 636 Parent PID 536 kind {Host Process for Windows Tasks} C:\Windows\System32\taskhost.exe
PID 824 Parent PID 1624 C:\Program Files\Lenovo\Energy Management\utility.exe
PID 1048 Parent PID 1624 C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PID 1172 Parent PID 1624 C:\Program Files\AVAST Software\Avast\AvastUI.exe
PID 2072 Parent PID 536 kind {Windows firewall} C:\Windows\System32\svchost.exe
PID 2092 Parent PID 112 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PID 2488 Parent PID 536 service {AdobeARMservice} C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PID 2544 Parent PID 536 service {BcmSqlStartupSvc} C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PID 2576 Parent PID 536 service {btwdins} C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
PID 2640 Parent PID 536 service {DvmMDES} C:\QSTART.SYS\config\DVMExportService.exe
PID 2692 Parent PID 536 service {McAfee SiteAdvisor Service} C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PID 2752 Parent PID 536 service {SQLWriter} C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PID 2800 Parent PID 536 service {ST2012_Svc} C:\Program Files\Spyware Terminator\st_rsser.exe
PID 2844 Parent PID 536 kind {Windows Image Acquisition} C:\Windows\System32\svchost.exe
PID 2912 Parent PID 2692 kind {rundll} C:\Windows\System32\rundll32.exe
PID 3520 Parent PID 536 kind {Windows Connect Now - Config Registrar Service} C:\Windows\System32\svchost.exe
PID 2280 Parent PID 536 kind {Windows Media Player Network Sharing Service} C:\Program Files\Windows Media Player\wmpnetwk.exe
PID 644 Parent PID 536 service {PNRPsvc} C:\Windows\System32\svchost.exe
PID 1788 Parent PID 1624 C:\Program Files\Winamp\winampa.exe
PID 368 Parent PID 1624 C:\Program Files\Ask.com\Updater\Updater.exe
PID 3832 Parent PID 1624 C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PID 3552 Parent PID 3128 C:\Program Files\OpenOffice.org 3\program\soffice.exe
PID 3596 Parent PID 3552 C:\Program Files\OpenOffice.org 3\program\soffice.bin
PID 4620 Parent PID 1624 kind {Firefox browser} C:\Program Files\Mozilla Firefox\firefox.exe
PID 5352 Parent PID 536 kind {Windows Defender} C:\Windows\System32\svchost.exe
PID 5952 Parent PID 1016 kind {Windows update} C:\Windows\System32\wuauclt.exe
PID 5764 Parent PID 6104 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PID 6132 Parent PID 4620 C:\Program Files\Mozilla Firefox\plugin-container.exe
PID 5284 Parent PID 536 kind {Windows Search Indexer} C:\Windows\System32\SearchIndexer.exe
PID 5780 Parent PID 1172 kind {CTF Loader} C:\Windows\System32\ctfmon.exe
PID 5252 Parent PID 904 audiodg.exe
PID 3728 Parent PID 680 kind {COM+ System Application} C:\Windows\System32\dllhost.exe
PID 3164 Parent PID 1624 kind {Cmd.exe} C:\Windows\System32\cmd.exe
PID 5248 Parent PID 500 kind {Console Window Host} C:\Windows\System32\conhost.exe
PID 5020 Parent PID 3164 C:\webchceck\wincheck.exe
MyWindowsChecker: len 13, kernel name ntkrnlpa.exe
HighestUserAddress: 7FFEFFFF
UserProbeAddress: 7FFF0000
SystemRangeStart: 80000000
NtMajorVersion: 6
NtMinorVersion: 1
BuildNumber: 7600
GlobalFlag: 0
Processors: 2
MmVerifierFlags 0
MmSystemSize 2 Large
DebuggerEnabled 0
DebuggerNotPresent 1
SafeBootMode 0
NXSupportPolicy 2
CR0 8001003B PE MP TS ET NE WP PG
CR4 000006F9 VME DE PSE PAE MCE PGE OSFXSR OSXMMEXCPT
KPCR[0] 83161C00 major 1 minor 1
KPCR[1] 807C1000 major 1 minor 1
WindowsType: Multiprocessor Free
KDDB:
ETHREAD.StartAddress 218
PsLoadedModuleList: 83180810
MmLoadedUserImageList: 83180DF8
KiProcessorBlock: 831A08C0 (1688C0)
KernelVerifier: 0
KeBugCheckCallbackList: 8319BB20 (163B20)
MmNonPagedPoolStart: 84C40000
MmNonPagedPoolEnd: 00000000
MmPagedPoolStart: 00000000
MmPagedPoolEnd: 00000000
MmPageSize: 4096
Decode system scheme - rotr sub
Decode scheme - rotr sub
Driver RPHook loaded from C:\Users\xp\AppData\Local\Temp\drv2
83038000:410000 flags 8004000 LoadCount 116 \SystemRoot\system32\ntkrnlpa.exe
83001000:37000 flags 8004000 LoadCount 95 \SystemRoot\system32\halmacpi.dll
80BA1000:8000 flags 8004000 LoadCount 3 \SystemRoot\system32\kdcom.dll
83602000:78000 flags 9104000 LoadCount 1 \SystemRoot\system32\mcupdate_GenuineIntel.dll
8367A000:11000 flags D104000 LoadCount 3 \SystemRoot\system32\PSHED.dll
8368B000:8000 flags D104000 LoadCount 1 \SystemRoot\system32\BOOTVID.dll
83693000:42000 flags 9104000 LoadCount 3 \SystemRoot\system32\CLFS.SYS
836D5000:AB000 flags D104000 LoadCount 2 \SystemRoot\system32\CI.dll
83780000:71000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\Wdf01000.sys
837F1000:E000 flags D104000 LoadCount 11 \SystemRoot\system32\drivers\WDFLDR.SYS
88223000:48000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ACPI.sys
8826B000:9000 flags D104000 LoadCount 20 \SystemRoot\system32\DRIVERS\WMILIB.SYS
88274000:8000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\msisadrv.sys
8827C000:2A000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\pci.sys
882A6000:B000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\vdrvroot.sys
882B1000:11000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\partmgr.sys
882C2000:8000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\compbatt.sys
882CA000:B000 flags D104000 LoadCount 2 \SystemRoot\system32\DRIVERS\BATTC.SYS
882D5000:10000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\volmgr.sys
882E5000:4B000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\volmgrx.sys
88330000:16000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\mountmgr.sys
88346000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\atapi.sys
8834F000:23000 flags D104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ataport.SYS
88372000:A000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\msahci.sys
8837C000:E000 flags D104000 LoadCount 1 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
8838A000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\amdxata.sys
88393000:34000 flags 9104000 LoadCount 7 \SystemRoot\system32\drivers\fltmgr.sys
883C7000:11000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\fileinfo.sys
8843A000:12F000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Ntfs.sys
88569000:2B000 flags D104000 LoadCount 9 \SystemRoot\System32\Drivers\msrpc.sys
88594000:13000 flags 9104000 LoadCount 17 \SystemRoot\System32\Drivers\ksecdd.sys
8861A000:5D000 flags 9104000 LoadCount 3 \SystemRoot\System32\Drivers\cng.sys
88677000:E000 flags 9104020 LoadCount 1 \SystemRoot\System32\drivers\pcw.sys
88685000:9000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Fs_Rec.sys
8868E000:B7000 flags 9104000 LoadCount 30 \SystemRoot\system32\drivers\ndis.sys
88745000:3E000 flags D104000 LoadCount 23 \SystemRoot\system32\drivers\NETIO.SYS
88783000:25000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\ksecpkg.sys
887A8000:3F000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\volsnap.sys
887E7000:8000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\spldr.sys
885A7000:2D000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\rdyboost.sys
887EF000:10000 flags 9104000 LoadCount 3 \SystemRoot\System32\Drivers\mup.sys
88600000:8000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\hwpolicy.sys
88400000:32000 flags 9104000 LoadCount 1 \SystemRoot\System32\DRIVERS\fvevol.sys
88608000:11000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\disk.sys
885D4000:25000 flags D104000 LoadCount 1 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
8D220000:70000 flags 49104020 LoadCount 1 \SystemRoot\System32\Drivers\aswSnx.SYS
8D290000:7000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Null.SYS
8D297000:7000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Beep.SYS
8D29E000:C000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\vga.sys
8D2AA000:21000 flags 4D104000 LoadCount 5 \SystemRoot\System32\drivers\VIDEOPRT.SYS
8D2CB000:D000 flags 4D104000 LoadCount 5 \SystemRoot\System32\drivers\watchdog.sys
8D2D8000:8000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\RDPCDD.sys
8D2E0000:8000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\rdpencdd.sys
8D2E8000:8000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\rdprefmp.sys
8D2F0000:B000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Msfs.SYS
8D2FB000:E000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Npfs.SYS
8D813000:149000 flags 49104020 LoadCount 1 \SystemRoot\System32\drivers\tcpip.sys
8D95C000:31000 flags 4D104000 LoadCount 8 \SystemRoot\System32\drivers\fwpkclnt.sys
8D98D000:17000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\tdx.sys
8D9A4000:B000 flags 4D104000 LoadCount 9 \SystemRoot\system32\DRIVERS\TDI.SYS
8D9AF000:B000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\aswTdi.SYS
8D9BA000:32000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\netbt.sys
8D309000:5A000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\afd.sys
8D9EC000:7000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\aswRdr.SYS
8D9F3000:7000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\wfplwf.sys
8D363000:1F000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\pacer.sys
8D800000:11000 flags 49104000 LoadCount 2 \SystemRoot\system32\DRIVERS\vwififlt.sys
8D382000:E000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\netbios.sys
8D390000:13000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\wanarp.sys
8D3A3000:10000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\termdd.sys
8D3B3000:27000 flags 49104000 LoadCount 1 \??\C:\windows\system32\drivers\sp_rsdrv2.sys
8CE1A000:41000 flags 49104000 LoadCount 4 \SystemRoot\system32\DRIVERS\rdbss.sys
8CE5B000:A000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\nsiproxy.sys
8CE65000:A000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mssmbios.sys
8CE6F000:C000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\discache.sys
8CE7B000:18000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\dfsc.sys
8CE93000:E000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\blbdrive.sys
8CEA1000:4D000 flags 49104020 LoadCount 1 \SystemRoot\System32\Drivers\aswSP.SYS
8CEEE000:21000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\tunnel.sys
8CF0F000:12000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\intelppm.sys
8CF21000:9000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\wmiacpi.sys
8CF2A000:F000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
8CF39000:4000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\CmBatt.sys
8CF3D000:18000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\i8042prt.sys
8CF55000:D000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\kbdclass.sys
8CF62000:33000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\SynTP.sys
8CF95000:2000 flags 4D104000 LoadCount 3 \SystemRoot\system32\DRIVERS\USBD.SYS
8CF97000:D000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mouclass.sys
8CFA4000:9000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\nvsmu.sys
8CFAD000:A000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbohci.sys
8E60B000:4B000 flags 4D104000 LoadCount 2 \SystemRoot\system32\DRIVERS\USBPORT.SYS
8E656000:F000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbehci.sys
8E665000:1F000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\HDAudBus.sys
8F42C000:95F000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
8FD8B000:2000 flags 4D004000 LoadCount 1 \SystemRoot\system32\DRIVERS\nvBridge.kmd
8E684000:B7000 flags 49104000 LoadCount 2 \SystemRoot\System32\drivers\dxgkrnl.sys
8FD8D000:39000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\dxgmms1.sys
8E73B000:41000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\b57nd60x.sys
90A1F000:267000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\bcmwl6.sys
90C86000:A000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\vwifibus.sys
90C90000:D000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\CompositeBus.sys
90C9D000:12000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\AgileVpn.sys
90CAF000:18000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rasl2tp.sys
90CC7000:B000 flags 49104000 LoadCount 2 \SystemRoot\system32\DRIVERS\ndistapi.sys
90CD2000:22000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ndiswan.sys
90CF4000:18000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspppoe.sys
90D0C000:17000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspptp.sys
90D23000:17000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rassstp.sys
90D3A000:2000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\swenum.sys
90D3C000:34000 flags 4D104000 LoadCount 4 \SystemRoot\system32\DRIVERS\ks.sys
90D70000:E000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\umbus.sys
90D7E000:44000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbhub.sys
90DC2000:11000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\NDProxy.SYS
9423D000:289000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\RTKVHDA.sys
944C6000:2F000 flags 4D104000 LoadCount 2 \SystemRoot\system32\drivers\portcls.sys
944F5000:19000 flags 4D104000 LoadCount 1 \SystemRoot\system32\drivers\drmk.sys
9450E000:13000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\nvhda32v.sys
95F00000:24A000 flags 69104000 LoadCount 4 \SystemRoot\System32\win32k.sys
94521000:A000 flags 4D104000 LoadCount 1 \SystemRoot\System32\drivers\Dxapi.sys
9452B000:D000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\crashdmp.sys
94538000:B000 flags 49104000 LoadCount 2 \SystemRoot\System32\Drivers\dump_dumpata.sys
94543000:A000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\dump_msahci.sys
9454D000:11000 flags 49104020 LoadCount 1 \SystemRoot\System32\Drivers\dump_dumpfve.sys
9455E000:17000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbccgp.sys
81E03000:11F000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\BisonC07.sys
81F22000:B000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\monitor.sys
96160000:9000 flags 69104000 LoadCount 1 \SystemRoot\System32\TSDDD.dll
96190000:1E000 flags 69104000 LoadCount 1 \SystemRoot\System32\cdd.dll
81F2D000:1B000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\luafv.sys
81F48000:38000 flags 49104000 LoadCount 1 \??\C:\windows\system32\drivers\aswMonFlt.sys
81F80000:3000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\aswFsBlk.SYS
81F83000:1A000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\WudfPf.sys
81F9D000:10000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\lltdio.sys
81FAD000:46000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\nwifi.sys
94575000:10000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ndisuio.sys
94585000:13000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rspndr.sys
81FF3000:9000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\vwifimp.sys
9E408000:85000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\HTTP.sys
9E48D000:19000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\bowser.sys
9E4A6000:12000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\mpsdrv.sys
9E4B8000:23000 flags 49104000 LoadCount 3 \SystemRoot\system32\DRIVERS\mrxsmb.sys
9E4DB000:3B000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
9E516000:1B000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
9E549000:97000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\peauth.sys
9E5E0000:A000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\secdrv.SYS
94598000:21000 flags 49104000 LoadCount 3 \SystemRoot\System32\DRIVERS\srvnet.sys
9E5EA000:D000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\tcpipreg.sys
8E77C000:4F000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\srv2.sys
A0002000:51000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\srv.sys
A0143000:9000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\asyncmac.sys
A014C000:70000 flags 49104000 LoadCount 1 \??\C:\Users\xp\Downloads\XueTr.sys
A01BC000:E000 flags 49104000 LoadCount 1 \??\C:\Users\xp\AppData\Local\Temp\drv2
771A0000:13C000 flags 0 LoadCount 1 \Windows\System32\ntdll.dll
47CA0000:13000 flags 0 LoadCount 1 \Windows\System32\smss.exe
773E0000:50000 flags 0 LoadCount 1 \Windows\System32\apisetschema.dll
00580000:A6000 flags 0 LoadCount 1 \Windows\System32\autochk.exe
77330000:9D000 flags 0 LoadCount 1 \Windows\System32\usp10.dll
772F0000:35000 flags 0 LoadCount 1 \Windows\System32\ws2_32.dll
770F0000:A1000 flags 0 LoadCount 1 \Windows\System32\rpcrt4.dll
770A0000:4E000 flags 0 LoadCount 1 \Windows\System32\gdi32.dll
76EA0000:1F9000 flags 0 LoadCount 1 \Windows\System32\iertutil.dll
76DC0000:D4000 flags 0 LoadCount 1 \Windows\System32\kernel32.dll
76D90000:2A000 flags 0 LoadCount 1 \Windows\System32\imagehlp.dll
76D30000:57000 flags 0 LoadCount 1 \Windows\System32\shlwapi.dll
76CA0000:83000 flags 0 LoadCount 1 \Windows\System32\clbcatq.dll
76BD0000:CC000 flags 0 LoadCount 1 \Windows\System32\msctf.dll
76B30000:A0000 flags 0 LoadCount 1 \Windows\System32\advapi32.dll
76A60000:C9000 flags 0 LoadCount 1 \Windows\System32\user32.dll
76A40000:1F000 flags 0 LoadCount 1 \Windows\System32\imm32.dll
76A20000:19000 flags 0 LoadCount 1 \Windows\System32\sechost.dll
75DD0000:C49000 flags 0 LoadCount 1 \Windows\System32\shell32.dll
75D40000:8F000 flags 0 LoadCount 1 \Windows\System32\oleaut32.dll
75CC0000:7B000 flags 0 LoadCount 1 \Windows\System32\comdlg32.dll
772E0000:A000 flags 0 LoadCount 1 \Windows\System32\lpk.dll
75C60000:52000 flags 0 LoadCount 1 \Windows\System32\difxapi.dll
75C10000:45000 flags 0 LoadCount 1 \Windows\System32\Wldap32.dll
75A70000:19D000 flags 0 LoadCount 1 \Windows\System32\setupapi.dll
75910000:15C000 flags 0 LoadCount 1 \Windows\System32\ole32.dll
75900000:3000 flags 0 LoadCount 1 \Windows\System32\normaliz.dll
758F0000:6000 flags 0 LoadCount 1 \Windows\System32\nsi.dll
757F0000:F4000 flags 0 LoadCount 1 \Windows\System32\wininet.dll
757E0000:5000 flags 0 LoadCount 1 \Windows\System32\psapi.dll
75730000:AC000 flags 0 LoadCount 1 \Windows\System32\msvcrt.dll
755F0000:135000 flags 0 LoadCount 1 \Windows\System32\urlmon.dll
75560000:84000 flags 0 LoadCount 1 \Windows\System32\comctl32.dll
75440000:11C000 flags 0 LoadCount 1 \Windows\System32\crypt32.dll
75410000:2D000 flags 0 LoadCount 1 \Windows\System32\wintrust.dll
753E0000:27000 flags 0 LoadCount 1 \Windows\System32\cfgmgr32.dll
75390000:4A000 flags 0 LoadCount 1 \Windows\System32\KernelBase.dll
75370000:12000 flags 0 LoadCount 1 \Windows\System32\devobj.dll
75360000:C000 flags 0 LoadCount 1 \Windows\System32\msasn1.dll
Patched ZwYieldExecution + CA5
Patched KiDispatchInterrupt + 5A2
KernelSection .text rva 1000, size 11B901, 0x4C60 relocs has 0x15 patched bytes !
Patched ObMakeTemporaryObject by \SystemRoot\System32\Drivers\aswSP.SYS
Patched ObInsertObject + 27 by \SystemRoot\System32\Drivers\aswSP.SYS
Patched ZwReplyWaitReceivePortEx + 108
Patched ZwAlpcSendWaitReceivePort + 122
Patched ZwCreateProcessEx by \SystemRoot\System32\Drivers\aswSP.SYS
KernelSection PAGE rva 16B000, size 1AC052, 0x3F8E relocs has 0x19 patched bytes !
SDT entry 9 (ZwAddBootEntry) hooked 8D233374 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 13 (ZwAllocateVirtualMemory) hooked 8CEAB2B8 \SystemRoot\System32\Drivers\aswSP.SYS!
SDT entry 32 (ZwClose) hooked 8D3B5444 \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
SDT entry 40 (ZwCreateEvent) hooked 8D235996 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 41 (ZwCreateEventPair) hooked 8D2359EE \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 42 (ZwCreateFile) hooked 8D3B4C8A \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
SDT entry 43 (ZwCreateIoCompletion) hooked 8D235B04 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 46 (ZwCreateKey) hooked 8D3B4958 \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
SDT entry 4A (ZwCreateMutant) hooked 8D2358EC \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 54 (ZwCreateSection) hooked 8D3B6520 \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
SDT entry 55 (ZwCreateSemaphore) hooked 8D235940 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 59 (ZwCreateTimer) hooked 8D235AB2 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 64 (ZwDeleteBootEntry) hooked 8D233398 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 67 (ZwDeleteKey) hooked 8D3B4A68 \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
SDT entry 6A (ZwDeleteValueKey) hooked 8D3B4B5A \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
SDT entry 83 (ZwFreeVirtualMemory) hooked 8CEAB368 \SystemRoot\System32\Drivers\aswSP.SYS!
SDT entry 9B (ZwLoadDriver) hooked 8D3B5780 \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
SDT entry A9 (ZwModifyBootEntry) hooked 8D2333BC \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry AC (ZwNotifyChangeKey) hooked 8D235EFC \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry AD (ZwNotifyChangeMultipleKeys) hooked 8D233E54 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry B1 (ZwOpenEvent) hooked 8D2359C6 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry B2 (ZwOpenEventPair) hooked 8D235A16 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry B3 (ZwOpenFile) hooked 8D3B4F9C \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
SDT entry B4 (ZwOpenIoCompletion) hooked 8D235B2E \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry BB (ZwOpenMutant) hooked 8D235918 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry C2 (ZwOpenSection) hooked 8D235A7E \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry C3 (ZwOpenSemaphore) hooked 8D23596E \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry C9 (ZwOpenTimer) hooked 8D235ADC \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry D7 (ZwProtectVirtualMemory) hooked 8CEAB400 \SystemRoot\System32\Drivers\aswSP.SYS!
SDT entry F8 (ZwQueryObject) hooked 8D233D1A \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 13A (ZwSetBootEntryOrder) hooked 8D2333E0 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 13B (ZwSetBootOptions) hooked 8D233404 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 149 (ZwSetInformationFile) hooked 8D3B50D2 \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
SDT entry 15E (ZwSetSystemInformation) hooked 8D2331BC \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 15F (ZwSetSystemPowerState) hooked 8D2332F8 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 166 (ZwSetValueKey) hooked 8D3B477E \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
SDT entry 168 (ZwShutdownSystem) hooked 8D2332D4 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 170 (ZwSystemDebugControl) hooked 8D23331C \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 172 (ZwTerminateProcess) hooked 8D3B56C8 \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
SDT entry 182 (ZwVdmControl) hooked 8D233428 \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 18C (ZwWriteFile) hooked 8D3B52BC \??\C:\windows\system32\drivers\sp_rsdrv2.sys!
KPRCB[0].WorkerRoutine: 830DB4C3 \SystemRoot\system32\ntkrnlpa.exe
KPRCB[1].WorkerRoutine: 830C676C \SystemRoot\system32\ntkrnlpa.exe
ObType TpWorkerFactory:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 832B8EB2 \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 830F996B \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Directory:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 832B524A \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 00000000
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Mutant:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 830F2EC6 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Thread:
DumpProcedure: 00000000
OpenProcedure: 83299891 \SystemRoot\system32\ntkrnlpa.exe
CloseProcedure: 00000000
DeleteProcedure: 83280D8C \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType FilterCommunicationPort:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 883B051A \SystemRoot\system32\drivers\fltmgr.sys
DeleteProcedure: 883AFFC8 \SystemRoot\system32\drivers\fltmgr.sys
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType TmTx:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 8320ABDF \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 83230FE2 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Controller:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 00000000
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType EtwRegistration:
DumpProcedure: 00000000
OpenProcedure: 832B8B73 \SystemRoot\system32\ntkrnlpa.exe
CloseProcedure: 83299E84 \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 83299D6F \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Profile:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 833417DA \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Event:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 00000000
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Type:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 00000000
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Section:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 83269340 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType EventPair:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 00000000
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType SymbolicLink:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 8323F3C8 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 83259551 \SystemRoot\system32\ntkrnlpa.exe
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Desktop:
DumpProcedure: 00000000
OpenProcedure: 832BC15A \SystemRoot\system32\ntkrnlpa.exe
CloseProcedure: 832B5B38 \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 831DE6AF \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 832B5AB9 \SystemRoot\system32\ntkrnlpa.exe
ObType UserApcReserve:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 00000000
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType EtwConsumer:
DumpProcedure: 00000000
OpenProcedure: 832B8B73 \SystemRoot\system32\ntkrnlpa.exe
CloseProcedure: 832D0E76 \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 832D0DB1 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Timer:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 8305EF94 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType File:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 83293BAF \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 83279CBB \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 832C1FE0 \SystemRoot\system32\ntkrnlpa.exe
SecurityProcedure: 8329841D \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 832A5E11 \SystemRoot\system32\ntkrnlpa.exe
OkayToCloseProcedure: 00000000
ObType WindowStation:
DumpProcedure: 00000000
OpenProcedure: 832BC15A \SystemRoot\system32\ntkrnlpa.exe
CloseProcedure: 832B5B38 \SystemRoot\system32\ntkrnlpa.exe

DeleteProcedure: 831DE6AF \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 832BC1DE \SystemRoot\system32\ntkrnlpa.exe
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 832B5AB9 \SystemRoot\system32\ntkrnlpa.exe
ObType PcwObject:
DumpProcedure: 00000000
OpenProcedure: 8867DC70 \SystemRoot\System32\drivers\pcw.sys
CloseProcedure: 8867DC8A \SystemRoot\System32\drivers\pcw.sys
DeleteProcedure: 8867DCAC \SystemRoot\System32\drivers\pcw.sys
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType TmEn:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 8320AAE2 \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 8320AB19 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Driver:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 832F34DF \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType WmiGuid:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 8305ACBB \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 83225EE8 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType KeyedEvent:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 00000000
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Device:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 831F1C64 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 83277756 \SystemRoot\system32\ntkrnlpa.exe
SecurityProcedure: 8329841D \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Token:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 832B3D66 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType ALPC Port:
DumpProcedure: 00000000
OpenProcedure: 832B8F87 \SystemRoot\system32\ntkrnlpa.exe
CloseProcedure: 832A8E45 \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 832A3514 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType DebugObject:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 832E6FA9 \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 832BE873 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType IoCompletion:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 8329BF1A \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 8329C703 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Process:
DumpProcedure: 00000000
OpenProcedure: 832B7267 \SystemRoot\system32\ntkrnlpa.exe
CloseProcedure: 832A8ECC \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 832A810A \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType TmRm:
DumpProcedure: 00000000
OpenProcedure: 831D498B \SystemRoot\system32\ntkrnlpa.exe
CloseProcedure: 832C4D7A \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 832C4F8A \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Adapter:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 00000000
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType PowerRequest:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 8321A35D \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 00000000
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Key:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 832A4C47 \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 8329500D \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 8326E552 \SystemRoot\system32\ntkrnlpa.exe
SecurityProcedure: 83244142 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 831FF170 \SystemRoot\system32\ntkrnlpa.exe
OkayToCloseProcedure: 00000000
ObType Job:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 8322A801 \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 8322DE96 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Session:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 832C41BE \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType TmTm:
DumpProcedure: 00000000
OpenProcedure: 83200C9F \SystemRoot\system32\ntkrnlpa.exe
CloseProcedure: 83200919 \SystemRoot\system32\ntkrnlpa.exe
DeleteProcedure: 832C6831 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType IoCompletionReserve:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 00000000
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Callback:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 832BE873 \SystemRoot\system32\ntkrnlpa.exe
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType FilterConnectionPort:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 883B054A \SystemRoot\system32\drivers\fltmgr.sys
DeleteProcedure: 883AFFE2 \SystemRoot\system32\drivers\fltmgr.sys
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000
ObType Semaphore:
DumpProcedure: 00000000
OpenProcedure: 00000000
CloseProcedure: 00000000
DeleteProcedure: 00000000
ParseProcedure: 00000000
SecurityProcedure: 832ABD13 \SystemRoot\system32\ntkrnlpa.exe
QueryNameProcedure: 00000000
OkayToCloseProcedure: 00000000

Callbacks:
CB: AfdTdxCallback, total 1:
8D32073A (\SystemRoot\system32\drivers\afd.sys)
CB: IoSessionNotifications, total 0:
CB: ProcessorAdd, total 6:
88245890 (\SystemRoot\system32\DRIVERS\ACPI.sys)
886BB760 (\SystemRoot\system32\drivers\ndis.sys)
8D8A6999 (\SystemRoot\System32\drivers\tcpip.sys)
8330E45D (\SystemRoot\system32\ntkrnlpa.exe)
8CEF12C2 (\SystemRoot\system32\DRIVERS\tunnel.sys)
9E4182C1 (\SystemRoot\system32\drivers\HTTP.sys)
CB: aswKLib, total 1:
8CEC7E1A (\SystemRoot\System32\Drivers\aswSP.SYS)
CB: Phase1InitComplete, total 0:
CB: LLTDCallbackMapper0047000006000000, total 0:
CB: SetSystemState, total 0:
CB: NdisBindUnbind, total 0:
CB: PowerState, total 12:
831CE5DA (\SystemRoot\system32\ntkrnlpa.exe)
831CE5AD (\SystemRoot\system32\ntkrnlpa.exe)
8300CE70 (\SystemRoot\system32\halmacpi.dll)
882362DE (\SystemRoot\system32\DRIVERS\ACPI.sys)
88228B88 (\SystemRoot\system32\DRIVERS\ACPI.sys)
837D069D (\SystemRoot\system32\drivers\Wdf01000.sys)
837D069D (\SystemRoot\system32\drivers\Wdf01000.sys)
837D069D (\SystemRoot\system32\drivers\Wdf01000.sys)
837D069D (\SystemRoot\system32\drivers\Wdf01000.sys)
8CF39BAA (\SystemRoot\system32\DRIVERS\CmBatt.sys)
837D069D (\SystemRoot\system32\drivers\Wdf01000.sys)
8E696BAF (\SystemRoot\System32\drivers\dxgkrnl.sys)
837D069D (\SystemRoot\system32\drivers\Wdf01000.sys)
837D069D (\SystemRoot\system32\drivers\Wdf01000.sys)
8CFA577E (\SystemRoot\system32\DRIVERS\nvsmu.sys)
943BA67C (\SystemRoot\system32\drivers\RTKVHDA.sys)
837D069D (\SystemRoot\system32\drivers\Wdf01000.sys)
837D069D (\SystemRoot\system32\drivers\Wdf01000.sys)
CB: LicensingData, total 0:
CB: EnlightenmentState, total 1:
8312909D (\SystemRoot\system32\ntkrnlpa.exe)
CB: LLTDCallbackRspndr0047000000000000, total 1:
94586DE6 (\SystemRoot\system32\DRIVERS\rspndr.sys)
CB: LLTDCallbackRspndr0047000006000000, total 1:
94586DE6 (\SystemRoot\system32\DRIVERS\rspndr.sys)
CB: LLTDCallbackMapper0006000006000000, total 0:
CB: LLTDCallbackRspndr0006000006000000, total 1:
94586DE6 (\SystemRoot\system32\DRIVERS\rspndr.sys)
CB: TcpConnectionCallbackTemp, total 0:
CB: SetSystemTime, total 0:
CB: LLTDCallbackMapper0047000000000000, total 0:
CB: TcpTimerStarvationCallbackTemp, total 0:
CB: aswKLibInitialized, total 2:
8D9B47C6 (\SystemRoot\System32\Drivers\aswTdi.SYS)
8D9EED48 (\SystemRoot\System32\Drivers\aswRdr.SYS)

bugcheck callbacks - 9:
886C4B96 (\SystemRoot\system32\drivers\ndis.sys)
886C4B96 (\SystemRoot\system32\drivers\ndis.sys)
886C4B96 (\SystemRoot\system32\drivers\ndis.sys)
886C4B96 (\SystemRoot\system32\drivers\ndis.sys)
886C4B96 (\SystemRoot\system32\drivers\ndis.sys)
886C4B96 (\SystemRoot\system32\drivers\ndis.sys)
886C4B96 (\SystemRoot\system32\drivers\ndis.sys)
886C4B96 (\SystemRoot\system32\drivers\ndis.sys)
83010908 (\SystemRoot\system32\halmacpi.dll)

bugcheck reason callbacks - 30:
837D572D (\SystemRoot\system32\drivers\Wdf01000.sys)
837D572D (\SystemRoot\system32\drivers\Wdf01000.sys)
9452C1BE (\SystemRoot\System32\Drivers\crashdmp.sys)
90DA482A (\SystemRoot\system32\DRIVERS\usbhub.sys)
90DA47D5 (\SystemRoot\system32\DRIVERS\usbhub.sys)
837D572D (\SystemRoot\system32\drivers\Wdf01000.sys)
837D572D (\SystemRoot\system32\drivers\Wdf01000.sys)
837D572D (\SystemRoot\system32\drivers\Wdf01000.sys)
8E76C63E (\SystemRoot\system32\DRIVERS\b57nd60x.sys)
8F49D9C0 (\SystemRoot\system32\DRIVERS\nvlddmkm.sys)
8E693470 (\SystemRoot\System32\drivers\dxgkrnl.sys)
837D572D (\SystemRoot\system32\drivers\Wdf01000.sys)
8E62CD79 (\SystemRoot\system32\DRIVERS\USBPORT.SYS)
8E62CE30 (\SystemRoot\system32\DRIVERS\USBPORT.SYS)
8E62CDD6 (\SystemRoot\system32\DRIVERS\USBPORT.SYS)
8CF9A5F5 (\SystemRoot\system32\DRIVERS\mouclass.sys)
837D572D (\SystemRoot\system32\drivers\Wdf01000.sys)
8CF58861 (\SystemRoot\system32\DRIVERS\kbdclass.sys)
8CF458D5 (\SystemRoot\system32\DRIVERS\i8042prt.sys)
837D572D (\SystemRoot\system32\drivers\Wdf01000.sys)
8CE66EEC (\SystemRoot\system32\DRIVERS\mssmbios.sys)
8CE66EA4 (\SystemRoot\system32\DRIVERS\mssmbios.sys)
8CE66E54 (\SystemRoot\system32\DRIVERS\mssmbios.sys)
8CE66E0C (\SystemRoot\system32\DRIVERS\mssmbios.sys)
8D2AE392 (\SystemRoot\System32\drivers\VIDEOPRT.SYS)
885E54FF (\SystemRoot\system32\DRIVERS\CLASSPNP.SYS)
837D572D (\SystemRoot\system32\drivers\Wdf01000.sys)
837D572D (\SystemRoot\system32\drivers\Wdf01000.sys)
837D522A (\SystemRoot\system32\drivers\Wdf01000.sys)
883512A6 (\SystemRoot\system32\DRIVERS\ataport.SYS)

NMI callbacks - 1:

Process notifiers:
[0] 830F436C \SystemRoot\system32\ntkrnlpa.exe
[1] 885A09D8 \SystemRoot\System32\Drivers\ksecdd.sys
[2] 8861ED96 \SystemRoot\System32\Drivers\cng.sys
[3] 836E3DF0 \SystemRoot\system32\CI.dll
[4] 8D23D756 \SystemRoot\System32\Drivers\aswSnx.SYS
[5] 8D8A0733 \SystemRoot\System32\drivers\tcpip.sys

Thread notifiers:
[0] 8D23A2C4 \SystemRoot\System32\Drivers\aswSnx.SYS
[1] 8CEC8224 \SystemRoot\System32\Drivers\aswSP.SYS

Image notifiers:
[0] 832B8833 \SystemRoot\system32\ntkrnlpa.exe
[1] 8D23D2CC \SystemRoot\System32\Drivers\aswSnx.SYS
[2] 8CEC8110 \SystemRoot\System32\Drivers\aswSP.SYS
[3] 8D3B55F6 \??\C:\windows\system32\drivers\sp_rsdrv2.sys

Registry notifiers:
[0] 8CEB3788 \SystemRoot\System32\Drivers\aswSP.SYS
[1] 8D256973 \SystemRoot\System32\Drivers\aswSnx.SYS

FS Change notifiers: 1 (actual 1)
DriverObj 85A0EAC0 addr 883ACBDA \SystemRoot\system32\drivers\fltmgr.sys

LogonSessionTerminatedRoutines: 2
[0] 9E4C703E \SystemRoot\system32\DRIVERS\mrxsmb.sys
[1] 81F3B9D9 \SystemRoot\system32\drivers\luafv.sys

Callouts (18):
PspW32ProcessCallout: 95FCE8DA \SystemRoot\System32\win32k.sys
PspW32ThreadCallout: 95FCEA6C \SystemRoot\System32\win32k.sys
ExGlobalAtomTableCallout: 95F75C24 \SystemRoot\System32\win32k.sys
PopEventCallout: 95FED040 \SystemRoot\System32\win32k.sys
PopStateCallout: 95FEB90F \SystemRoot\System32\win32k.sys
PopWin32InfoCallout: 95F49FAC \SystemRoot\System32\win32k.sys
PspW32JobCallout: 95F6C08F \SystemRoot\System32\win32k.sys
KeGdiFlushUserBatch: 95FAF9E4 \SystemRoot\System32\win32k.sys
ExDesktopOpenProcedureCallout: 95FCC108 \SystemRoot\System32\win32k.sys
ExDesktopOkToCloseProcedureCallout: 95FD10F4 \SystemRoot\System32\win32k.sys
ExDesktopCloseProcedureCallout: 95FD1083 \SystemRoot\System32\win32k.sys
ExDesktopDeleteProcedureCallout: 95F1D47B \SystemRoot\System32\win32k.sys
ExWindowStationOkToCloseProcedureCallout: 95FCEB9C \SystemRoot\System32\win32k.sys
ExWindowStationCloseProcedureCallout: 95FCEB25 \SystemRoot\System32\win32k.sys
ExWindowStationDeleteProcedureCallout: 95FE555F \SystemRoot\System32\win32k.sys
ExWindowStationParseProcedureCallout: 95FD4DE8 \SystemRoot\System32\win32k.sys
ExWindowStationOpenProcedureCallout: 95FD4EA4 \SystemRoot\System32\win32k.sys
ExLicensingWin32Callout: 96065837 \SystemRoot\System32\win32k.sys
FltMgrCallbacks: 8839FB3C \SystemRoot\system32\drivers\fltmgr.sys
FsRtlpMupCalls: 887F3068 \SystemRoot\System32\Drivers\mup.sys
ExpDisQueryAttributeInformation 8CE70A72 \SystemRoot\System32\drivers\discache.sys
ExpDisSetAttributeInformation 8CE70EE2 \SystemRoot\System32\drivers\discache.sys

Pnp Notifiers: total 25, readed 25
Pnp[0] CategoryHardwareProfileChange {9D369674-295C-4AEF-BA89-7285F57A5106} addr 8F52C010 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
Pnp[1] CategoryHardwareProfileChange DEVINTERFACE_HID addr 831C54D0 \SystemRoot\system32\ntkrnlpa.exe
Pnp[2] CategoryHardwareProfileChange DEVICE_THERMAL_ZONE addr 831C54D0 \SystemRoot\system32\ntkrnlpa.exe
Pnp[3] CategoryHardwareProfileChange DEVINTERFACE_HID addr 95F0B547 \SystemRoot\System32\win32k.sys
Pnp[4] CategoryHardwareProfileChange DEVINTERFACE_MT_TRANSPORT addr 90C9893A \SystemRoot\system32\DRIVERS\CompositeBus.sys
Pnp[5] CategoryHardwareProfileChange DEVICE_SYS_BUTTON addr 831C54D0 \SystemRoot\system32\ntkrnlpa.exe
Pnp[6] CategoryHardwareProfileChange DEVICE_MEMORY addr 831C54D0 \SystemRoot\system32\ntkrnlpa.exe
Pnp[7] CategoryHardwareProfileChange DEVINTERFACE_MT_COMPOSITE addr 90C9893A \SystemRoot\system32\DRIVERS\CompositeBus.sys
Pnp[8] CategoryHardwareProfileChange DEVINTERFACE_HIDDEN_VOLUME addr 882DD3E0 \SystemRoot\system32\DRIVERS\volmgr.sys
Pnp[9] CategoryHardwareProfileChange DEVINTERFACE_MOUSE addr 8CF6E7F2 \SystemRoot\system32\DRIVERS\SynTP.sys
Pnp[10] CategoryHardwareProfileChange DEVINTERFACE_MONITOR_DRIVER addr 8E6CA1AA \SystemRoot\System32\drivers\dxgkrnl.sys
Pnp[11] CategoryHardwareProfileChange DEVINTERFACE_MOUSE addr 95F0B547 \SystemRoot\System32\win32k.sys
Pnp[12] CategoryHardwareProfileChange DEVINTERFACE_CDROM addr 95F0BCCC \SystemRoot\System32\win32k.sys
Pnp[13] CategoryHardwareProfileChange {8AD261ED-6AEC-4B95-B844-552766D76EF9} addr 8F597B50 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
Pnp[14] CategoryHardwareProfileChange DEVICE_PROCESSOR addr 8825753A \SystemRoot\system32\DRIVERS\ACPI.sys
Pnp[15] CategoryHardwareProfileChange DEVICE_PROCESSOR addr 8825753A \SystemRoot\system32\DRIVERS\ACPI.sys
Pnp[16] CategoryHardwareProfileChange DEVINTERFACE_BUSENUM_VWIFI addr 8D801A36 \SystemRoot\system32\DRIVERS\vwififlt.sys
Pnp[17] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr 882DD3E0 \SystemRoot\system32\DRIVERS\volmgr.sys
Pnp[18] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr 88341216 \SystemRoot\System32\drivers\mountmgr.sys
Pnp[19] CategoryHardwareProfileChange DEVINTERFACE_KEYBOARD addr 8CF6E15A \SystemRoot\system32\DRIVERS\SynTP.sys
Pnp[20] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr 887D7D42 \SystemRoot\system32\DRIVERS\volsnap.sys
Pnp[21] CategoryHardwareProfileChange DEVINTERFACE_KEYBOARD addr 95F0B547 \SystemRoot\System32\win32k.sys
Pnp[22] CategoryHardwareProfileChange DEVCLASS_BATTERY addr 831C54D0 \SystemRoot\system32\ntkrnlpa.exe
Pnp[23] CategoryHardwareProfileChange VOLMGR_VOLUME_MANAGER addr 882B9D86 \SystemRoot\System32\drivers\partmgr.sys
Pnp[24] CategoryHardwareProfileChange DEVCLASS_BATTERY addr 882C3664 \SystemRoot\system32\DRIVERS\compbatt.sys

Driver atapi DrvObj 84D00510:
DriverUnload patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 88364DE6
AddDevice patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 88367750
Handler MJ_CREATE patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 883698C4
Handler MJ_CLOSE patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 883698C4
Handler MJ_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 8835547C
Handler MJ_INTERNAL_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 8835544E
Handler MJ_POWER patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 883554AA
Handler MJ_SYSTEM_CONTROL patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 88364DB2
Handler MJ_PNP patched by \SystemRoot\system32\DRIVERS\ataport.SYS, addr 88364D7E

Driver Disk DrvObj 85A96C38:
DriverUnload patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885EF92B
AddDevice patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885ED603
Handler MJ_CREATE patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885D839F
Handler MJ_CLOSE patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885D839F
Handler MJ_READ patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885D839F
Handler MJ_WRITE patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885D839F
Handler MJ_FLUSH_BUFFERS patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885D839F
Handler MJ_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885D839F
Handler MJ_INTERNAL_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885D839F
Handler MJ_SHUTDOWN patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885D839F
Handler MJ_POWER patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885D839F
Handler MJ_SYSTEM_CONTROL patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885D839F
Handler MJ_PNP patched by \SystemRoot\system32\DRIVERS\CLASSPNP.SYS, addr 885D839F

Driver usbehci DrvObj 85ECA488:
DriverUnload patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 8E62CB31
AddDevice patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 8E6227C0
Handler MJ_CREATE patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 8E60E63B
Handler MJ_CLOSE patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 8E60E63B
Handler MJ_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 8E60E63B
Handler MJ_INTERNAL_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 8E60E63B
Handler MJ_POWER patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 8E60E63B
Handler MJ_SYSTEM_CONTROL patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 8E60E63B
Handler MJ_PNP patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr 8E61A455

Shadow SDT: 96105000, limit 339
Patched NtUserSwitchDesktop by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserRegisterRawInputDevices by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtGdiMaskBlt by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserCallHwndParamLock by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtGdiGetPixel by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserBuildNameList by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserDestroyWindow by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSetWindowsHookEx by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserOpenDesktop by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtGdiOpenDCW by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSetWinEventHook by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtGdiDeleteObjectApp by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtGdiAlphaBlend by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSystemParametersInfo by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSetProcessDPIAware + 3223 by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserGetClipboardData by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtGdiPlgBlt by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSetClipboardViewer by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtGdiTransparentBlt by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserBlockInput by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSendInput by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtGdiStretchBlt by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSetSysColors by \SystemRoot\System32\Drivers\aswSnx.SYS
Driver C:\windows\system32\win32k.sys!.text has 72 patched bytes !

Driver MRxSmb DrvObj 87B4A6E0:
FastIOHandler FastIoCheckIfPossible patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 8CE42B44
FastIOHandler FastIoRead patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 8CE42FE7
FastIOHandler FastIoWrite patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 8CE4ACD5
FastIOHandler FastIoDeviceControl patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 8CE24A98
FastIOHandler AcquireForModWrite patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 8CE280C9
FastIOHandler ReleaseForModWrite patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 8CE28193
FastIOHandler AcquireForCcFlush patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 8CE20018
FastIOHandler ReleaseForCcFlush patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 8CE20018
FS_FILTER_CALLBACKS PreAcquireForSectionSynchronization patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 8CE430A0
FS_FILTER_CALLBACKS PreReleaseForSectionSynchronization patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr 8CE431AA
Driver C:\windows\system32\drivers\peauth.sys!.text has 38 patched bytes !
Driver C:\windows\system32\drivers\peauth.sys!PAGE has 182 patched bytes !

Driver peauth DrvObj 9966EC50:
Handler MJ_CREATE patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_CREATE_NAMED_PIPE patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_CLOSE patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_READ patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_WRITE patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_QUERY_INFORMATION patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_SET_INFORMATION patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_QUERY_EA patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_SET_EA patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_FLUSH_BUFFERS patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_QUERY_VOLUME_INFORMATION patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_SET_VOLUME_INFORMATION patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_DIRECTORY_CONTROL patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_FILE_SYSTEM_CONTROL patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_DEVICE_CONTROL patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_INTERNAL_DEVICE_CONTROL patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_SHUTDOWN patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_LOCK_CONTROL patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_CLEANUP patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_CREATE_MAILSLOT patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_QUERY_SECURITY patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_SET_SECURITY patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_POWER patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A4BE8
Handler MJ_SYSTEM_CONTROL patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A4BE8
Handler MJ_DEVICE_CHANGE patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_QUERY_QUOTA patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_SET_QUOTA patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A49C0
Handler MJ_PNP patched by \SystemRoot\system32\drivers\Wdf01000.sys, addr 837A4BE8
ks count: 0
gKsecpBCryptExtension: 88669180 \SystemRoot\System32\Drivers\cng.sys
gKsecpSslExtension: 8866920C \SystemRoot\System32\Drivers\cng.sys
RtlpStartThreadFunc: C:\windows\system32\kernel32.dll (76E69DD5)
RtlpExitThreadFunc: C:\windows\system32\kernel32.dll (76E69DC1)
RtlpUnhandledExceptionFilter: C:\windows\system32\kernel32.dll (76E22B35)
LdrpManifestProberRoutine: C:\windows\system32\kernel32.dll (76E1172A)
LdrpCreateActCtxLanguage: C:\windows\system32\kernel32.dll (76E57074)
LdrpReleaseActCtx: C:\windows\system32\kernel32.dll (76E091BD)
Patched LdrUnloadDll by C:\Program Files\AVAST Software\Avast\snxhk.dll
Patched LdrLoadDll by C:\Program Files\AVAST Software\Avast\snxhk.dll
Module C:\windows\SYSTEM32\ntdll.dll!.text has A patched bytes !
UnhandledExceptionFilter: C:\webchceck\wincheck.exe (00DBEECD)
ConsoleCtrlHandler: C:\windows\system32\kernel32.dll (76E6D2E5)
Patched GetBinaryTypeW + 70
Module C:\windows\system32\kernel32.dll!.text has 1 patched bytes !
Patched SetServiceObjectSecurity by C:\Program Files\AVAST Software\Avast\snxhk.dll
Patched ChangeServiceConfigA by C:\Program Files\AVAST Software\Avast\snxhk.dll
Patched ChangeServiceConfigW by C:\Program Files\AVAST Software\Avast\snxhk.dll
Patched ChangeServiceConfig2A by C:\Program Files\AVAST Software\Avast\snxhk.dll
Patched ChangeServiceConfig2W by C:\Program Files\AVAST Software\Avast\snxhk.dll
Patched CreateServiceA by C:\Program Files\AVAST Software\Avast\snxhk.dll
Patched CreateServiceW by C:\Program Files\AVAST Software\Avast\snxhk.dll
Patched DeleteService by C:\Program Files\AVAST Software\Avast\snxhk.dll
Module C:\windows\SYSTEM32\sechost.dll!.text has 28 patched bytes !
Check took 2303 msecs

takze ten xuetr je to cos potreboval? jo dala jsem view modules a pak klila na prvni radek v tabulce a dala export display...

takze ted jsem spustila OTL ( ktere jsem predtim prerusila kdyz jsem dostavala na holou ) .a ž to doběží pošlu vysledky

hahaha...i ty chlípný muži.....
to OTL vypadá nekonečněěě....

stejně nechapu co z toho muzes vydedukovat..

pche..jen co vyslovím slovo Nekonečně...tak to skončí:D tady jsou vysledky:

OTL logfile created on: 13.1.2012 19:48:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xp\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 46,63% Memory free
3,50 Gb Paging File | 2,22 Gb Available in Paging File | 63,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187,67 Gb Total Space | 87,09 Gb Free Space | 46,41% Space Free | Partition Type: NTFS
Drive D: | 30,27 Gb Total Space | 29,30 Gb Free Space | 96,80% Space Free | Partition Type: NTFS

Computer Name: XP-PC | User Name: xp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.01.13 18:24:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xp\Downloads\OTL.exe
PRC - [2012.01.10 05:02:00 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.31 12:56:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.17 19:29:26 | 000,901,800 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.10.25 17:54:46 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.08.10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.01.17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.11.02 16:39:32 | 003,122,440 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2009.07.15 15:29:54 | 004,081,480 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.07.08 20:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
PRC - [2009.06.25 10:46:08 | 005,064,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008.01.16 11:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011.12.31 12:56:34 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.11.22 16:41:39 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.22 16:34:12 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.11.02 16:39:31 | 001,410,312 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
MOD - [2009.11.02 16:39:31 | 000,492,808 | ---- | M] () -- C:\Program Files\Lenovo\VeriFace\ChooseLang.dll
MOD - [2009.11.02 16:39:28 | 000,513,288 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll
MOD - [2009.07.01 19:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2008.12.20 04:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.12.20 04:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.01.10 05:02:00 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.08.10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.08 20:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2008.01.16 11:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009.08.11 09:45:48 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.08.10 09:21:00 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.29 16:13:36 | 001,182,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009.07.21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009.07.17 04:29:26 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009.05.19 14:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.08.06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngineName: "Google"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011.11.23 15:37:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.22 15:58:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2012.01.10 18:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.31 12:56:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.11.23 16:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xp\AppData\Roaming\Mozilla\Extensions
[2012.01.11 14:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions
[2012.01.11 14:52:52 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.11.23 16:01:11 | 000,000,000 | ---D | M] (Centrum.cz nastavenĂ) -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.11.23 16:01:10 | 000,000,000 | ---D | M] (Centrum doménový pomocník) -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz
[2011.11.23 16:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.23 16:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011.11.23 16:00:22 | 000,000,000 | ---D | M] (Centrum.cz nastavenĂ) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.11.23 16:00:23 | 000,000,000 | ---D | M] (Centrum doménový pomocník) -- C:\Program Files\Mozilla Firefox\distribution\extensions\centrumpomocnik@centrum.cz
() (No name found) -- C:\USERS\XP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UNM5XTBQ.DEFAULT\EXTENSIONS\EXTENSION@FIREFOX.COM.XPI
[2011.12.31 12:56:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011.11.05 05:51:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Pandora tv Toolbar = C:\Users\xp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.13.2.0_0\
CHR - Extension: uTorrentBar = C:\Users\xp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.0.15_0\
CHR - Extension: SiteAdvisor = C:\Users\xp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: avast! WebRep = C:\Users\xp\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\..\Toolbar\WebBrowser: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\xp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll ()
O9 - Extra 'Tools' menuitem : Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll ()
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.2.254 10.0.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F1D5242-5211-45E3-AF62-548102BBA985}: DhcpNameServer = 10.0.2.254 10.0.3.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2012.01.13 19:45:07 | 000,000,000 | ---D | C] -- C:\webchceck
[2012.01.13 18:36:14 | 000,000,000 | ---D | C] -- C:\ZHP
[2012.01.13 18:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2012.01.13 18:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2012.01.13 17:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.01.13 17:00:33 | 000,000,000 | ---D | C] -- C:\rsit
[2012.01.13 16:50:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.10 21:35:03 | 000,000,000 | ---D | C] -- C:\Users\xp\AppData\Roaming\Malwarebytes
[2012.01.10 21:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.10 18:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.10 18:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler lišta
[2012.01.10 18:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2012.01.10 18:00:19 | 000,000,000 | ---D | C] -- C:\Users\xp\AppData\Roaming\Spyware Terminator
[2012.01.10 18:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.01.10 18:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.01.10 17:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.11.27 22:03:02 | 039,938,968 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\AdbeRdr1010_cs_CZ(1).exe
[2011.11.22 14:53:40 | 015,160,720 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.01.13 19:51:05 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.01.13 19:16:02 | 000,000,270 | ---- | M] () -- C:\windows\tasks\Check Updates for Windows Live Toolbar.job
[2012.01.13 19:16:01 | 000,000,932 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.13 19:01:27 | 000,015,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 19:01:27 | 000,015,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 18:42:55 | 000,504,573 | ---- | M] () -- C:\webchceck.zip
[2012.01.13 18:35:58 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012.01.13 18:35:58 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012.01.13 18:35:58 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012.01.13 16:46:33 | 000,672,622 | ---- | M] () -- C:\windows\System32\perfh005.dat
[2012.01.13 16:46:33 | 000,656,802 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.01.13 16:46:33 | 000,137,522 | ---- | M] () -- C:\windows\System32\perfc005.dat
[2012.01.13 16:46:33 | 000,121,934 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.01.13 16:38:51 | 000,000,928 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.13 16:38:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.01.13 16:38:07 | 1407,995,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.11 17:21:37 | 000,038,725 | ---- | M] () -- C:\Users\xp\Desktop\Apartheid.odt
[2012.01.10 18:59:10 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.10 18:00:07 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.01.09 23:05:51 | 000,064,292 | ---- | M] () -- C:\Users\xp\Desktop\399844_2633844213573_1479464094_32486625_1295529392_n.jpg
[2012.01.09 18:47:18 | 000,035,417 | ---- | M] () -- C:\Users\xp\Desktop\2.sv.v čsr.odt
[2012.01.08 17:01:13 | 000,265,330 | ---- | M] () -- C:\Users\xp\Desktop\guitar~12.gif
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.13 18:42:53 | 000,504,573 | ---- | C] () -- C:\webchceck.zip
[2012.01.13 18:35:58 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012.01.13 18:35:58 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012.01.13 18:35:58 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012.01.10 18:59:09 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.10 18:00:20 | 000,032,768 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys
[2012.01.10 18:00:07 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.01.09 23:05:47 | 000,064,292 | ---- | C] () -- C:\Users\xp\Desktop\399844_2633844213573_1479464094_32486625_1295529392_n.jpg
[2012.01.08 17:01:08 | 000,265,330 | ---- | C] () -- C:\Users\xp\Desktop\guitar~12.gif
[2011.12.07 17:09:32 | 000,000,156 | ---- | C] () -- C:\windows\ae_mini.INI
[2011.11.27 21:47:31 | 015,542,872 | ---- | C] () -- C:\Program Files\AdbeRdr1010_cs_CZ.exe
[2011.11.22 16:57:31 | 000,348,160 | ---- | C] () -- C:\Program Files\directx_Jun2010_redist.exe
[2011.11.22 14:56:43 | 061,657,056 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2011.11.22 14:56:38 | 135,681,640 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install_cs.exe
[2011.01.18 18:12:48 | 002,988,544 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011.01.18 18:11:20 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011.01.18 18:09:44 | 124,855,613 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011.01.18 17:18:16 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2009.11.02 23:49:20 | 000,672,622 | ---- | C] () -- C:\windows\System32\perfh005.dat
[2009.11.02 23:49:20 | 000,292,004 | ---- | C] () -- C:\windows\System32\perfi005.dat
[2009.11.02 23:49:20 | 000,137,522 | ---- | C] () -- C:\windows\System32\perfc005.dat
[2009.11.02 23:49:20 | 000,036,232 | ---- | C] () -- C:\windows\System32\perfd005.dat
[2009.11.02 16:39:40 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2009.11.02 16:39:40 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2009.11.02 16:39:40 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2009.11.02 16:39:39 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2009.11.02 16:39:39 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2009.11.02 16:39:21 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2009.11.02 16:26:01 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 05:33:53 | 000,451,072 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,656,802 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,121,934 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008.10.28 15:14:10 | 000,362,029 | ---- | C] () -- C:\windows\System32\sqlite3.dll

========== LOP Check ==========

[2011.11.22 16:37:22 | 000,000,000 | ---D | M] -- C:\Users\xp\AppData\Roaming\OpenOffice.org
[2012.01.10 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\xp\AppData\Roaming\Spyware Terminator
[2012.01.10 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\xp\AppData\Roaming\uTorrent
[2011.12.26 18:19:07 | 000,000,000 | ---D | M] -- C:\Users\xp\AppData\Roaming\Zoner
[2012.01.13 19:16:02 | 000,000,270 | ---- | M] () -- C:\windows\Tasks\Check Updates for Windows Live Toolbar.job
[2009.07.14 05:53:46 | 000,023,018 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

ok,tady to je

OTL logfile created on: 13.1.2012 20:28:50 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xp\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 45,84% Memory free
3,50 Gb Paging File | 1,97 Gb Available in Paging File | 56,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187,67 Gb Total Space | 87,09 Gb Free Space | 46,41% Space Free | Partition Type: NTFS
Drive D: | 30,27 Gb Total Space | 29,30 Gb Free Space | 96,80% Space Free | Partition Type: NTFS

Computer Name: XP-PC | User Name: xp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.01.13 18:24:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xp\Downloads\OTL.exe
PRC - [2012.01.10 05:02:00 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.31 12:56:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.17 19:29:26 | 000,901,800 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.10.25 17:54:46 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011.09.20 04:21:40 | 007,012,952 | ---- | M] (Pandora.TV) -- C:\Program Files\The KMPlayer\KMPlayer.exe
PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.08.10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.01.17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.11.02 16:39:32 | 003,122,440 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2009.07.15 15:29:54 | 004,081,480 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.07.08 20:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
PRC - [2009.06.25 10:46:08 | 005,064,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008.01.16 11:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011.12.31 12:56:34 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.11.22 16:41:39 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.22 16:34:12 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.08.29 10:13:56 | 004,503,865 | ---- | M] () -- C:\Program Files\The KMPlayer\libcodec.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.11.02 16:39:31 | 001,410,312 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
MOD - [2009.11.02 16:39:31 | 000,492,808 | ---- | M] () -- C:\Program Files\Lenovo\VeriFace\ChooseLang.dll
MOD - [2009.11.02 16:39:28 | 000,513,288 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll
MOD - [2009.07.01 19:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2008.12.20 04:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.12.20 04:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll
MOD - [2008.12.05 08:42:30 | 000,123,036 | ---- | M] () -- C:\Program Files\The KMPlayer\libmad.dll
MOD - [2008.07.14 03:31:44 | 000,431,616 | ---- | M] () -- C:\Program Files\The KMPlayer\libmplay.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.01.10 05:02:00 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.08.10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.08 20:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2008.01.16 11:26:38 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009.08.11 09:45:48 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.08.10 09:21:00 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.29 16:13:36 | 001,182,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009.07.21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009.07.17 04:29:26 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009.05.19 14:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.08.06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngineName: "Google"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011.11.23 15:37:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.22 15:58:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2012.01.10 18:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.31 12:56:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.11.23 16:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xp\AppData\Roaming\Mozilla\Extensions
[2012.01.11 14:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions
[2012.01.11 14:52:52 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.11.23 16:01:11 | 000,000,000 | ---D | M] (Centrum.cz nastavenĂ) -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.11.23 16:01:10 | 000,000,000 | ---D | M] (Centrum doménový pomocník) -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz
[2011.11.23 16:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.23 16:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011.11.23 16:00:22 | 000,000,000 | ---D | M] (Centrum.cz nastavenĂ) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.11.23 16:00:23 | 000,000,000 | ---D | M] (Centrum doménový pomocník) -- C:\Program Files\Mozilla Firefox\distribution\extensions\centrumpomocnik@centrum.cz
() (No name found) -- C:\USERS\XP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UNM5XTBQ.DEFAULT\EXTENSIONS\EXTENSION@FIREFOX.COM.XPI
[2011.12.31 12:56:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011.11.05 05:51:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Pandora tv Toolbar = C:\Users\xp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.13.2.0_0\
CHR - Extension: uTorrentBar = C:\Users\xp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.0.15_0\
CHR - Extension: SiteAdvisor = C:\Users\xp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: avast! WebRep = C:\Users\xp\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2916264042-1160319529-460798846-1003\..\Toolbar\WebBrowser: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\xp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll ()
O9 - Extra 'Tools' menuitem : Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll ()
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.2.254 10.0.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F1D5242-5211-45E3-AF62-548102BBA985}: DhcpNameServer = 10.0.2.254 10.0.3.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2012.01.13 19:45:07 | 000,000,000 | ---D | C] -- C:\webchceck
[2012.01.13 18:36:14 | 000,000,000 | ---D | C] -- C:\ZHP
[2012.01.13 18:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2012.01.13 18:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2012.01.13 17:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.01.13 17:00:33 | 000,000,000 | ---D | C] -- C:\rsit
[2012.01.13 16:50:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.10 21:35:03 | 000,000,000 | ---D | C] -- C:\Users\xp\AppData\Roaming\Malwarebytes
[2012.01.10 21:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.10 18:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.10 18:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler lišta
[2012.01.10 18:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2012.01.10 18:00:19 | 000,000,000 | ---D | C] -- C:\Users\xp\AppData\Roaming\Spyware Terminator
[2012.01.10 18:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.01.10 18:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.01.10 17:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.11.27 22:03:02 | 039,938,968 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\AdbeRdr1010_cs_CZ(1).exe
[2011.11.22 14:53:40 | 015,160,720 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.01.13 20:21:19 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.01.13 20:16:01 | 000,000,932 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.13 20:16:01 | 000,000,270 | ---- | M] () -- C:\windows\tasks\Check Updates for Windows Live Toolbar.job
[2012.01.13 19:01:27 | 000,015,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 19:01:27 | 000,015,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 18:42:55 | 000,504,573 | ---- | M] () -- C:\webchceck.zip
[2012.01.13 18:35:58 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012.01.13 18:35:58 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012.01.13 18:35:58 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012.01.13 16:46:33 | 000,672,622 | ---- | M] () -- C:\windows\System32\perfh005.dat
[2012.01.13 16:46:33 | 000,656,802 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.01.13 16:46:33 | 000,137,522 | ---- | M] () -- C:\windows\System32\perfc005.dat
[2012.01.13 16:46:33 | 000,121,934 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.01.13 16:38:51 | 000,000,928 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.13 16:38:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.01.13 16:38:07 | 1407,995,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.11 17:21:37 | 000,038,725 | ---- | M] () -- C:\Users\xp\Desktop\Apartheid.odt
[2012.01.10 18:59:10 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.10 18:00:07 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.01.09 23:05:51 | 000,064,292 | ---- | M] () -- C:\Users\xp\Desktop\399844_2633844213573_1479464094_32486625_1295529392_n.jpg
[2012.01.09 18:47:18 | 000,035,417 | ---- | M] () -- C:\Users\xp\Desktop\2.sv.v čsr.odt
[2012.01.08 17:01:13 | 000,265,330 | ---- | M] () -- C:\Users\xp\Desktop\guitar~12.gif
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.13 18:42:53 | 000,504,573 | ---- | C] () -- C:\webchceck.zip
[2012.01.13 18:35:58 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012.01.13 18:35:58 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012.01.13 18:35:58 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012.01.10 18:59:09 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.10 18:00:20 | 000,032,768 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys
[2012.01.10 18:00:07 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.01.09 23:05:47 | 000,064,292 | ---- | C] () -- C:\Users\xp\Desktop\399844_2633844213573_1479464094_32486625_1295529392_n.jpg
[2012.01.08 17:01:08 | 000,265,330 | ---- | C] () -- C:\Users\xp\Desktop\guitar~12.gif
[2011.12.07 17:09:32 | 000,000,156 | ---- | C] () -- C:\windows\ae_mini.INI
[2011.11.27 21:47:31 | 015,542,872 | ---- | C] () -- C:\Program Files\AdbeRdr1010_cs_CZ.exe
[2011.11.22 16:57:31 | 000,348,160 | ---- | C] () -- C:\Program Files\directx_Jun2010_redist.exe
[2011.11.22 14:56:43 | 061,657,056 | ---- | C] () -- C:\Program Files\setup_av_free.exe
[2011.11.22 14:56:38 | 135,681,640 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install_cs.exe
[2011.01.18 18:12:48 | 002,988,544 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011.01.18 18:11:20 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011.01.18 18:09:44 | 124,855,613 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011.01.18 17:18:16 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2009.11.02 23:49:20 | 000,672,622 | ---- | C] () -- C:\windows\System32\perfh005.dat
[2009.11.02 23:49:20 | 000,292,004 | ---- | C] () -- C:\windows\System32\perfi005.dat
[2009.11.02 23:49:20 | 000,137,522 | ---- | C] () -- C:\windows\System32\perfc005.dat
[2009.11.02 23:49:20 | 000,036,232 | ---- | C] () -- C:\windows\System32\perfd005.dat
[2009.11.02 16:39:40 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2009.11.02 16:39:40 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2009.11.02 16:39:40 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2009.11.02 16:39:39 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2009.11.02 16:39:39 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2009.11.02 16:39:21 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2009.11.02 16:26:01 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 05:33:53 | 000,451,072 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,656,802 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,121,934 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009.07.13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009.07.13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008.10.28 15:14:10 | 000,362,029 | ---- | C] () -- C:\windows\System32\sqlite3.dll

========== LOP Check ==========

[2011.11.22 16:37:22 | 000,000,000 | ---D | M] -- C:\Users\xp\AppData\Roaming\OpenOffice.org
[2012.01.10 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\xp\AppData\Roaming\Spyware Terminator
[2012.01.10 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\xp\AppData\Roaming\uTorrent
[2011.12.26 18:19:07 | 000,000,000 | ---D | M] -- C:\Users\xp\AppData\Roaming\Zoner
[2012.01.13 20:16:01 | 000,000,270 | ---- | M] () -- C:\windows\Tasks\Check Updates for Windows Live Toolbar.job
[2009.07.14 05:53:46 | 000,023,018 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< C:\Program Files\Mozilla Firefox|dll;true;true;true /FP >
[2011.12.31 12:56:35 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll
[2011.11.05 04:20:16 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
[2011.11.05 04:20:15 | 001,998,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\d3dx9_43.dll
[2011.12.31 12:56:34 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\freebl3.dll
[2011.12.31 12:56:34 | 000,097,240 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\libEGL.dll
[2011.12.31 12:56:34 | 000,486,360 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\libGLESv2.dll
[2011.12.31 12:56:34 | 000,015,832 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\mozalloc.dll
[2011.12.31 12:56:34 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
[2011.12.31 12:56:34 | 000,814,040 | ---- | M] (sqlite.org) -- C:\Program Files\Mozilla Firefox\mozsqlite3.dll
[2011.12.31 12:56:35 | 000,043,992 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\mozutils.dll
[2011.12.31 12:56:35 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\msvcm80.dll
[2011.12.31 12:56:35 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\msvcp80.dll
[2011.12.31 12:56:35 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\msvcr80.dll
[2011.12.31 12:56:33 | 000,187,352 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nspr4.dll
[2011.12.31 12:56:33 | 000,646,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nss3.dll
[2011.12.31 12:56:33 | 000,371,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nssckbi.dll
[2011.12.31 12:56:33 | 000,109,528 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nssdbm3.dll
[2011.12.31 12:56:33 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\nssutil3.dll
[2011.12.31 12:56:33 | 000,021,976 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\plc4.dll
[2011.12.31 12:56:33 | 000,020,440 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\plds4.dll
[2011.12.31 12:56:33 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\smime3.dll
[2011.12.31 12:56:33 | 000,170,968 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\softokn3.dll
[2011.12.31 12:56:33 | 000,154,584 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\ssl3.dll
[2011.12.31 12:56:32 | 000,019,928 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\xpcom.dll
[2011.12.31 12:56:32 | 016,096,216 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\xul.dll
[2011.12.31 12:56:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

< C:\Program Files\Mozilla Firefox|exe;true;true;true /FP >
[2011.12.31 12:56:34 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011.12.31 12:56:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011.12.31 12:56:33 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011.12.31 12:56:32 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe
[2011.12.31 12:56:33 | 000,716,216 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe

< C:\Program Files\Mozilla Firefox|xml;true;true;true /FP >
[2011.11.05 04:20:12 | 000,011,263 | ---- | M] () -- C:\Program Files\Mozilla Firefox\blocklist.xml
[2011.11.04 10:01:33 | 000,002,940 | ---- | M] () -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\searchplugins\centrum-cz.xml
[2011.11.04 10:05:21 | 000,002,884 | ---- | M] () -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\searchplugins\stahuj-cz.xml
[2011.11.04 10:02:03 | 000,002,940 | ---- | M] () -- C:\Program Files\Mozilla Firefox\distribution\searchplugins\common\centrum-cz.xml
[2011.11.07 11:34:49 | 000,002,548 | ---- | M] () -- C:\Program Files\Mozilla Firefox\distribution\searchplugins\common\heureka-cz.xml
[2011.11.04 10:05:21 | 000,002,884 | ---- | M] () -- C:\Program Files\Mozilla Firefox\distribution\searchplugins\common\stahuj-cz.xml
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2011.11.05 05:09:59 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011.11.05 05:51:00 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

< C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\*.* /s >
[2012.01.09 22:34:38 | 000,015,655 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\extension@firefox.com.xpi
[2012.01.11 11:53:08 | 000,001,390 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
[2012.01.11 11:53:08 | 000,001,480 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
[2012.01.11 11:53:08 | 000,000,007 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
[2012.01.11 11:53:08 | 000,009,052 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
[2012.01.11 11:53:08 | 000,000,166 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
[2012.01.11 11:53:08 | 000,000,378 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
[2012.01.11 11:53:08 | 000,079,872 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko10.dll
[2012.01.11 11:53:08 | 000,101,376 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
[2012.01.11 11:53:08 | 000,076,288 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
[2012.01.11 11:53:08 | 000,077,312 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
[2012.01.11 11:53:08 | 000,076,800 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
[2012.01.11 11:53:08 | 000,076,800 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
[2012.01.11 11:53:08 | 000,076,800 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
[2012.01.11 11:53:08 | 000,000,530 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
[2012.01.11 11:53:08 | 000,006,634 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
[2012.01.11 11:53:08 | 000,004,322 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
[2012.01.11 11:53:08 | 000,006,595 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
[2012.01.11 11:53:08 | 000,006,139 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
[2012.01.11 11:53:08 | 000,005,288 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
[2012.01.11 11:53:08 | 000,005,289 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
[2012.01.11 11:53:08 | 000,713,115 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
[2012.01.11 11:53:08 | 000,006,169 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
[2012.01.11 11:53:08 | 000,003,618 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
[2012.01.11 11:53:08 | 000,006,277 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
[2012.01.11 11:53:08 | 000,032,603 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Chat.jsm
[2012.01.11 11:53:08 | 000,003,478 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\DataStructures.jsm
[2012.01.11 11:53:08 | 000,005,649 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\EBEncryption.jsm
[2012.01.11 11:53:08 | 000,010,144 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ExternalLibraryLoader.jsm
[2012.01.11 11:53:08 | 000,006,669 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\HTTP.jsm
[2012.01.11 11:53:08 | 000,022,586 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\IO.jsm
[2012.01.11 11:53:08 | 000,003,465 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Log.jsm
[2012.01.11 11:53:08 | 000,604,677 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\MainSingleton.jsm
[2012.01.11 11:53:08 | 000,008,927 | ---- | M] () \Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\MD5.jsm -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\MD5.jsm
[2012.01.11 11:53:08 | 000,173,080 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Notifications.jsm
[2012.01.11 11:53:08 | 000,002,418 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ObserversAndEvents.jsm
[2012.01.11 11:53:08 | 000,008,632 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Prefs.jsm
[2012.01.11 11:53:08 | 000,027,400 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\SearchProtector.jsm
[2012.01.11 11:53:08 | 000,001,243 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\SearchSuggestIO.jsm
[2012.01.11 11:53:08 | 000,000,933 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\String.jsm
[2012.01.11 11:53:08 | 000,005,287 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\TEAEncryption.jsm
[2012.01.11 11:53:08 | 000,002,190 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Timer.jsm
[2012.01.11 11:53:08 | 000,014,857 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Twitter.jsm
[2012.01.11 11:53:08 | 000,008,186 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\URL.jsm
[2012.01.11 11:53:08 | 000,001,348 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Windows.jsm
[2012.01.11 11:53:08 | 000,008,695 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\XML.jsm
[2012.01.11 11:53:08 | 000,000,925 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
[2011.11.15 19:28:08 | 000,000,226 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome.manifest
[2011.11.16 14:18:05 | 000,001,284 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\install.rdf
[2011.11.01 10:51:40 | 000,000,749 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\license.txt
[2011.11.01 10:51:39 | 000,004,536 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\components\centrum-autocomplete.js
[2011.11.01 10:51:40 | 000,000,607 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\defaults\preferences\wips.js
[2011.11.16 14:12:38 | 000,000,813 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\content\button.xul
[2011.11.16 13:36:31 | 000,023,101 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\content\common.js
[2011.11.16 22:08:05 | 000,001,592 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\content\settings.xul
[2011.11.04 14:58:54 | 000,005,980 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\content\toolbar.xul
[2011.11.01 10:51:39 | 000,000,813 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\locale\cs\toolbar.dtd
[2011.11.01 10:51:39 | 000,000,136 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\locale\cs\wips.properties
[2011.11.01 10:51:39 | 000,006,243 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\skin\classic\ext_icon.png
[2011.11.14 11:05:07 | 000,003,402 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\skin\classic\settings.png
[2011.11.14 13:00:57 | 000,000,211 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\chrome\skin\classic\toolbar.css
[2011.11.04 10:01:33 | 000,002,940 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\searchplugins\centrum-cz.xml
[2011.11.04 10:05:21 | 000,002,884 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\searchplugins\stahuj-cz.xml
[2011.08.16 08:42:46 | 000,000,469 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\chrome.manifest
[2011.11.16 20:07:09 | 000,001,073 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\install.rdf
[2011.08.22 13:56:15 | 000,000,101 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\defaults\preferences\prefs.js
[2011.08.16 08:15:47 | 000,000,841 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\chrome\content\contents.rdf
[2011.11.15 19:25:42 | 000,000,513 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\chrome\content\ff-overlay.js
[2011.08.15 06:15:50 | 000,000,539 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\chrome\content\ff-overlay.xul
[2011.11.03 16:32:58 | 000,018,032 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\chrome\content\netError.xhtml
[2011.11.04 13:47:42 | 000,009,476 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\chrome\content\images\centrum_logo.png
[2011.08.16 09:00:34 | 000,003,584 | -HS- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\chrome\content\images\Thumbs.db
[2008.06.20 07:08:14 | 000,001,047 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\chrome\skin\classic\about.css
[2009.07.01 13:55:34 | 000,002,593 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\chrome\skin\classic\chpomocnik.png
[2011.08.15 15:35:11 | 000,000,586 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\chrome\skin\classic\contents.rdf
[2011.11.16 20:08:07 | 000,000,000 | ---- | M] () -- C:\Users\xp\AppData\Roaming\Mozilla\Firefox\Profiles\unm5xtbq.default\extensions\centrumpomocnik@centrum.cz\chrome\skin\classic\overlay.css

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2011.12.31 12:56:34 | 000,924,632 | ---- | M] (Mozilla Corporation) MD5=11CCA710674739E3DB8F7450A5B650B6 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2012.01.05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.) MD5=E5C93E2CF6C7B903799CF99F71286E1A -- C:\Program Files\Google\Chrome\Application\chrome.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins /s >
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Path" = C:\windows\system32\Macromed\Flash\NPSWF32.dll -- [2011.11.22 16:41:39 | 008,527,008 | ---- | M] ()
"ProductName" = Adobe Flash Player 10.1 Plugin
"Vendor" = Adobe Systems Incorporated
"Description" = Adobe® Flash® Player 10.1 Plugin
"Version" = 11.1.102.55
"XPTPath" = C:\windows\system32\Macromed\Flash\flashplayer.xpt -- [2011.11.22 16:41:40 | 000,000,856 | ---- | M] ()
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description" = Adobe Shockwave Player
"Path" = C:\windows\system32\Adobe\Director\np32dsw.dll -- [2011.11.02 10:46:56 | 000,145,920 | ---- | M] (Adobe Systems, Inc.)
"ProductName" = Adobe Shockwave Player
"Vendor" = Adobe Systems Inc.
"Version" = 1163633
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer\MimeTypes]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer\MimeTypes\application/x-director]
"Description" = Adobe Shockwave Movie
"Suffixes" = dir,dcr,dxr
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer\Suffixes]
"dir" =
"dcr" =
"dxr" =
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/SAFFPlugin]
"Path" = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll -- [2011.08.11 10:57:04 | 000,218,992 | ---- | M] (McAfee, Inc.)
"ProductName" = SiteAdvisor Plugin
"Vendor" = McAfee Inc.
"Version" = 3.4
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/SAFFPlugin\MimeTypes]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/SAFFPlugin\MimeTypes\application/mcafee-plugin]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Path" = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll -- [2011.11.22 16:09:44 | 000,239,256 | ---- | M] (Google Inc.)
"Description" = Google Update
"ProductName" = Google Update
"Vendor" = Google Inc.
"Version" = 3
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3\MimeTypes]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3\MimeTypes\application/x-vnd.google.update3webcontrol.3]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Path" = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll -- [2011.11.22 16:09:44 | 000,239,256 | ---- | M] (Google Inc.)
"Description" = Google Update
"ProductName" = Google Update
"Vendor" = Google Inc.
"Version" = 9
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\MimeTypes]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\MimeTypes\application/x-vnd.google.oneclickctrl.9]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Path" = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -- [2012.01.03 14:10:44 | 000,182,672 | ---- | M] (Adobe Systems Inc.)
"Version" = 10.1.2
"Vendor" = Adobe Systems Incorporated. Copyright 1994-2010 All Rights Reserved
"ProductName" = Adobe Reader Plugin for Firefox
"Description" = Handles PDFs in-place in Firefox
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader\MimeTypes]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader\MimeTypes\application/pdf]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.adobe.xdp+xml]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.adobe.xfd+xml]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.adobe.xfdf]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.fdf]
"" =

< hkcu|MozillaPlugins /rs >

< hku|MozillaPlugins /rs >

< hklm|MozillaPlugins /rs >

< End of report >