Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware


  • Please log in to reply
10 replies to this topic

#1 Sniper47

Sniper47

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:05:16 AM

Posted 10 April 2008 - 06:55 PM

Hi there,

I am new to this forum. I ve got a problem with searchportal popup site and some two others(dont know the names,but they are opened right after searchportal).The problem started about 3 weeks ago.Ive downloaded some torrent with azureus(latest).In the begining of the install process,the nightmare started.I am using NOD32 pro for viruses and Lavasoft ad-aware(with adwatch) for spyware/malware and other stuff.Never had this kind of problem,but this is very annoying.I cant even open my email,because these sites are keep opening.Sometimes the sites wont open.Right after the first "attack" Ive tracked them with Ad-aware-as tracking cookies.But this was useless.They are still in my system.Ive tried whole bunch of spybots/spyhunters,but nothing changed---EVEN when under spyhunter was written"use this to remove searchportal".
Today I thought that they are gone,but I started my MP game and this problem is back.
The biggest problem is,that I am not the onlyone using my PC.There is also my mom,and she cant handle it as I can.I need to fix this problem as soon as possible,because I wont be here for 2 months.I have found this forum as my last hope before format C: You guys have better experience with these kind of problems so I count on You.Please help me if possible. Some info about my system:WINDOWS XP SP3, IE7(only browser),NOD32,LAVASOFT Ad-Aware-------> all of them updated.Like I mentioned-I downloading torrent from private trackers with azureus.Nothing else.
PS: Sorry for my Eng. I am still learning.
PS2: Hope to hear from You guys
Cheers :-(((

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:51, on 11. 4. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Outlook Express\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Zoltan Pinces\Plocha\HIJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovaĹĄ do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162209373781
O17 - HKLM\System\CCS\Services\Tcpip\..\{9722A950-EA8F-4CF9-9AAA-B5669AC0C61A}: NameServer = 195.146.132.58 195.146.128.60
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Window Net Dns (MyDNS) - Unknown owner - C:\Program Files\Outlook Express\svchost.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7910 bytes

Edited by Sniper47, 10 April 2008 - 07:19 PM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:16 PM

Posted 10 April 2008 - 08:08 PM

Hello Sniper47 and welcome to the BC HijackThis forum. Let's see what we can find. Please follow the steps below in order.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Sniper47

Sniper47
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:05:16 AM

Posted 10 April 2008 - 09:56 PM

Doing it now,it seems that that OTScan is not responding.Maybe it souds silly,but my antivirus and adwatch are running,and I am connected.Should I disconect and turn off those programs aswell?

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:16 PM

Posted 10 April 2008 - 10:19 PM

Hi Sniper47. Yes, Nod or AdWatch could be blocking it. Either have the programs specifically allow OTScanIt to run or just disable them. Another option would be to run the scan from Safe Mode. In that case, neither should be running.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Sniper47

Sniper47
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:05:16 AM

Posted 11 April 2008 - 04:57 AM

Hi again,

It worked in SAFE mode. Here are the results:

Attached Files



#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:16 PM

Posted 11 April 2008 - 08:27 AM

Hi Sniper47. Ok, let's get started. Follow the steps below in order.

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button (note: you may need to either disable any anti-virus applications or perform this step in Safe Mode).

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YY -> (MyDNS) Window Net Dns [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Outlook Express\svchost.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_09\bin\jusched.exe ["C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> E&xportovat do aplikace Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office10\EXCEL.EXE
YN -> E&xportovať do programu Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe -> C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe [C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\SC4\SCDA-Offline\System\SplinterCell4.exe -> D:\SC4\SCDA-Offline\System\SplinterCell4.exe [D:\SC4\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\NFS Most Wanted\speed.exe -> D:\NFS Most Wanted\speed.exe [D:\NFS Most Wanted\speed.exe:*:Enabled:speed]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe -> D:\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe [D:\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Zoltan Pinces\Plocha\DC\StrongDC.exe -> C:\Documents and Settings\Zoltan Pinces\Plocha\DC\StrongDC.exe [C:\Documents and Settings\Zoltan Pinces\Plocha\DC\StrongDC.exe:*:Enabled:StrongDC++]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Dark Messiah of Might and Magic\Dark Messiah of Might and Magic\mm.exe -> D:\Dark Messiah of Might and Magic\Dark Messiah of Might and Magic\mm.exe [D:\Dark Messiah of Might and Magic\Dark Messiah of Might and Magic\mm.exe:*:Enabled:mm]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Far Cry\Bin32\FarCry.exe -> D:\Far Cry\Bin32\FarCry.exe [D:\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Half-Life 2\hl2.exe -> D:\Half-Life 2\hl2.exe [D:\Half-Life 2\hl2.exe:*:Enabled:hl2]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe -> D:\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe [D:\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe -> D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe [D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe -> D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe [D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe -> C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe [C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Hidden & Dangerous 2\hd2.exe -> D:\Hidden & Dangerous 2\hd2.exe [D:\Hidden & Dangerous 2\hd2.exe:*:Enabled:hd2]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\bhd\dfbhd.exe -> D:\bhd\dfbhd.exe [D:\bhd\dfbhd.exe:*:Enabled:dfbhd]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DiRT\DiRT.exe -> C:\DiRT\DiRT.exe [C:\DiRT\DiRT.exe:*:Enabled:DiRT Executable]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\ssdfsd\hl2.exe -> D:\ssdfsd\hl2.exe [D:\ssdfsd\hl2.exe:*:Enabled:hl2]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\DiRT\DiRT.exe -> D:\DiRT\DiRT.exe [D:\DiRT\DiRT.exe:*:Enabled:DiRT Executable]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\You Are EMPTY\you_are_empty.exe -> D:\You Are EMPTY\you_are_empty.exe [D:\You Are EMPTY\you_are_empty.exe:*:Enabled:ds2main]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Zoltan Pinces\Local Settings\Temp\ElectronicArts_Patcher_000.exe -> C:\Documents and Settings\Zoltan Pinces\Local Settings\Temp\ElectronicArts_Patcher_000.exe [C:\Documents and Settings\Zoltan Pinces\Local Settings\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:Command and Conquer 3 Tiberium Wars™ Launcher]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\bhd\UPDATE.EXE -> D:\bhd\UPDATE.EXE [D:\bhd\UPDATE.EXE:*:Enabled:UPDATE]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\extreme conditions\LostPlanetDx9.exe -> D:\extreme conditions\LostPlanetDx9.exe [D:\extreme conditions\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Medal of Honor Pacific Assault(tm)\mohpa.exe -> D:\Medal of Honor Pacific Assault(tm)\mohpa.exe [D:\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Quake 3\Quake3\quake3.exe -> D:\Quake 3\Quake3\quake3.exe [D:\Quake 3\Quake3\quake3.exe:*:Enabled:quake3]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\QUAKE III\quake3.exe -> D:\QUAKE III\quake3.exe [D:\QUAKE III\quake3.exe:*:Enabled:quake3]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Quake3\quake3.exe -> F:\Quake3\quake3.exe [F:\Quake3\quake3.exe:*:Enabled:quake3]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe -> D:\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe [D:\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe -> C:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe [C:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Zoltan Pinces\Plocha\DC stong\StrongDC.exe -> C:\Documents and Settings\Zoltan Pinces\Plocha\DC stong\StrongDC.exe [C:\Documents and Settings\Zoltan Pinces\Plocha\DC stong\StrongDC.exe:*:Enabled:StrongDC++]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Zoltan Pinces\Local Settings\Temp\OnlineUpdate8\SetupXu.exe -> C:\Documents and Settings\Zoltan Pinces\Local Settings\Temp\OnlineUpdate8\SetupXu.exe [C:\Documents and Settings\Zoltan Pinces\Local Settings\Temp\OnlineUpdate8\SetupXu.exe:*:Enabled:Nero ControlCenter]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DC stong\StrongDC.exe -> C:\DC stong\StrongDC.exe [C:\DC stong\StrongDC.exe:*:Enabled:StrongDC++]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DC Strong++\StrongDC.exe -> C:\DC Strong++\StrongDC.exe [C:\DC Strong++\StrongDC.exe:*:Enabled:StrongDC++]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitnet.exe -> C:\Program Files\Orbitdownloader\orbitnet.exe [C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader]
[Files/Folders - Created Within 30 days]
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new OTScanIt scan report
  • the SUPERAntiSpyware report
  • the latest .log file from the OTScanIt/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Sniper47

Sniper47
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:05:16 AM

Posted 11 April 2008 - 12:29 PM

Hi again, Ive done everything,here are the results:

Superspyware--there were atleast 32 problems:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/11/2008 at 05:33 PM

Application Version : 4.0.1154

Core Rules Database Version : 3436
Trace Rules Database Version: 1428

Scan type : Complete Scan
Total Scan Time : 00:48:17

Memory items scanned : 326
Memory threats detected : 0
Registry items scanned : 6023
Registry threats detected : 29
File items scanned : 92053
File threats detected : 3

Unclassified.Oreans32
HKLM\System\ControlSet002\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet002\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet003\Services\oreans32
HKLM\System\ControlSet003\Enum\Root\LEGACY_oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance


Otis scan after superspyware:

OTScanIt logfile created on: 11. 4. 2008 19:12:15
OTScanIt by OldTimer - Version 1.0.9.0	 Folder = C:\Documents and Settings\Zoltan Pinces\Plocha\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy
 
1022,42 Mb Total Physical Memory | 824,46 Mb Available Physical Memory | 80,64% Memory free
2,40 Gb Paging File | 2,34 Gb Available in Paging File | 97,45% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 12,33 Gb Free Space | 42,11% Space Free | Partition Type: NTFS
Drive D: | 203,58 Gb Total Space | 25,75 Gb Free Space | 12,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HALF-LIFE
Current User Name: Zoltan Pinces
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user

[Processes - Non-Microsoft Only]
otscanit.exe -> %UserProfile%\Plocha\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 4. 4. 2008 12:24:38 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 12, 0, 0 | Size = 106496 bytes | Modified Date = 9. 7. 2007 18:46:50 | Attr =	]
(dmadmin) Služba správy pro Správce logických disků [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14. 11. 2005 2:06:04 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.3.3.0 | Size = 529704 bytes | Modified Date = 28. 2. 2008 18:07:48 | Attr =	]
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset  [Ver = 2, 70, 39  | Size = 552064 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 5. 12. 2007 2:41:00 | Attr =	]
(O&O Defrag) O&O Defrag [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\oodag.exe -> O&O Software GmbH [Ver = 10.0.1634 | Size = 1050120 bytes | Modified Date = 11. 5. 2007 3:09:48 | Attr =	]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 21. 3. 2008 18:59:50 | Attr =	]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe ->  [Ver = 2.0.2119   | Size = 243056 bytes | Modified Date = 15. 10. 2007 21:46:08 | Attr =	]
(StarWindServiceAE) StarWind AE Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> Rocket Division Software [Ver = 3.2.3 Build 20070527 | Size = 275968 bytes | Modified Date = 28. 5. 2007 18:57:54 | Attr =	]

[Driver Services - Non-Microsoft Only]
(AMON) AMON [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\amon.sys -> Eset  [Ver = 2, 70, 39  | Size = 512096 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
(atksgt) atksgt [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\atksgt.sys ->  [Ver =  | Size = 271360 bytes | Modified Date = 9. 9. 2007 12:34:04 | Attr =	]
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 8.22.1.0 built by: WinDDK | Size = 132608 bytes | Modified Date = 17. 3. 2005 10:30:10 | Attr = R  ]
(CnxEtP) Conexant AccessRunner USB ADSL WAN Adapter Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CnxEtP.sys -> Conexant [Ver = 32.099.093.000 | Size = 60288 bytes | Modified Date = 28. 4. 2004 19:47:36 | Attr =	]
(CnxEtU) Conexant AccessRunner USB ADSL Interface Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\CnxEtU.sys -> Conexant [Ver = 32.099.093.000 | Size = 646400 bytes | Modified Date = 28. 4. 2004 19:48:14 | Attr =	]
(CnxTgN) Conexant AccessRunner USB ADSL WAN Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CnxTgN.sys -> Conexant Systems Inc. [Ver = 28072.099.093.000 | Size = 108771 bytes | Modified Date = 29. 4. 2004 8:51:02 | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
(dmio) Ovladač správce logických disků [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153856 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
(GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> E:\INSTALL\GMSIPCI.SYS -> File not found
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 7. 1. 2005 18:07:18 | Attr =	]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.0.5582 built by: WinDDK | Size = 4687872 bytes | Modified Date = 11. 3. 2008 19:54:14 | Attr =	]
(JGOGO) JMicron Hot-Plug Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\JGOGO.sys -> JMicron  [Ver = 5.0.3790.1 | Size = 6912 bytes | Modified Date = 7. 2. 2006 13:52:58 | Attr = R  ]
(JRAID) JRAID [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\jraid.sys -> JMicron Technology Corp. [Ver = 1.06.01.00 built by: WinDDK | Size = 42368 bytes | Modified Date = 2. 4. 2006 7:18:54 | Attr = R  ]
(L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\L8042PR2.SYS -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 51729 bytes | Modified Date = 17. 12. 2003 10:50:00 | Attr =	]
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 25505 bytes | Modified Date = 17. 12. 2003 10:50:00 | Attr =	]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 37887 bytes | Modified Date = 17. 12. 2003 10:50:00 | Attr =	]
(lirsgt) lirsgt [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\lirsgt.sys ->  [Ver =  | Size = 18048 bytes | Modified Date = 9. 9. 2007 12:34:04 | Attr =	]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 70801 bytes | Modified Date = 17. 12. 2003 10:50:00 | Attr =	]
(nod32drv) nod32drv [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\nod32drv.sys ->  [Ver =  | Size = 15424 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 7435392 bytes | Modified Date = 5. 12. 2007 2:41:00 | Attr =	]
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 25. 3. 2008 19:18:13 | Attr =	]
(pfc) Padus ASPI Shell [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 205 | Size = 10368 bytes | Modified Date = 30. 10. 2006 14:13:08 | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 8. 3. 2007 1:51:00 | Attr =	]
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 8944 bytes | Modified Date = 29. 2. 2008 16:03:48 | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16. 2. 2006 16:51:08 | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1050 | Size = 51440 bytes | Modified Date = 29. 2. 2008 16:03:46 | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13. 11. 2007 12:25:52 | Attr =	]
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfdrv01.sys -> Protection Technology (StarForce) [Ver = 1.43 | Size = 51200 bytes | Modified Date = 26. 3. 2006 14:22:14 | Attr =	]
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfhlp02.sys -> Protection Technology (StarForce) [Ver = 2.5 | Size = 6656 bytes | Modified Date = 13. 3. 2006 11:38:23 | Attr =	]
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfsync02.sys -> Protection Technology [Ver = 2.7 | Size = 20544 bytes | Modified Date = 3. 12. 2004 12:20:41 | Attr =	]
(sfsync03) StarForce Protection Synchronization Driver (version 3.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfsync03.sys -> Protection Technology [Ver = 3.9 | Size = 35328 bytes | Modified Date = 6. 12. 2005 17:11:18 | Attr =	]
(sfsync04) StarForce Protection Synchronization Driver (version 4.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfsync04.sys -> Protection Technology (StarForce) [Ver = 4.8 | Size = 50176 bytes | Modified Date = 24. 3. 2006 18:27:01 | Attr =	]
(sfvfs02) StarForce Protection VFS Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfvfs02.sys -> Protection Technology [Ver = 2.13 | Size = 63488 bytes | Modified Date = 3. 11. 2005 16:40:07 | Attr =	]
(SNP325) USB PC Camera (SNPSTD325) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\snp325.sys -> Sonix Co. Ltd. [Ver = 1, 3, 2, 2 | Size = 10242176 bytes | Modified Date = 27. 1. 2007 10:56:18 | Attr =	]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 685816 bytes | Modified Date = 16. 8. 2007 19:05:33 | Attr =	]
(vaxscsi) vaxscsi [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\vaxscsi.sys -> File not found
({95808DC4-FA4A-4C74-92FE-5B863F82066B}) {95808DC4-FA4A-4C74-92FE-5B863F82066B} [Kernel | Auto | Stopped] -> %ProgramFiles%\CyberLink\PowerDVD\000.fcl -> Cyberlink Corp. [Ver = 2.0.07.1005 | Size = 41456 bytes | Modified Date = 19. 1. 2008 0:01:28 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Ad-Aware -> %ProgramFiles%\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe ["C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c] -> Lavasoft Sweden [Ver = 6.2.0.238 | Size = 865280 bytes | Modified Date = 27. 5. 2005 15:24:00 | Attr =	]
Alcmtr -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 3. 5. 2005 19:43:28 | Attr =	]
CnxDslTaskBar -> %ProgramFiles%\DrayTek\Vigor318 ADSL\CnxDslTb.exe ["C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"] -> Conexant Systems Inc. [Ver = 2.099.093.000 | Size = 516096 bytes | Modified Date = 6. 5. 2004 18:01:08 | Attr =	]
ICQ Lite -> %ProgramFiles%\ICQLite\ICQLite.exe ["C:\Program Files\ICQLite\ICQLite.exe" -minimize] -> ICQ Ltd. [Ver = 20, 52, 2587, 0 | Size = 3142236 bytes | Modified Date = 27. 7. 2006 20:12:50 | Attr =	]
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"] ->  [Ver = 1.0.3411.0	| Size = 62760 bytes | Modified Date = 11. 10. 2007 13:06:20 | Attr =	]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE [Logi_MwX.Exe] -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 17. 12. 2003 10:50:00 | Attr =	]
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe ["C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE] -> Eset  [Ver = 2, 70, 39  | Size = 949376 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 5. 12. 2007 2:41:00 | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 5. 12. 2007 2:41:00 | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] ->  [Ver =  | Size = 1626112 bytes | Modified Date = 5. 12. 2007 2:41:00 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 28. 3. 2008 23:37:20 | Attr =	]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 7.00.3722 | Size = 81920 bytes | Modified Date = 22. 1. 2008 15:23:28 | Attr =	]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.1.9.3 | Size = 16858112 bytes | Modified Date = 6. 3. 2008 18:14:20 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_09\bin\jusched.exe ["C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"] -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AWMON -> %ProgramFiles%\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe ["C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"] -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 517632 bytes | Modified Date = 25. 5. 2005 13:12:36 | Attr =	]
IDMan -> %ProgramFiles%\Internet Download Manager\IDMan.exe [C:\Program Files\Internet Download Manager\IDMan.exe /onboot] -> Tonec Inc. [Ver = 5.12.8.0 | Size = 2594224 bytes | Modified Date = 23. 3. 2008 14:59:18 | Attr =	]
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] -> File not found
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.6.0.248 | Size = 21898024 bytes | Modified Date = 1. 2. 2008 18:22:12 | Attr = R  ]
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
ICQ Lite -> %ProgramFiles%\ICQLite\ICQLite.exe [C:\Program Files\ICQLite\ICQLite.exe -trayboot] -> ICQ Ltd. [Ver = 20, 52, 2587, 0 | Size = 3142236 bytes | Modified Date = 27. 7. 2006 20:12:50 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění -> 
< Zoltan Pinces Startup Folder > -> C:\Documents and Settings\Zoltan Pinces\Nabídka Start\Programy\Po spuštění -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20. 12. 2006 12:55:48 | Attr =	]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
{438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\browseui.dll [Browseui preloader] -> Společnost Microsoft [Ver = 6.00.2900.3020 (xpsp_sp2_gdr.061023-0214) | Size = 1022976 bytes | Modified Date = 23. 10. 2006 17:19:25 | Attr =	]
{8C7461EF-2B13-11d2-BE35-3078302C2030} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\browseui.dll [Proces mezipaměti kategorií součástí] -> Společnost Microsoft [Ver = 6.00.2900.3020 (xpsp_sp2_gdr.061023-0214) | Size = 1022976 bytes | Modified Date = 23. 10. 2006 17:19:25 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19. 4. 2007 12:41:36 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 0 -> 
< HOSTS File > (855 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.255.255.255 images.alcohol-soft.com -> -> 
127.255.255.255 serial.alcohol-soft.com -> -> 
127.255.255.255 www.alcohol-soft.com -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.sk/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Download Manager\IDMIECC.dll [IDMIEHlprObj Class] -> Tonec Inc. [Ver = 5, 12, 8, 0 | Size = 99760 bytes | Modified Date = 18. 2. 2008 16:29:51 | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Podpora odkazu pro Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23. 10. 2006 10:08:42 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22. 2. 2008 5:25:19 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\browseui.dll [&Adresa] -> Společnost Microsoft [Ver = 6.00.2900.3020 (xpsp_sp2_gdr.061023-0214) | Size = 1022976 bytes | Modified Date = 23. 10. 2006 17:19:25 | Attr =	]
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\browseui.dll [&Adresa] -> Společnost Microsoft [Ver = 6.00.2900.3020 (xpsp_sp2_gdr.061023-0214) | Size = 1022976 bytes | Modified Date = 23. 10. 2006 17:19:25 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22. 2. 2008 5:25:19 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22. 2. 2008 5:25:19 | Attr =	]
{B863453A-26C3-4e1f-A54D-A2CD196348E9}:Exec -> %ProgramFiles%\ICQLite\ICQLite.exe [ICQ Lite] -> ICQ Ltd. [Ver = 20, 52, 2587, 0 | Size = 3142236 bytes | Modified Date = 27. 7. 2006 20:12:50 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22. 2. 2008 5:25:19 | Attr =	]
CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQLite\ICQLite.exe [ICQ Lite] -> ICQ Ltd. [Ver = 20, 52, 2587, 0 | Size = 3142236 bytes | Modified Date = 27. 7. 2006 20:12:50 | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Download All Links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm ->  [Ver =  | Size = 283 bytes | Modified Date = 20. 10. 2003 12:13:13 | Attr =	]
Download FLV video content with IDM -> %ProgramFiles%\Internet Download Manager\IEGetVL.htm ->  [Ver =  | Size = 278 bytes | Modified Date = 2. 7. 2007 8:19:10 | Attr =	]
Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm ->  [Ver =  | Size = 277 bytes | Modified Date = 2. 12. 2004 18:31:09 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5290052E-D7A2-4F9B-9787-9880D68DE73F} ->	(Broadcom NetXtreme Gigabit Ethernet) -> 
{7BE0F88B-3A3B-423F-A028-6C3C04FD6D7B} ->	(1394 Net Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\imon.dll -> Eset  [Ver = 2, 70, 39  | Size = 298104 bytes | Modified Date = 4. 11. 2007 19:12:52 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 12. 11. 2007 16:48:02 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> 
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}[HKEY_LOCAL_MACHINE] -> http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab[System Requirements Lab Class] -> 
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162209373781[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] -> 
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\.Owner -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15. 6. 2005 19:50:59 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25. 4. 2007 16:22:50 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24. 3. 2006 6:39:56 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 348 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 184832 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119808 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Zajišťuje překlad síťové adresy, adresování, překlad adres IP a ochranu před neoprávněným vniknutím do podnikové nebo domácí sítě. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Brána Firewall / Sdílení připojení k Internetu (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 15556 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 330240 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedAutoDial -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 141312 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10. 10. 2006 14:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe -> C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD] -> CyberLink Corp. [Ver = 7.03.3723 | Size = 1283368 bytes | Modified Date = 23. 1. 2008 23:54:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 141312 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ICQLite\ICQLite.exe -> C:\Program Files\ICQLite\ICQLite.exe [C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite] -> ICQ Ltd. [Ver = 20, 52, 2587, 0 | Size = 3142236 bytes | Modified Date = 27. 7. 2006 20:12:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> Azureus Inc [Ver = 3.0.0.0 | Size = 254976 bytes | Modified Date = 6. 3. 2008 21:07:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Splinter Cell Pandora Tomorrow\pandora.exe -> D:\Splinter Cell Pandora Tomorrow\pandora.exe [D:\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora] ->  [Ver =  | Size = 163840 bytes | Modified Date = 27. 2. 2004 13:54:18 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16640 (vista_gdr.080213-1606) | Size = 625664 bytes | Modified Date = 29. 2. 2008 10:54:19 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10. 10. 2006 14:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Ghost Recon Advanced Warfighter\GRAW.exe -> D:\Ghost Recon Advanced Warfighter\GRAW.exe [D:\Ghost Recon Advanced Warfighter\GRAW.exe:*:Enabled:GRAW] ->  [Ver =  | Size = 6140928 bytes | Modified Date = 16. 4. 2007 0:06:03 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Download Manager\IDMan.exe -> C:\Program Files\Internet Download Manager\IDMan.exe [C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager (IDM)] -> Tonec Inc. [Ver = 5.12.8.0 | Size = 2594224 bytes | Modified Date = 23. 3. 2008 14:59:18 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Xfire\xfire.exe -> C:\Program Files\Xfire\xfire.exe [C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire] -> Xfire Inc. [Ver = 13133 | Size = 2987856 bytes | Modified Date = 4. 4. 2008 23:31:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\SEGA Rally\SEGA Rally.exe -> D:\SEGA Rally\SEGA Rally.exe [D:\SEGA Rally\SEGA Rally.exe:*:Enabled:SEGA Rally] -> SEGA Publishing Europe LTD [Ver = 4, 0, 6, 0 | Size = 3700786 bytes | Modified Date = 30. 9. 2007 19:45:29 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -> C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe [C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe:*:Enabled:Nero Express] -> Nero AG [Ver = 8, 3, 2, 1 | Size = 40703272 bytes | Modified Date = 5. 3. 2008 12:41:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Alcohol Soft\Alcohol 120\StartMeUp.exe -> C:\Program Files\Alcohol Soft\Alcohol 120\StartMeUp.exe [C:\Program Files\Alcohol Soft\Alcohol 120\StartMeUp.exe:*:Enabled:Alcohol 120%] -> BetaMaster [Ver = 1.5.0.0 | Size = 29184 bytes | Modified Date = 21. 12. 2007 18:41:19 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrA.exe -> C:\WINDOWS\system32\PnkBstrA.exe [C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA] ->  [Ver =  | Size = 66872 bytes | Modified Date = 21. 3. 2008 18:59:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrB.exe -> C:\WINDOWS\system32\PnkBstrB.exe [C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB] ->  [Ver =  | Size = 107832 bytes | Modified Date = 11. 4. 2008 4:06:23 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Enemy Territory - QUAKE Wars\etqwded.exe -> D:\Enemy Territory - QUAKE Wars\etqwded.exe [D:\Enemy Territory - QUAKE Wars\etqwded.exe:*:Enabled:etqwded.exe] -> Splash Damage, Ltd. [Ver = 1.4.12184.33045 | Size = 5018864 bytes | Modified Date = 13. 12. 2007 21:18:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe -> C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe [C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter] -> Nero AG [Ver = 1, 10, 2, 0 | Size = 2577704 bytes | Modified Date = 28. 2. 2008 10:59:20 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Enemy Territory - QUAKE Wars\etqw.exe -> D:\Enemy Territory - QUAKE Wars\etqw.exe [D:\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) ] -> Splash Damage, Ltd. [Ver = 1.4.12184.33045 | Size = 5162224 bytes | Modified Date = 13. 12. 2007 21:18:06 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Gears of War\Binaries\WarGame-G4WLive.exe -> D:\Gears of War\Binaries\WarGame-G4WLive.exe [D:\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War] -> Epic Games, Inc. [Ver = 1.0.3339.131 | Size = 28282512 bytes | Modified Date = 5. 11. 2007 13:46:33 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DC++ Strong\StrongDC.exe -> C:\DC++ Strong\StrongDC.exe [C:\DC++ Strong\StrongDC.exe:*:Enabled:StrongDC++] ->  [Ver = 0, 7, 0, 4 | Size = 3013632 bytes | Modified Date = 29. 2. 2008 16:49:29 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Soldier of Fortune Payback\sof3.exe -> D:\Soldier of Fortune Payback\sof3.exe [D:\Soldier of Fortune Payback\sof3.exe:*:Enabled:sof3] ->  [Ver =  | Size = 61440 bytes | Modified Date = 14. 11. 2007 14:54:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\real\eREAD_Cookcase.exe -> C:\Program Files\real\eREAD_Cookcase.exe [C:\Program Files\real\eREAD_Cookcase.exe:*:Disabled:eREAD 6.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe -> C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD] -> CyberLink Corp. [Ver = 7.03.3723 | Size = 1283368 bytes | Modified Date = 23. 1. 2008 23:54:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.6.0.248 | Size = 21898024 bytes | Modified Date = 1. 2. 2008 18:22:12 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatické aktualizace -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Umožňuje stahování a instalaci aktualizací systému Windows. Pokud je tato služba zakázána, nebude možné použít funkci Automatické aktualizace ani webový server Windows Update. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Umožňuje vzdáleným uživatelům měnit nastavení registru tohoto počítače. Je-li služba zastavena, může být registr měněn pouze uživatelem tohoto počítače. Je-li tato služba zakázána, pak se spuštění všech služeb výslovně závislých na této službě nezdaří. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26. 7. 2005 6:42:51 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Vzdálený registr -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73728 bytes | Modified Date = 18. 8. 2004 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26. 7. 2005 6:42:51 | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Umožňuje vzdálenému uživateli připojení k tomuto počítači a spuštění programů. Podporuje různé klienty protokolem TCP/IP Telnet, včetně počítačů se systémy UNIX nebo Windows. Je-li tato služba zastavena, vzdálení uživatelé nebudou moci přistupovat k programům. Jestliže je tato služba zakázána, nezdaří se spuštění žádných služeb, které na této službě závisí. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
CC3 Kanes Wrath torr -> %SystemDrive%\CC3 Kanes Wrath torr ->  [Folder | Created Date = 20. 3. 2008 19:41:46 | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 11. 4. 2008 2:09:07 | Attr =	]
Downloads -> %SystemDrive%\Downloads ->  [Folder | Created Date = 30. 3. 2008 20:35:31 | Attr =	]
Adobe -> %SystemRoot%\System32\Adobe ->  [Folder | Created Date = 30. 3. 2008 20:46:00 | Attr =	]
DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 682496 bytes | Created Date = 31. 3. 2008 23:25:46 | Attr =	]
DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 0,0,0,0 | Size = 161096 bytes | Created Date = 31. 3. 2008 23:25:52 | Attr =	]
divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Created Date = 24. 3. 2008 21:45:56 | Attr =	]
DivXMedia.ax -> %SystemRoot%\System32\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Created Date = 21. 3. 2008 22:28:42 | Attr =	]
DivXsm.exe -> %SystemRoot%\System32\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Created Date = 21. 3. 2008 22:30:12 | Attr =	]
divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Created Date = 21. 3. 2008 22:30:12 | Attr =	]
DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll ->  [Ver =  | Size = 12288 bytes | Created Date = 21. 3. 2008 22:28:20 | Attr =	]
divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 823296 bytes | Created Date = 31. 3. 2008 23:25:48 | Attr =	]
divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll ->  [Ver =  | Size = 831488 bytes | Created Date = 31. 3. 2008 23:25:46 | Attr =	]
divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 823296 bytes | Created Date = 31. 3. 2008 23:25:48 | Attr =	]
divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 802816 bytes | Created Date = 31. 3. 2008 23:25:46 | Attr =	]
dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 81920 bytes | Created Date = 21. 3. 2008 22:28:54 | Attr =	]
dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 21. 3. 2008 22:28:54 | Attr =	]
dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 21. 3. 2008 22:28:50 | Attr =	]
dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 21. 3. 2008 22:28:50 | Attr =	]
dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 21. 3. 2008 22:28:52 | Attr =	]
dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 21. 3. 2008 22:28:50 | Attr =	]
dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 21. 3. 2008 22:28:50 | Attr =	]
dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 21. 3. 2008 22:28:50 | Attr =	]
dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 196608 bytes | Created Date = 21. 3. 2008 22:28:54 | Attr =	]
dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 21. 3. 2008 22:28:54 | Attr =	]
libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 21. 3. 2008 22:30:00 | Attr =	]
oodbs.lor -> %SystemRoot%\System32\oodbs.lor ->  [Ver =  | Size = 71498 bytes | Created Date = 21. 3. 2008 14:43:20 | Attr =	]
qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Created Date = 21. 3. 2008 22:30:08 | Attr =	]
QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Created Date = 28. 3. 2008 23:37:26 | Attr =	]
QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Created Date = 28. 3. 2008 23:37:26 | Attr =	]
ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 21. 3. 2008 22:30:00 | Attr =	]
xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll ->  [Ver = 31074 | Size = 41296 bytes | Created Date = 4. 4. 2008 23:31:56 | Attr =	]
Alcmtr.exe -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Created Date = 26. 3. 2008 15:52:35 | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 11. 4. 2008 2:09:44 | Attr =	]
oodcnt.INI -> %SystemRoot%\oodcnt.INI ->  [Ver =  | Size = 0 bytes | Created Date = 21. 3. 2008 13:47:52 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Spybot - Search & Destroy -> %AllUsersProfile%\Data aplikací\Spybot - Search & Destroy ->  [Folder | Created Date = 9. 4. 2008 22:31:20 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Data aplikací\SUPERAntiSpyware.com ->  [Folder | Created Date = 11. 4. 2008 16:28:10 | Attr =	]
Command & Conquer 3 Kane's Wrath -> %AppData%\Command & Conquer 3 Kane's Wrath ->  [Folder | Created Date = 22. 3. 2008 21:21:30 | Attr =	]
DVDFab -> %AppData%\DVDFab ->  [Folder | Created Date = 25. 3. 2008 19:24:32 | Attr =	]
Orbit -> %AppData%\Orbit ->  [Folder | Created Date = 30. 3. 2008 20:35:27 | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 11. 4. 2008 16:28:00 | Attr =	]
Command & Conquer 3 Kane's Wrath -> %UserProfile%\Dokumenty\Command & Conquer 3 Kane's Wrath ->  [Folder | Created Date = 22. 3. 2008 21:24:06 | Attr =	]
CyberLink -> %UserProfile%\Dokumenty\CyberLink ->  [Folder | Created Date = 21. 3. 2008 19:48:57 | Attr =	]
DVDFab -> %UserProfile%\Dokumenty\DVDFab ->  [Folder | Created Date = 25. 3. 2008 19:21:34 | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Plocha\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 11. 4. 2008 16:28:03 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Plocha\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 11. 4. 2008 1:08:29 | Attr =	]
HIJackThis -> %UserProfile%\Plocha\HIJackThis ->  [Folder | Created Date = 11. 4. 2008 2:15:54 | Attr =	]
OTScanIt -> %UserProfile%\Plocha\OTScanIt ->  [Folder | Created Date = 11. 4. 2008 5:01:51 | Attr =	]
OTScanIt.exe -> %UserProfile%\Plocha\OTScanIt.exe ->  [Ver =  | Size = 540250 bytes | Created Date = 11. 4. 2008 5:00:59 | Attr =	]
sh3 -> %UserProfile%\Plocha\sh3 ->  [Folder | Created Date = 11. 4. 2008 0:33:17 | Attr =	]
SUPERAntiSpyware.exe -> %UserProfile%\Plocha\SUPERAntiSpyware.exe ->  [Ver =  | Size = 6342680 bytes | Created Date = 11. 4. 2008 16:26:43 | Attr =	]

[Files/Folders - Modified Within 30 days]
CC3 Kanes Wrath torr -> %SystemDrive%\CC3 Kanes Wrath torr ->  [Folder | Modified Date = 20. 3. 2008 19:41:59 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 11. 4. 2008 16:28:04 | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 11. 4. 2008 2:09:07 | Attr =	]
Downloads -> %SystemDrive%\Downloads ->  [Folder | Modified Date = 10. 4. 2008 1:33:38 | Attr =	]
poker -> %SystemDrive%\poker ->  [Folder | Modified Date = 28. 3. 2008 1:00:00 | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 11. 4. 2008 16:28:00 | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 11. 4. 2008 16:38:23 | Attr =	]
pcouffin.sys -> %SystemRoot%\System32\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 25. 3. 2008 19:18:13 | Attr =	]
PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys ->  [Ver =  | Size = 22328 bytes | Modified Date = 11. 4. 2008 4:06:37 | Attr =	]
Adobe -> %SystemRoot%\System32\Adobe ->  [Folder | Modified Date = 30. 3. 2008 20:46:04 | Attr =	]
BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll ->  [Ver =  | Size = 34308 bytes | Modified Date = 24. 3. 2008 15:19:31 | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 14. 3. 2008 20:03:10 | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 11. 4. 2008 16:48:18 | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 22. 3. 2008 21:14:00 | Attr =	]
DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 682496 bytes | Modified Date = 31. 3. 2008 23:25:46 | Attr =	]
DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 0,0,0,0 | Size = 161096 bytes | Modified Date = 31. 3. 2008 23:25:52 | Attr =	]
divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Modified Date = 24. 3. 2008 21:45:56 | Attr =	]
DivXMedia.ax -> %SystemRoot%\System32\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Modified Date = 21. 3. 2008 22:28:42 | Attr =	]
DivXsm.exe -> %SystemRoot%\System32\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Modified Date = 21. 3. 2008 22:30:12 | Attr =	]
divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Modified Date = 21. 3. 2008 22:30:12 | Attr =	]
DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll ->  [Ver =  | Size = 12288 bytes | Modified Date = 21. 3. 2008 22:28:20 | Attr =	]
divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 823296 bytes | Modified Date = 31. 3. 2008 23:25:48 | Attr =	]
divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll ->  [Ver =  | Size = 831488 bytes | Modified Date = 31. 3. 2008 23:25:46 | Attr =	]
divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 823296 bytes | Modified Date = 31. 3. 2008 23:25:48 | Attr =	]
divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 802816 bytes | Modified Date = 31. 3. 2008 23:25:46 | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 9. 4. 2008 22:23:57 | Attr = RHS]
dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 81920 bytes | Modified Date = 21. 3. 2008 22:28:54 | Attr =	]
dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 21. 3. 2008 22:28:54 | Attr =	]
dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 21. 3. 2008 22:28:50 | Attr =	]
dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 21. 3. 2008 22:28:50 | Attr =	]
dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 21. 3. 2008 22:28:52 | Attr =	]
dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 21. 3. 2008 22:28:50 | Attr =	]
dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 21. 3. 2008 22:28:50 | Attr =	]
dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 21. 3. 2008 22:28:50 | Attr =	]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 11. 4. 2008 18:36:24 | Attr =	]
dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 196608 bytes | Modified Date = 21. 3. 2008 22:28:54 | Attr =	]
dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 21. 3. 2008 22:28:54 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 121336 bytes | Modified Date = 9. 4. 2008 22:25:40 | Attr =	]
libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 21. 3. 2008 22:30:00 | Attr =	]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 10. 4. 2008 0:54:56 | Attr =	]
oodag -> %SystemRoot%\System32\oodag ->  [Folder | Modified Date = 21. 3. 2008 13:50:29 | Attr =	]
oodbs.lor -> %SystemRoot%\System32\oodbs.lor ->  [Ver =  | Size = 71498 bytes | Modified Date = 11. 4. 2008 19:04:10 | Attr =	]
perfc005.dat -> %SystemRoot%\System32\perfc005.dat ->  [Ver =  | Size = 83048 bytes | Modified Date = 30. 3. 2008 10:54:26 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 71696 bytes | Modified Date = 30. 3. 2008 10:54:26 | Attr =	]
perfh005.dat -> %SystemRoot%\System32\perfh005.dat ->  [Ver =  | Size = 438574 bytes | Modified Date = 30. 3. 2008 10:54:26 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 442204 bytes | Modified Date = 30. 3. 2008 10:54:26 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 1049858 bytes | Modified Date = 30. 3. 2008 10:54:26 | Attr =	]
PnkBstrA.exe -> %SystemRoot%\System32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 21. 3. 2008 18:59:50 | Attr =	]
PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe ->  [Ver =  | Size = 107832 bytes | Modified Date = 11. 4. 2008 4:06:23 | Attr =	]
qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Modified Date = 21. 3. 2008 22:30:08 | Attr =	]
QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Modified Date = 28. 3. 2008 23:37:26 | Attr =	]
QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Modified Date = 28. 3. 2008 23:37:26 | Attr =	]
RTCOM -> %SystemRoot%\System32\RTCOM ->  [Folder | Modified Date = 26. 3. 2008 15:53:12 | Attr =	]
ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 21. 3. 2008 22:30:00 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2422 bytes | Modified Date = 11. 4. 2008 18:38:18 | Attr =	]
xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll ->  [Ver = 31074 | Size = 41296 bytes | Modified Date = 4. 4. 2008 23:31:56 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 9. 4. 2008 22:24:00 | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 14. 3. 2008 20:02:18 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 11. 4. 2008 19:04:28 | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 11. 4. 2008 2:10:30 | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 11. 4. 2008 2:09:44 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Modified Date = 9. 4. 2008 22:23:58 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 9. 4. 2008 23:24:13 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 11. 4. 2008 16:28:04 | Attr =  HS]
level.ini -> %SystemRoot%\level.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 21. 3. 2008 17:08:58 | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 30. 3. 2008 18:27:35 | Attr =	]
oodcnt.INI -> %SystemRoot%\oodcnt.INI ->  [Ver =  | Size = 0 bytes | Modified Date = 21. 3. 2008 13:47:52 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 11. 4. 2008 19:02:52 | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 11. 4. 2008 18:36:24 | Attr =	]
@Alternate Data Stream - 48128 bytes -> %SystemRoot%\system32:lpr.exe
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 11. 4. 2008 19:02:35 | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 22. 3. 2008 20:15:33 | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 24. 3. 2008 22:30:08 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 11. 4. 2008 19:03:14 | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 9. 4. 2008 19:02:49 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 9. 4. 2008 19:02:49 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Data aplikací\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 30. 10. 2006 16:03:17 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
CyberLink -> %AllUsersProfile%\Data aplikací\CyberLink ->  [Folder | Modified Date = 21. 3. 2008 22:47:08 | Attr =	]
Microsoft -> %AllUsersProfile%\Data aplikací\Microsoft ->  [Folder | Modified Date = 25. 3. 2008 21:54:28 | Attr =   S]
Nero -> %AllUsersProfile%\Data aplikací\Nero ->  [Folder | Modified Date = 24. 3. 2008 15:05:17 | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Data aplikací\Spybot - Search & Destroy ->  [Folder | Modified Date = 10. 4. 2008 0:53:45 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Data aplikací\SUPERAntiSpyware.com ->  [Folder | Modified Date = 11. 4. 2008 16:28:10 | Attr =	]
Azureus -> %AppData%\Azureus ->  [Folder | Modified Date = 11. 4. 2008 0:41:40 | Attr =	]
Command & Conquer 3 Kane's Wrath -> %AppData%\Command & Conquer 3 Kane's Wrath ->  [Folder | Modified Date = 23. 3. 2008 2:21:47 | Attr =	]
DMCache -> %AppData%\DMCache ->  [Folder | Modified Date = 11. 4. 2008 18:38:22 | Attr =	]
DVDFab -> %AppData%\DVDFab ->  [Folder | Modified Date = 25. 3. 2008 19:24:32 | Attr =	]
IDM -> %AppData%\IDM ->  [Folder | Modified Date = 23. 3. 2008 14:58:23 | Attr =	]
inst.exe -> %AppData%\inst.exe ->  [Ver =  | Size = 87608 bytes | Modified Date = 25. 3. 2008 19:18:13 | Attr =	]
Orbit -> %AppData%\Orbit ->  [Folder | Modified Date = 30. 3. 2008 21:31:06 | Attr =	]
pcouffin.cat -> %AppData%\pcouffin.cat ->  [Ver =  | Size = 7887 bytes | Modified Date = 25. 3. 2008 19:18:13 | Attr =	]
pcouffin.inf -> %AppData%\pcouffin.inf ->  [Ver =  | Size = 1144 bytes | Modified Date = 25. 3. 2008 19:18:13 | Attr =	]
pcouffin.sys -> %AppData%\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 25. 3. 2008 19:18:13 | Attr =	]
PnkBstrK.sys -> %AppData%\PnkBstrK.sys ->  [Ver =  | Size = 22328 bytes | Modified Date = 21. 3. 2008 18:57:16 | Attr =	]
Registry Booster -> %AppData%\Registry Booster ->  [Folder | Modified Date = 24. 3. 2008 17:09:13 | Attr =	]
Skype -> %AppData%\Skype ->  [Folder | Modified Date = 11. 4. 2008 18:42:40 | Attr =	]
skypePM -> %AppData%\skypePM ->  [Folder | Modified Date = 11. 4. 2008 16:40:45 | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 11. 4. 2008 16:28:00 | Attr =	]
Vso -> %AppData%\Vso ->  [Folder | Modified Date = 27. 3. 2008 10:52:15 | Attr =	]
Xfire -> %AppData%\Xfire ->  [Folder | Modified Date = 10. 4. 2008 20:02:59 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 24064 bytes | Modified Date = 30. 3. 2008 16:36:08 | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Data aplikací\IconCache.db ->  [Ver =  | Size = 3213132 bytes | Modified Date = 11. 4. 2008 11:40:52 | Attr =  H ]
Command & Conquer 3 Kane's Wrath -> %UserProfile%\Dokumenty\Command & Conquer 3 Kane's Wrath ->  [Folder | Modified Date = 23. 3. 2008 2:22:34 | Attr =	]
CyberLink -> %UserProfile%\Dokumenty\CyberLink ->  [Folder | Modified Date = 21. 3. 2008 19:48:57 | Attr =	]
DVDFab -> %UserProfile%\Dokumenty\DVDFab ->  [Folder | Modified Date = 25. 3. 2008 19:21:35 | Attr =	]
Obrázky -> %UserProfile%\Dokumenty\Obrázky ->  [Folder | Modified Date = 21. 3. 2008 20:30:53 | Attr = R  ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Plocha\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 11. 4. 2008 16:28:03 | Attr =	]
Vigor318 Control Panel.lnk -> %AllUsersProfile%\Plocha\Vigor318 Control Panel.lnk ->  [Ver =  | Size = 255 bytes | Modified Date = 11. 4. 2008 18:38:23 | Attr =	]
Vigor318 DSL.lnk -> %AllUsersProfile%\Plocha\Vigor318 DSL.lnk ->  [Ver =  | Size = 658 bytes | Modified Date = 11. 4. 2008 18:38:32 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Plocha\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 11. 4. 2008 1:08:29 | Attr =	]
HIJackThis -> %UserProfile%\Plocha\HIJackThis ->  [Folder | Modified Date = 11. 4. 2008 2:16:51 | Attr =	]
OTScanIt -> %UserProfile%\Plocha\OTScanIt ->  [Folder | Modified Date = 11. 4. 2008 16:38:18 | Attr =	]
OTScanIt.exe -> %UserProfile%\Plocha\OTScanIt.exe ->  [Ver =  | Size = 540250 bytes | Modified Date = 11. 4. 2008 5:01:02 | Attr =	]
sh3 -> %UserProfile%\Plocha\sh3 ->  [Folder | Modified Date = 11. 4. 2008 0:39:27 | Attr =	]
SUPERAntiSpyware.exe -> %UserProfile%\Plocha\SUPERAntiSpyware.exe ->  [Ver =  | Size = 6342680 bytes | Modified Date = 11. 4. 2008 16:27:15 | Attr =	]
Nero -> %CommonProgramFiles%\Nero ->  [Folder | Modified Date = 24. 3. 2008 15:15:01 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 11. 4. 2008 16:27:25 | Attr =	]

< End of report >


The log file from Otis:


Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Service MyDNS stopped successfully.
Service MyDNS deleted successfully.
C:\Program Files\Outlook Express\svchost.exe moved successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LDM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportovat do aplikace Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportovať do programu Microsoft Excel\ deleted successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\SC4\SCDA-Offline\System\SplinterCell4.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\NFS Most Wanted\speed.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Zoltan Pinces\Plocha\DC\StrongDC.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Dark Messiah of Might and Magic\Dark Messiah of Might and Magic\mm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Far Cry\Bin32\FarCry.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Half-Life 2\hl2.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Hidden & Dangerous 2\hd2.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\bhd\dfbhd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DiRT\DiRT.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\ssdfsd\hl2.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\DiRT\DiRT.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\You Are EMPTY\you_are_empty.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Zoltan Pinces\Local Settings\Temp\ElectronicArts_Patcher_000.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\bhd\UPDATE.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\extreme conditions\LostPlanetDx9.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Medal of Honor Pacific Assault™\mohpa.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Quake 3\Quake3\quake3.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\QUAKE III\quake3.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Quake3\quake3.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Zoltan Pinces\Plocha\DC stong\StrongDC.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Zoltan Pinces\Local Settings\Temp\OnlineUpdate8\SetupXu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DC stong\StrongDC.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DC Strong++\StrongDC.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitnet.exe deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP folder deleted successfully.
C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP folder deleted successfully.
[Files/Folders - Modified Within 30 days]
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Zoltan Pinces\Local Settings\Temp\~DF8540.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zoltan Pinces\Local Settings\Temp\~DF854D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zoltan Pinces\Local Settings\Temporary Internet Files\Content.IE5\RLRNAT8B\iframe[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zoltan Pinces\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zoltan Pinces\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.9.0 fix logfile created on 04112008_163818

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:16 PM

Posted 11 April 2008 - 01:51 PM

Hi Sniper47. Everything looks fine. How's it running?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 Sniper47

Sniper47
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:05:16 AM

Posted 11 April 2008 - 02:07 PM

Hi Sniper47. Everything looks fine. How's it running?

Cheers.

OT



HI, it runs good now,,,Ive checked antivir and adaware,nothing.Even PC boots faster.THX for hepling me so fast.Hope this is the last time this searchportal appears.
One more thing buddy,now can I unistall those programs(Otis/hijackthis/atf cleaner/superspybot)?

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:16 PM

Posted 11 April 2008 - 02:16 PM

Hi Sniper47. That's good news. HijackThis and SuperAntiSpyware can be uninstalled throiugh Add/Remove Programs in the Control Panel. You can jsut delete ATF-Cleaner but I would hang on to that and use it regularly to clean out the temp folders. We'll take care of OTScanIt below.

Let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start OTScanIt
    Click the CleanUp button
  • OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 Sniper47

Sniper47
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:05:16 AM

Posted 11 April 2008 - 02:44 PM

Allright buddy,and once again thanks for Your help.Ill be watching this site for news/protection.
Hope I wont be needing any help for some time.
You can now close this thread.

See Ya buddy :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users