win32:Bubnix-I[Rtk], modrá smrt

[vyosek]

Spustte gmer zovu a on ten maly sken udela znovu - log sem vlozte - pokud tam byly cervene radky je docela dulezity...

[Svitiplyn]

Si pamatuju ze tam bylo neco ve smyslu system changer nebo tak neco, mozna to bylo tim ze jsem to nedelal v nouzovem rezimu a kvuli toho se mi to taky seklo.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-16 08:55:38
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\pgtdqpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[vyosek]

Zkuste jeste jednou ten maly sken v normlanim rezimu - snad se nesekne...asi vim kam gmer myril, ale nejsem si jist...

[Svitiplyn]

Zkoušel jsem ten malej dělat v normálním režimu jak jste mi hned řekl, vypadal myslím stejně, ale když jsem dal save tak se to seklo. Tak já se pokusím teda být rychlejší než ten program!

[vyosek]

Dejte tedy jen screen, asi se Vam to sekne vzdycky...navod na screen http://www.viry.cz/forum/viewtopic.php?f=15&t=14114

[Svitiplyn]

Neseklo, tady to je.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-16 09:07:40
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\pgtdqpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• C:\WINDOWS\system32\drivers\sfsync04.sys
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
• Kliknete na Otestovat soubor
• Vysledek analyzy sem vlozte (jako odkaz)

[Svitiplyn]

File name:
sfsync04.sys
Submission date:
2010-08-16 07:19:57 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 42 (0.0%)

Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.08.15.01 2010.08.15 -
AntiVir 8.2.4.34 2010.08.15 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.16 -
Avast 4.8.1351.0 2010.08.15 -
Avast5 5.0.332.0 2010.08.15 -
AVG 9.0.0.851 2010.08.15 -
BitDefender 7.2 2010.08.16 -
CAT-QuickHeal 11.00 2010.08.16 -
ClamAV 0.96.0.3-git 2010.08.16 -
Comodo 5757 2010.08.16 -
DrWeb 5.0.2.03300 2010.08.16 -
Emsisoft 5.0.0.37 2010.08.16 -
eSafe 7.0.17.0 2010.08.15 -
eTrust-Vet 36.1.7790 2010.08.13 -
F-Prot 4.6.1.107 2010.08.16 -
F-Secure 9.0.15370.0 2010.08.16 -
Fortinet 4.1.143.0 2010.08.15 -
GData 21 2010.08.16 -
Ikarus T3.1.1.88.0 2010.08.16 -
Jiangmin 13.0.900 2010.08.16 -
Kaspersky 7.0.0.125 2010.08.16 -
McAfee 5.400.0.1158 2010.08.16 -
McAfee-GW-Edition 2010.1 2010.08.16 -
Microsoft 1.6004 2010.08.16 -
NOD32 5368 2010.08.15 -
Norman 6.05.11 2010.08.15 -
nProtect 2010-08-16.01 2010.08.16 -
Panda 10.0.2.7 2010.08.15 -
PCTools 7.0.3.5 2010.08.16 -
Prevx 3.0 2010.08.16 -
Rising 22.61.00.01 2010.08.16 -
Sophos 4.56.0 2010.08.16 -
Sunbelt 6739 2010.08.16 -
SUPERAntiSpyware 4.40.0.1006 2010.08.16 -
Symantec 20101.1.1.7 2010.08.16 -
TheHacker 6.5.2.1.349 2010.08.16 -
TrendMicro 9.120.0.1004 2010.08.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.16 -
VBA32 3.12.14.0 2010.08.13 -
ViRobot 2010.8.16.3990 2010.08.16 -
VirusBuster 5.0.27.0 2010.08.15 -
Additional information
Show all
MD5 : c526ad307ff1900bc4c864f74553f762
SHA1 : 05b9b0f5ef4669be479a73cdc63913fcd2887fa5
SHA256: d4af67453c7987c248276c38234839a525e122024b3266b1b074d125572d42cc

[vyosek]

Logy vypadaji OK Ale pro jistotu:
Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[Svitiplyn]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4435

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

16.8.2010 10:09:23
mbam-log-2010-08-16 (10-09-23).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 225126
Uplynulý čas: 40 minuta(y), 28 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 9

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\MARTIN\Downloads\Adobe After Effect CS4\adobe serials\keygen.exe (Trojan.Downloader) -> No action taken.
C:\MARTIN\Downloads\Sony Vegas Pro 9 full, cz\SonyProductsKeyGen.exe (Trojan.Agent.CK) -> No action taken.
C:\MARTIN\Downloads\Sony Vegas Pro 9 full, cz\Sony Vegas Pro 9 + CZ + Crack + KeyGen + Plugins\crack vegas 9\Keygen.exe (Trojan.Agent) -> No action taken.
C:\MARTIN\Downloads\TuneUp\ZWT\keygen.exe (Backdoor.RBot) -> No action taken.
C:\MARTIN\Downloads\GTA San Andreas\GTA San Andreas\trainer.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{19A9541B-CDDE-4630-ACBB-B87895E4F0F1}\RP120\A0031899.exe (Trojan.Agent.CK) -> No action taken.
C:\System Volume Information\_restore{19A9541B-CDDE-4630-ACBB-B87895E4F0F1}\RP124\A0034432.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{19A9541B-CDDE-4630-ACBB-B87895E4F0F1}\RP112\A0029636.exe (Trojan.Agent.CK) -> No action taken.
C:\Documents and Settings\Martin\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

[vyosek]

Kdyz pouzivate cracky, tak se nedivte, ze mate v PC havet

Vse smazat

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

[Svitiplyn]

Hotovo, uděláno.

Takže už je to všechno v pohodě ? Jestli ano, tak strašně moc děkuji za pomoc a jako odměnu přispěju na chod stránek smskou.

Dobře se mi s Vámi spolupracovalo, ještě jednou děkuji

[vyosek]

Nemate zac, ale jeste mi neutikejte Uklidim po utilitach a udelame zaverecnou
Za podporu Vam za cely tym viry.cz dekuji

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Spusstte sken Avastu jestli neco najde

Vlozte novy log ze RSITu

[Svitiplyn]

Program T-Cleaner nejde stáhnout, ostatní jsem provedl. Tady je ten novej log z RSITu.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Martin at 2010-08-16 10:51:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 42 GB (14%) free of 305 GB
Total RAM: 3070 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:44, on 16.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://secure.lavasoft.com/single/redi ... NewVersion
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Config] C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7245 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Config"=C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe [2006-07-06 151552]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"=C:\Program Files\EXPERTool\TBPanel.exe [2008-10-21 2177576]
"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe [2008-06-20 153856]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Warcraft III\war3.exe"="C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Codemasters\Operace Flashpoint\FlashpointResistance.exe"="C:\Program Files\Codemasters\Operace Flashpoint\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\MARTIN\Downloads\GRID\GRID.exe"="C:\MARTIN\Downloads\GRID\GRID.exe:*:Enabled:GRID Executable"
"C:\MARTIN\Downloads\Heroes of newerth\1 Verze\hon.exe"="C:\MARTIN\Downloads\Heroes of newerth\1 Verze\hon.exe:*:Enabled:Heroes of Newerth"
"C:\Program Files\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\Settlers7R.exe"="C:\Program Files\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:The Settlers 7 - Paths to a Kingdom"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Games\Age of Empires II\Age2_x1\Age2_x1.exe"="C:\Program Files\Microsoft Games\Age of Empires II\Age2_x1\Age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\League of Legends\Air\LolClient.exe"="C:\Program Files\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Program Files\League of Legends\Game\League of Legends.exe"="C:\Program Files\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe"="C:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2010-08-16 10:51:39 ----D---- C:\rsit
2010-08-16 10:47:32 ----SHD---- C:\RECYCLER
2010-08-16 09:27:07 ----D---- C:\Documents and Settings\Martin\Data aplikací\Malwarebytes
2010-08-16 09:26:57 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-16 09:26:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-16 09:26:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-08-16 09:26:56 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-15 20:35:57 ----D---- C:\WINDOWS\temp
2010-08-15 19:55:55 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-08-15 16:37:18 ----D---- C:\WINDOWS\ERDNT
2010-08-15 12:50:52 ----D---- C:\Program Files\CCleaner
2010-08-15 10:11:46 ----D---- C:\Program Files\trend micro
2010-08-14 16:13:06 ----A---- C:\WINDOWS\system32\drivers\Changer.sys
2010-08-12 00:07:03 ----D---- C:\Program Files\Mafia2
2010-08-11 23:55:37 ----D---- C:\Program Files\Steam
2010-08-04 17:01:16 ----A---- C:\WINDOWS\WORDPAD.INI
2010-08-04 01:23:20 ----A---- C:\WINDOWS\game.ini
2010-08-03 23:27:09 ----D---- C:\Documents and Settings\Martin\Data aplikací\My Battle for Middle-earth(tm) II Files
2010-08-03 23:04:08 ----D---- C:\Program Files\Electronic Arts
2010-07-31 11:59:46 ----D---- C:\Program Files\Hamachi
2010-07-31 10:41:02 ----A---- C:\WINDOWS\system32\drivers\mstee.sys
2010-07-31 10:40:57 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2010-07-20 14:11:43 ----D---- C:\Documents and Settings\Martin\Data aplikací\LolClient
2010-07-20 02:35:08 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-07-20 02:35:08 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-07-20 02:35:08 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-07-20 02:35:07 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-07-20 02:35:07 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-07-20 02:35:07 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-07-20 02:35:06 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-07-20 02:35:05 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-07-20 02:18:53 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-07-20 02:16:03 ----D---- C:\Program Files\League of Legends
2010-07-20 02:04:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2010-07-20 02:03:52 ----D---- C:\Program Files\Pando Networks

======List of files/folders modified in the last 1 months======

2010-08-16 10:49:45 ----D---- C:\WINDOWS\Minidump
2010-08-16 10:49:45 ----D---- C:\WINDOWS
2010-08-16 10:47:32 ----D---- C:\WINDOWS\system32
2010-08-16 10:46:37 ----SHD---- C:\System Volume Information
2010-08-16 10:46:37 ----D---- C:\WINDOWS\system32\Restore
2010-08-16 10:37:48 ----D---- C:\Program Files\Common Files
2010-08-16 10:37:31 ----D---- C:\MARTIN
2010-08-16 10:28:21 ----D---- C:\WINDOWS\system32\drivers
2010-08-16 10:27:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-16 09:26:56 ----RD---- C:\Program Files
2010-08-16 09:17:59 ----SHD---- C:\WINDOWS\CSC
2010-08-15 20:54:28 ----SHD---- C:\WINDOWS\Installer
2010-08-15 20:48:41 ----D---- C:\Program Files\Mozilla Firefox
2010-08-15 20:35:18 ----A---- C:\WINDOWS\system.ini
2010-08-15 20:34:06 ----D---- C:\WINDOWS\AppPatch
2010-08-15 19:55:50 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-15 19:46:05 ----D---- C:\WINDOWS\system32\config
2010-08-15 16:29:38 ----D---- C:\Documents and Settings\Martin\Data aplikací\vlc
2010-08-15 16:26:47 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-15 16:26:33 ----D---- C:\Documents and Settings\Martin\Data aplikací\dvdcss
2010-08-15 12:51:48 ----D---- C:\WINDOWS\Debug
2010-08-14 16:13:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-14 16:12:30 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-08-14 11:45:07 ----D---- C:\Program Files\Warcraft III
2010-08-14 11:18:10 ----D---- C:\WINDOWS\Prefetch
2010-08-13 21:31:21 ----D---- C:\Documents and Settings\Martin\Data aplikací\Hamachi
2010-08-12 10:57:49 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-12 10:57:33 ----D---- C:\WINDOWS\system32\DirectX
2010-08-12 10:57:32 ----HD---- C:\WINDOWS\inf
2010-08-12 10:57:05 ----RSD---- C:\WINDOWS\assembly
2010-08-11 13:49:57 ----D---- C:\Program Files\Garena
2010-08-05 14:33:51 ----D---- C:\Program Files\Heroes of Newerth
2010-08-04 22:09:19 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-08-04 21:04:37 ----D---- C:\Program Files\Activision
2010-08-04 01:32:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-04 00:14:32 ----D---- C:\WINDOWS\Help
2010-08-04 00:12:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-03 12:03:48 ----D---- C:\WINDOWS\WinSxS
2010-07-31 19:08:25 ----D---- C:\Program Files\DIFX
2010-07-31 10:41:28 ----D---- C:\WINDOWS\RegisteredPackages
2010-07-31 10:33:49 ----A---- C:\WINDOWS\avisplitter.INI
2010-07-31 02:22:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-20 02:22:09 ----D---- C:\Documents and Settings\Martin\Data aplikací\Adobe
2010-07-20 02:22:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-06-10 45648]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\System32\drivers\sfsync04.sys [2006-08-11 59776]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-19 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-07-31 17480]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-10 10604128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-19 47360]
S2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys []
S3 arqyjjct;arqyjjct; C:\WINDOWS\system32\drivers\arqyjjct.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-08-04 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-08-14 214520]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-12-19 355584]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Zde na mate T-Cleaner v raru http://leteckaposta.cz/619491773
kdyztak pred rozbalenim vypnete rezidentni stit antiviru, at Vam ho pri rozbalovani nesmazne - bohuzel je na nej paranoidni