Co pamatuji je to druhý stroj na kterém jsem detekoval přepisování systémové složky %systemroot% v registrech na hodnotu %fystemroot%.
Vyplatí se trpělivě poklidit a poškozené klíče opravit.
v tomto případě byl odpor tvrdý.
Proto žádám o pohled jiných očí, zde něco nezůstalo aktivní...
ComboFix 10-08-11.05 - Administrator 12.08.2010 13:15:36.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1015.642 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
c:\windows\system32\_003602_.tmp.dll
c:\windows\system32\_003603_.tmp.dll
c:\windows\system32\_003604_.tmp.dll
c:\windows\system32\_003605_.tmp.dll
c:\windows\system32\_003608_.tmp.dll
c:\windows\system32\_003612_.tmp.dll
c:\windows\system32\_003613_.tmp.dll
c:\windows\system32\_003614_.tmp.dll
c:\windows\system32\_003615_.tmp.dll
c:\windows\system32\_003617_.tmp.dll
c:\windows\system32\_003618_.tmp.dll
c:\windows\system32\_003619_.tmp.dll
c:\windows\system32\_003621_.tmp.dll
c:\windows\system32\_003622_.tmp.dll
c:\windows\system32\_003624_.tmp.dll
c:\windows\system32\_003625_.tmp.dll
c:\windows\system32\_003626_.tmp.dll
c:\windows\system32\_003628_.tmp.dll
c:\windows\system32\_003630_.tmp.dll
c:\windows\system32\_003631_.tmp.dll
c:\windows\system32\_003632_.tmp.dll
c:\windows\system32\_003636_.tmp.dll
c:\windows\system32\_003637_.tmp.dll
c:\windows\system32\_003639_.tmp.dll
c:\windows\system32\_003641_.tmp.dll
c:\windows\system32\_003642_.tmp.dll
c:\windows\system32\_003644_.tmp.dll
c:\windows\system32\_003645_.tmp.dll
c:\windows\system32\_003646_.tmp.dll
c:\windows\system32\_003647_.tmp.dll
c:\windows\system32\_003648_.tmp.dll
c:\windows\system32\_003651_.tmp.dll
c:\windows\system32\_003652_.tmp.dll
c:\windows\system32\_003653_.tmp.dll
c:\windows\system32\_003654_.tmp.dll
c:\windows\system32\_003655_.tmp.dll
c:\windows\system32\_003656_.tmp.dll
c:\windows\system32\_003660_.tmp.dll
c:\windows\system32\_003662_.tmp.dll
c:\windows\system32\drivers\f00e16d7.sys
c:\windows\system32\oaKelNt.dll
c:\windows\system32\pwdmon.dll
c:\windows\system32\SOCKETX.DLL
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_sshnas
-------\Service_f00e16d7
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-12 do 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-11 13:12 . 2010-08-11 13:15 -------- d-----w- c:\windows\l2schemas
2010-08-11 13:12 . 2010-08-11 13:16 -------- d-----w- c:\windows\system32\cs
2010-08-11 13:12 . 2010-08-11 13:16 -------- d-----w- c:\windows\system32\bits
2010-08-11 13:00 . 2004-08-17 22:49 126976 ----a-w- c:\windows\system32\dllcache\apphelp.dll
2010-08-11 12:59 . 2007-02-28 16:05 2059776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 12:54 . 2010-08-11 13:13 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-08-11 12:05 . 2010-08-11 12:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-08-11 09:19 . 2010-08-11 09:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-11 08:17 . 2010-08-11 11:44 -------- d-----w- C:\AULOGS
2010-08-11 07:25 . 2010-08-11 07:25 -------- d-----w- c:\program files\Trend Micro
2010-08-11 07:13 . 2010-08-11 07:13 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-08-11 07:13 . 2010-08-11 07:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-11 07:11 . 2010-08-11 07:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-10 05:42 . 2003-08-18 14:49 327680 ----a-r- c:\windows\system32\icpkcsip.dll
2010-08-10 05:40 . 2003-08-19 10:03 192512 ----a-w- c:\windows\system32\icpkcsi.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 10:30 . 2005-06-21 11:12 -------- d-----w- c:\program files\ESET
2010-08-11 13:37 . 2006-10-26 06:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-11 09:21 . 2005-06-15 12:38 -------- d-----w- c:\program files\freeCommander
2010-08-11 07:21 . 2005-04-13 15:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-10 06:09 . 2005-10-19 09:23 -------- d-----w- c:\program files\CSOB BusinessBanking 24
2010-08-10 05:49 . 2006-03-17 08:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-10 05:42 . 2007-07-19 12:22 -------- d-----w- c:\program files\CryptoPlus
2010-07-08 05:15 . 1980-01-01 07:00 90482 ----a-w- c:\windows\system32\perfc005.dat
2010-07-08 05:15 . 1980-01-01 07:00 455994 ----a-w- c:\windows\system32\perfh005.dat
2010-07-07 05:18 . 2010-07-07 05:18 -------- d-----w- c:\program files\IObit
2010-06-23 12:52 . 2010-06-23 12:52 -------- d-----w- c:\program files\Perfect Data Solutions
2010-06-14 05:32 . 2005-06-20 07:03 -------- d-----w- c:\program files\profibanka
2010-05-26 14:10 . 2010-05-26 14:10 988513 ----a-w- C:\ps_okrsek.exe
2010-05-26 13:15 . 2010-05-26 14:14 635173 ----a-w- C:\psarchvo.exe
2010-05-26 05:49 . 2010-05-26 14:14 600576 ----a-w- C:\pssetupo.exe
2010-05-20 05:48 . 2009-11-03 06:30 96256 ----a-w- c:\windows\system32\PrintMon.dll
2010-05-20 05:48 . 2007-01-16 07:45 334848 ----a-r- c:\windows\system32\oacoinst.dll
2010-05-20 05:48 . 2007-01-16 07:45 37376 ------r- c:\windows\system32\drivers\oafile.sys
2010-05-20 05:48 . 2007-01-16 07:45 18944 ------r- c:\windows\system32\drivers\oaRegMgr.sys
2010-05-20 05:48 . 2007-01-16 07:45 273408 ----a-r- c:\windows\system32\oaPassCn.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-04-20 438272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-08-28 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-08-28 118784]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2003-09-30 36864]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-04-20 438272]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe" [2003-03-31 28672]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\hylsova.MUUO.CZ\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\ucsmb.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FourJs\\cliwtk\\bin\\wtk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5509:TCP"= 5509:TCP:oa_nh9
"5508:TCP"= 5508:TCP:oa_nh8
"5507:TCP"= 5507:TCP:oa_nh7
"5506:TCP"= 5506:TCP:oa_nh6
"5505:TCP"= 5505:TCP:oa_nh5
"5504:TCP"= 5504:TCP:oa_nh4
"5503:TCP"= 5503:TCP:oa_nh3
"5502:TCP"= 5502:TCP:oa_nh2
"5501:TCP"= 5501:TCP:oa_nh1
"5500:TCP"= 5500:TCP:oa_nh0
"5020:TCP"= 5020:TCP:oa_rcclient
R0 oaFile;oaFile;c:\windows\system32\drivers\oafile.sys [16.1.2007 9:45 37376]
R0 oaRegMgr;oaRegMgr;c:\windows\system32\drivers\oaRegMgr.sys [16.1.2007 9:45 18944]
R2 602xml updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 73728]
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA [?]
R3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [19.10.2005 11:17 61840]
S3 BIFLAK;BIFLAK;\??\c:\pcinfo\biflak.sys --> c:\pcinfo\biflak.sys [?]
S3 RmcSvc;Rmc Service;c:\windows\system32\rmc.exe [21.11.2005 16:59 46592]
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA [?]
S4 oaServerNT;oaServerNT;c:\program files\OA10\oaServerNT --> c:\program files\OA10\oaServerNT [?]
S4 rcClient;rcClient;c:\program files\OA10\rcClient --> c:\program files\OA10\rcClient [?]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - egathdrv
*Deregistered* - EGATHDRV
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
2005-06-15 c:\windows\Tasks\Připomenutí registrace 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2003-03-12 22:49]
2010-08-12 c:\windows\Tasks\User_Feed_Synchronization-{6D202921-4E6C-4278-95FD-A2B1AF09F1FB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2010-08-12 c:\windows\Tasks\User_Feed_Synchronization-{AE852C7C-60DB-4DBD-B6AA-45A9D5EA6D15}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: e&xportovat do aplikace microsoft office excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-Locked - (no file)
HKLM-Run-RosaKr32 Startup - \\urad\vera\rosa\bin\RosaKr32.exe
Notify-dimsntfy - (no file)
MSConfigStartUp-WinVNC - c:\pcinfo\WINVNC.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 13:50
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oaServerNT]
"ImagePath"="c:\program files\OA10\oaServerNT"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rcClient]
"ImagePath"="c:\program files\OA10\rcClient"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2924249470-1802343777-2575672110-500\Software\Microsoft\Internet Explorer\user preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,3c,19,0a,82,fc,8f,43,9e,5a,24,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,3c,19,0a,82,fc,8f,43,9e,5a,24,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3432)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\rdpclip.exe
c:\windows\system32\ICO.EXE
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
.
**************************************************************************
.
Celkový čas: 2010-08-12 13:52:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-12 11:52
Před spuštěním: Volných bajtů: 21 392 433 152
Po spuštění: Volných bajtů: 21 393 846 272
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
- - End Of File - - 8298D924D434E5D3F608BED2430FA12D
Děkuji.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
PC - klient odmítá kryptovací funkce, přepisuje %systemroot
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
zdravim
dotaz:
+ c:\program files\OA10 - to je co, prosim pekne? (predpokladam, ze to ma cosi do cineni s bankovnimi aplikacemi, ale sichr je sichr
dotaz:
tyhle porty jsou pootvirane zamerne?[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5509:TCP"= 5509:TCP:oa_nh9
"5508:TCP"= 5508:TCP:oa_nh8
"5507:TCP"= 5507:TCP:oa_nh7
"5506:TCP"= 5506:TCP:oa_nh6
"5505:TCP"= 5505:TCP:oa_nh5
"5504:TCP"= 5504:TCP:oa_nh4
"5503:TCP"= 5503:TCP:oa_nh3
"5502:TCP"= 5502:TCP:oa_nh2
"5501:TCP"= 5501:TCP:oa_nh1
"5500:TCP"= 5500:TCP:oa_nh0
"5020:TCP"= 5020:TCP:oa_rcclient
+ c:\program files\OA10 - to je co, prosim pekne? (predpokladam, ze to ma cosi do cineni s bankovnimi aplikacemi, ale sichr je sichr
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
c:\program files\OA10
Jedná se o základní adresář OptimAccessu ( http://www.sodatsw.cz/produkty/optimaccess.html )
OptimAccess představuje nástroj nové generace, který řeší správu informačního systému organizace
5020:TCP"= 5020:TCP:oa_rcclient by mol být otevřen právě touto aplikací
Používáme tuto aplikaci na SW a HW audit - licencovaná aplikace.
Jedná se o základní adresář OptimAccessu ( http://www.sodatsw.cz/produkty/optimaccess.html )
OptimAccess představuje nástroj nové generace, který řeší správu informačního systému organizace
5020:TCP"= 5020:TCP:oa_rcclient by mol být otevřen právě touto aplikací
Používáme tuto aplikaci na SW a HW audit - licencovaná aplikace.
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
ptam se takhle blbe proto, ze se to bezne nevidi a informace je treba ziskavat 
c:\windows\system32\rmc.exe otestujte na VIRUSTOTALu
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet, najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor, ignorujte pripadne hlasky, ze soubor byl jiz testovan a provedte sken znova; dejte skenerum nejakych deset minut; vysledek sem vlozte at uz zkopirovanim textu, nebo pripadne vlozenim odkazu po ukonceni skenu)
c:\windows\system32\rmc.exe otestujte na VIRUSTOTALu
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet, najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor, ignorujte pripadne hlasky, ze soubor byl jiz testovan a provedte sken znova; dejte skenerum nejakych deset minut; vysledek sem vlozte at uz zkopirovanim textu, nebo pripadne vlozenim odkazu po ukonceni skenu)
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
Naporozuměl jsem výsletku z www.virustotal.com
Vypadá to jako seznam antivitů, které co...?
My používáme na klientech NOD32 a ten je nyní v době práce s Conbofix odinstalován.
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: f87d01f8540451ade69b96fa27e7b25c
Date first seen: 2006-11-30 15:09:41 (UTC)
Date last seen: 2010-08-13 05:33:18 (UTC)
Detection ratio: 9/39
What do you wish to do?
MD5 : f87d01f8540451ade69b96fa27e7b25c
SHA1 : 3fd16843077ba2dc9ef6a298cae7f6438b79f3bb
SHA256: b400ee2dd5b798c8681336286fd4786da63f89251a3a281ba8b3672efbd5d3e4
ssdeep: 768:RZz6xQ3UYMzqJPhmDgcvOFLSf92MD4bjkXmCLf8HN/EWfGDPDLvZly/9A:mxKpN4DgEELg9
5OjkX/L0t/Uy1A
File size : 46592 bytes
First seen: 2006-11-30 15:09:41
Last seen : 2010-08-13 05:33:18
Magic: PE32 executable for MS Windows (console) Intel 80386 32-bit
TrID:
76.1% (.EXE) tElock compressed/encrypted Win32 executable (37096/34/4)
15.5% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
4.1% (.EXE) Generic Win/DOS Executable (2002/3)
4.1% (.EXE) DOS Executable Generic (2000/1)
0.0% (.VXD) VXD Driver (31/22)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: tElock v0.98
packers (F-Prot): TeLock
packers (Kaspersky): PE_Patch, TeLock
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1CBD6
timedatestamp....: 0x439E69C0 (Tue Dec 13 06:27:12 2005)
machinetype......: 0x14C (Intel I386)
[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
4867703, 0x1000, 0xC000, 0x6E00, 7.99, e856a07a75cc472edffd4360dc4f9e6e
9746202, 0xD000, 0x9000, 0x1200, 7.96, 7c68c0fdf5810ca0ddfe2a83b3601d51
4935512, 0x16000, 0x1000, 0x200, 0.0, bf619eac0cdf3f68d496ea9344137e8b
1652496, 0x17000, 0x1000, 0x200, 7.61, b89b0af90c66d21ef26f7459411eaceb
3797903, 0x18000, 0x1000, 0x600, 7.88, 8d4458c932757076964647882b038715
5595403, 0x19000, 0x1000, 0x200, 1.17, 67bc19155a4cbdfe1c97c138db17527d
.rsrc, 0x1A000, 0x1000, 0x200, 0.93, 13ee5f785ec8e44e041eb8a37b1e292f
4889465, 0x1B000, 0x3000, 0x2200, 7.64, 748f0ce1ee761c123c277560d31436a1
[[ 2 import(s) ]]
kernel32.dll: GetModuleHandleA
user32.dll: MessageBoxA
[[ 2 export(s) ]]
__GetExceptDLLinfo, ___CPPdebugHook
CWSandbox:
http://research.sunbelt-software.com/pa ... fa27e7b25c
Symantec reputation:Suspicious.Insight
AhnLab-V3 2010.08.13.00 2010.08.12 -
AntiVir 8.2.4.34 2010.08.12 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.12 -
Avast 4.8.1351.0 2010.08.12 -
Avast5 5.0.332.0 2010.08.12 -
AVG 9.0.0.851 2010.08.12 -
BitDefender 7.2 2010.08.13 -
CAT-QuickHeal 11.00 2010.08.13 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.08.13 PUA.Packed.TeLock
Comodo 5721 2010.08.13 Heur.Pck.tElock
Emsisoft 5.0.0.37 2010.08.13 -
eSafe 7.0.17.0 2010.08.12 -
eTrust-Vet 36.1.7785 2010.08.12 -
F-Prot 4.6.1.107 2010.08.12 -
Fortinet 4.1.143.0 2010.08.12 RAT/RemoteExec
GData 21 2010.08.13 -
Ikarus T3.1.1.88.0 2010.08.13 -
Jiangmin 13.0.900 2010.08.12 -
Kaspersky 7.0.0.125 2010.08.13 not-a-virus:RemoteAdmin.Win32.RemoteExec.t
McAfee 5.400.0.1158 2010.08.13 -
McAfee-GW-Edition 2010.1 2010.08.13 -
Microsoft 1.6004 2010.08.12 -
NOD32 5362 2010.08.13 -
Norman 6.05.11 2010.08.12 -
nProtect 2010-08-12.03 2010.08.12 -
Panda 10.0.2.7 2010.08.12 Suspicious file
PCTools 7.0.3.5 2010.08.13 -
Prevx 3.0 2010.08.13 -
Rising 22.60.04.01 2010.08.13 -
Sophos 4.56.0 2010.08.13 Sus/ComPack-C
Sunbelt 6727 2010.08.13 -
SUPERAntiSpyware 4.40.0.1006 2010.08.13 -
Symantec 20101.1.1.7 2010.08.13 -
TheHacker 6.5.2.1.344 2010.08.13 W32/Behav-Heuristic-066
TrendMicro 9.120.0.1004 2010.08.13 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.08.13 -
ViRobot 2010.8.9.3978 2010.08.13 -
VirusBuster 5.0.27.0 2010.08.12 -
Vypadá to jako seznam antivitů, které co...?
My používáme na klientech NOD32 a ten je nyní v době práce s Conbofix odinstalován.
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: f87d01f8540451ade69b96fa27e7b25c
Date first seen: 2006-11-30 15:09:41 (UTC)
Date last seen: 2010-08-13 05:33:18 (UTC)
Detection ratio: 9/39
What do you wish to do?
MD5 : f87d01f8540451ade69b96fa27e7b25c
SHA1 : 3fd16843077ba2dc9ef6a298cae7f6438b79f3bb
SHA256: b400ee2dd5b798c8681336286fd4786da63f89251a3a281ba8b3672efbd5d3e4
ssdeep: 768:RZz6xQ3UYMzqJPhmDgcvOFLSf92MD4bjkXmCLf8HN/EWfGDPDLvZly/9A:mxKpN4DgEELg9
5OjkX/L0t/Uy1A
File size : 46592 bytes
First seen: 2006-11-30 15:09:41
Last seen : 2010-08-13 05:33:18
Magic: PE32 executable for MS Windows (console) Intel 80386 32-bit
TrID:
76.1% (.EXE) tElock compressed/encrypted Win32 executable (37096/34/4)
15.5% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
4.1% (.EXE) Generic Win/DOS Executable (2002/3)
4.1% (.EXE) DOS Executable Generic (2000/1)
0.0% (.VXD) VXD Driver (31/22)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: tElock v0.98
packers (F-Prot): TeLock
packers (Kaspersky): PE_Patch, TeLock
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1CBD6
timedatestamp....: 0x439E69C0 (Tue Dec 13 06:27:12 2005)
machinetype......: 0x14C (Intel I386)
[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
4867703, 0x1000, 0xC000, 0x6E00, 7.99, e856a07a75cc472edffd4360dc4f9e6e
9746202, 0xD000, 0x9000, 0x1200, 7.96, 7c68c0fdf5810ca0ddfe2a83b3601d51
4935512, 0x16000, 0x1000, 0x200, 0.0, bf619eac0cdf3f68d496ea9344137e8b
1652496, 0x17000, 0x1000, 0x200, 7.61, b89b0af90c66d21ef26f7459411eaceb
3797903, 0x18000, 0x1000, 0x600, 7.88, 8d4458c932757076964647882b038715
5595403, 0x19000, 0x1000, 0x200, 1.17, 67bc19155a4cbdfe1c97c138db17527d
.rsrc, 0x1A000, 0x1000, 0x200, 0.93, 13ee5f785ec8e44e041eb8a37b1e292f
4889465, 0x1B000, 0x3000, 0x2200, 7.64, 748f0ce1ee761c123c277560d31436a1
[[ 2 import(s) ]]
kernel32.dll: GetModuleHandleA
user32.dll: MessageBoxA
[[ 2 export(s) ]]
__GetExceptDLLinfo, ___CPPdebugHook
CWSandbox:
http://research.sunbelt-software.com/pa ... fa27e7b25c
Symantec reputation:Suspicious.Insight
AhnLab-V3 2010.08.13.00 2010.08.12 -
AntiVir 8.2.4.34 2010.08.12 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.12 -
Avast 4.8.1351.0 2010.08.12 -
Avast5 5.0.332.0 2010.08.12 -
AVG 9.0.0.851 2010.08.12 -
BitDefender 7.2 2010.08.13 -
CAT-QuickHeal 11.00 2010.08.13 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.08.13 PUA.Packed.TeLock
Comodo 5721 2010.08.13 Heur.Pck.tElock
Emsisoft 5.0.0.37 2010.08.13 -
eSafe 7.0.17.0 2010.08.12 -
eTrust-Vet 36.1.7785 2010.08.12 -
F-Prot 4.6.1.107 2010.08.12 -
Fortinet 4.1.143.0 2010.08.12 RAT/RemoteExec
GData 21 2010.08.13 -
Ikarus T3.1.1.88.0 2010.08.13 -
Jiangmin 13.0.900 2010.08.12 -
Kaspersky 7.0.0.125 2010.08.13 not-a-virus:RemoteAdmin.Win32.RemoteExec.t
McAfee 5.400.0.1158 2010.08.13 -
McAfee-GW-Edition 2010.1 2010.08.13 -
Microsoft 1.6004 2010.08.12 -
NOD32 5362 2010.08.13 -
Norman 6.05.11 2010.08.12 -
nProtect 2010-08-12.03 2010.08.12 -
Panda 10.0.2.7 2010.08.12 Suspicious file
PCTools 7.0.3.5 2010.08.13 -
Prevx 3.0 2010.08.13 -
Rising 22.60.04.01 2010.08.13 -
Sophos 4.56.0 2010.08.13 Sus/ComPack-C
Sunbelt 6727 2010.08.13 -
SUPERAntiSpyware 4.40.0.1006 2010.08.13 -
Symantec 20101.1.1.7 2010.08.13 -
TheHacker 6.5.2.1.344 2010.08.13 W32/Behav-Heuristic-066
TrendMicro 9.120.0.1004 2010.08.13 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.08.13 -
ViRobot 2010.8.9.3978 2010.08.13 -
VirusBuster 5.0.27.0 2010.08.12 -
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
dobre, v tom pripade tam uz nic nevidim
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
Vyřadil jsem z adresáře system32 soubor rmc.exe
Resetnul
Vyzkoušel jak se to chová.
Děs a hrůza. Dobu to trvá něž naběhne volání IE. Tak to ten soubor vrátim raději zpět.
Resetnul
Vyzkoušel jak se to chová.
Děs a hrůza. Dobu to trvá něž naběhne volání IE. Tak to ten soubor vrátim raději zpět.
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
Po detekci aktualizací přes web službu MS z IE Nástroje-> Aktualizace systému Windows
Je přitahován jeden aktualizační soubor a zkončí to chybou:
zase se přepisují cesty v registrech
%fystemroot%\System32\svchost.exe -k netsvcs
To vidím pouze na reinstalaci.
Je přitahován jeden aktualizační soubor a zkončí to chybou:
zase se přepisují cesty v registrech
%fystemroot%\System32\svchost.exe -k netsvcs
To vidím pouze na reinstalaci.
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
stahnete si OTL
v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"
po stazeni kliknete na tlacitko Prohledat, nechte to makat, az to dobehne, vysype to log, jeho obsah sem
v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"
po stazeni kliknete na tlacitko Prohledat, nechte to makat, az to dobehne, vysype to log, jeho obsah sem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
V tomto případě berme verzi OS pouze WIndows XP Profesionál.
O ničem jiném její řeč.
Sken z OTL je zde:
OTL logfile created on: 13.8.2010 12:43:06 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = \\urad\install\Opravy_WINDOWS\data\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 015,00 Mb Total Physical Memory | 630,00 Mb Available Physical Memory | 62,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33,76 Gb Total Space | 19,92 Gb Free Space | 58,99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HYLSOVA1
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.08.12 13:32:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- \\urad\install\Opravy_WINDOWS\data\OTL\OTL.exe
PRC - [2010.04.14 11:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2009.01.14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.11.02 10:32:07 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2004.08.18 00:49:30 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2004.08.18 00:49:28 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2004.04.20 11:01:20 | 000,438,272 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2004.03.19 22:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004.03.19 21:12:10 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004.02.27 19:29:24 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004.01.07 14:02:26 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2003.11.20 23:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003.11.07 04:24:32 | 000,131,072 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2003.11.07 00:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2003.07.30 18:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002.12.17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
PRC - [2002.12.17 17:23:32 | 000,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2002.09.21 00:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (SafeList) ==========
MOD - [2010.08.12 13:32:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- \\urad\install\Opravy_WINDOWS\data\OTL\OTL.exe
MOD - [2006.08.25 17:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.08.18 00:49:22 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2004.08.18 00:49:16 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2004.08.18 00:49:14 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2004.08.18 00:49:14 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2004.08.18 00:49:14 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2004.08.18 00:49:06 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2004.08.18 00:49:06 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2004.08.18 00:48:44 | 002,927,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2004.08.04 08:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\PCINFO\WINVNC.EXE -- (winvnc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\PsaSrv.exe -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.05.20 07:48:19 | 000,325,120 | R--- | M] (SODATSW) [Disabled | Stopped] -- C:\Program files\OA10\oaServerNT.exe -- (oaServerNT)
SRV - [2010.05.20 07:48:15 | 000,296,960 | R--- | M] (SODATSW) [Disabled | Stopped] -- C:\Program files\OA10\rcClient.exe -- (rcClient)
SRV - [2010.04.14 11:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602xml updater)
SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.01.14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (seaport)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (nettcpportsharing)
SRV - [2006.03.24 09:53:55 | 000,046,592 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\rmc.exe -- (RmcSvc)
SRV - [2005.09.02 11:12:58 | 000,323,584 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Enterprise Client\aaclient.exe -- (Ad-Axis Client)
SRV - [2004.03.19 22:21:10 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2002.12.17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -- (MSSQL$PROFIBANKA)
SRV - [2002.12.17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -- (SQLAgent$PROFIBANKA)
SRV - [2002.09.21 00:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PCINFO\biflak.sys -- (BIFLAK)
DRV - [2010.05.20 07:48:06 | 000,037,376 | R--- | M] (SODATSW) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\oafile.sys -- (oaFile)
DRV - [2010.05.20 07:48:05 | 000,018,944 | R--- | M] (SODATSW) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\oaRegMgr.sys -- (oaRegMgr)
DRV - [2009.08.05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2005.04.13 18:01:32 | 000,013,312 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2004.09.24 02:39:58 | 000,064,256 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004.08.04 08:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004.08.04 08:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004.08.04 07:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.06.28 11:06:26 | 000,061,840 | ---- | M] (Gemplus) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GTwinUSB.sys -- (GTwinUSB)
DRV - [2003.02.11 22:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003.01.10 22:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001.10.24 20:54:40 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.09.13 16:58:02 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2001.08.18 07:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.18 07:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.18 07:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.18 07:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.18 07:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.18 06:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.18 06:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.18 06:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.18 06:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.18 06:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.18 06:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.18 06:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.18 06:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.18 06:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.18 05:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Služba instalace zvukového ovladače Intel(r) (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\mozilla firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.04 15:18:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.11 11:19:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.2\Extensions\\Components: C:\PROGRA~1\MOZILL~1\components\ [2006.05.03 12:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.2\Extensions\\Plugins: C:\PROGRA~1\MOZILL~1\plugins\ [2006.03.17 10:15:39 | 000,000,000 | ---D | M]
[2010.02.04 15:17:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.11 14:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz
[2010.03.29 13:04:14 | 000,081,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npfiller.dll
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.08.12 13:46:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\..\Toolbar\webbrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe (Hewlett-Packard Inc.)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\hylsova.MUUO.CZ\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Přidat na blog - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Přidat na blog Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 1530978718 (WUWebControl Class)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... 41-win.cab (Java Plug-in 1.4.1)
O16 - DPF: {cafeefac-0015-0000-0007-abcdeffedcba} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {cafeefac-0016-0000-0018-abcdeffedcba} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {fd0b6769-6490-4a91-aa0a-b5ae0dc75ac9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.158
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.06.15 13:13:38 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.08.13 09:34:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.08.13 09:10:31 | 000,000,000 | ---D | C] -- C:\_zaloha_RMC
[2010.08.12 12:49:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.08.12 12:45:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.08.12 12:45:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.08.12 12:45:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.08.12 12:45:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.08.12 12:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.08.12 12:38:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.11 21:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Hewlett-Packard
[2010.08.11 15:32:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Plocha\spybotsd162.exe
[2010.08.11 15:27:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.08.11 15:12:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.08.11 15:12:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs
[2010.08.11 15:12:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.08.11 15:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010.08.11 15:01:44 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010.08.11 15:01:44 | 000,041,088 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010.08.11 15:01:39 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010.08.11 15:01:39 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2010.08.11 15:01:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tabletoc.dll
[2010.08.11 15:01:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asr_pfu.exe
[2010.08.11 15:01:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
[2010.08.11 15:01:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\medctroc.dll
[2010.08.11 15:01:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spiisupd.exe
[2010.08.11 15:01:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2010.08.11 15:01:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2010.08.11 15:01:38 | 002,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiagn.dll
[2010.08.11 15:01:38 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2010.08.11 15:01:38 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010.08.11 15:01:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprops.cpl
[2010.08.11 15:01:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2010.08.11 15:01:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2pgasvc.dll
[2010.08.11 15:01:38 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slcoinst.dll
[2010.08.11 15:01:38 | 000,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2010.08.11 15:01:38 | 000,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010.08.11 15:01:38 | 000,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2010.08.11 15:01:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secedit.exe
[2010.08.11 15:01:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdukx.dll
[2010.08.11 15:01:38 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010.08.11 15:01:38 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
[2010.08.11 15:01:37 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2010.08.11 15:01:37 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irprops.cpl
[2010.08.11 15:01:37 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2010.08.11 15:01:37 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2010.08.11 15:01:37 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slserv.exe
[2010.08.11 15:01:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010.08.11 15:01:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrpnsp.dll
[2010.08.11 15:01:37 | 000,041,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amdk7.sys
[2010.08.11 15:01:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelppm.sys
[2010.08.11 15:01:37 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2010.08.11 15:01:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscntfy.exe
[2010.08.11 15:01:37 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tunmp.sys
[2010.08.11 15:01:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2010.08.11 15:01:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprpres.dll
[2010.08.11 15:01:37 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010.08.11 15:01:37 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
[2010.08.11 15:01:36 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msftedit.dll
[2010.08.11 15:01:36 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2psvc.dll
[2010.08.11 15:01:36 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2010.08.11 15:01:36 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2pgraph.dll
[2010.08.11 15:01:36 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slgen.dll
[2010.08.11 15:01:36 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscui.cpl
[2010.08.11 15:01:36 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\firewall.cpl
[2010.08.11 15:01:36 | 000,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2010.08.11 15:01:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sdbus.sys
[2010.08.11 15:01:36 | 000,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ip6fw.sys
[2010.08.11 15:01:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netsetup.cpl
[2010.08.11 15:01:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2010.08.11 15:01:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ssl.dll
[2010.08.11 15:01:36 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010.08.11 15:01:36 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2010.08.11 15:01:36 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2010.08.11 15:01:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2010.08.11 15:01:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsmsno.dll
[2010.08.11 15:01:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfi1.dll
[2010.08.11 15:01:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmlt47.dll
[2010.08.11 15:01:36 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010.08.11 15:01:36 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\siint5.dll
[2010.08.11 15:01:35 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnb.dll
[2010.08.11 15:01:35 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbeio.dll
[2010.08.11 15:01:35 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadiag.dll
[2010.08.11 15:01:35 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshbth.dll
[2010.08.11 15:01:35 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2010.08.11 15:01:35 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slrundll.exe
[2010.08.11 15:01:35 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2010.08.11 15:01:35 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010.08.11 15:01:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hccoin.dll
[2010.08.11 15:01:35 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010.08.11 15:01:35 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbali.sys
O ničem jiném její řeč.
Sken z OTL je zde:
OTL logfile created on: 13.8.2010 12:43:06 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = \\urad\install\Opravy_WINDOWS\data\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 015,00 Mb Total Physical Memory | 630,00 Mb Available Physical Memory | 62,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33,76 Gb Total Space | 19,92 Gb Free Space | 58,99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HYLSOVA1
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.08.12 13:32:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- \\urad\install\Opravy_WINDOWS\data\OTL\OTL.exe
PRC - [2010.04.14 11:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2009.01.14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.11.02 10:32:07 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2004.08.18 00:49:30 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2004.08.18 00:49:28 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2004.04.20 11:01:20 | 000,438,272 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2004.03.19 22:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004.03.19 21:12:10 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004.02.27 19:29:24 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004.01.07 14:02:26 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2003.11.20 23:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003.11.07 04:24:32 | 000,131,072 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2003.11.07 00:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2003.07.30 18:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002.12.17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
PRC - [2002.12.17 17:23:32 | 000,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2002.09.21 00:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (SafeList) ==========
MOD - [2010.08.12 13:32:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- \\urad\install\Opravy_WINDOWS\data\OTL\OTL.exe
MOD - [2006.08.25 17:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.08.18 00:49:22 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2004.08.18 00:49:16 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2004.08.18 00:49:14 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2004.08.18 00:49:14 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2004.08.18 00:49:14 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2004.08.18 00:49:06 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2004.08.18 00:49:06 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2004.08.18 00:48:44 | 002,927,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2004.08.04 08:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\PCINFO\WINVNC.EXE -- (winvnc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\PsaSrv.exe -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.05.20 07:48:19 | 000,325,120 | R--- | M] (SODATSW) [Disabled | Stopped] -- C:\Program files\OA10\oaServerNT.exe -- (oaServerNT)
SRV - [2010.05.20 07:48:15 | 000,296,960 | R--- | M] (SODATSW) [Disabled | Stopped] -- C:\Program files\OA10\rcClient.exe -- (rcClient)
SRV - [2010.04.14 11:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602xml updater)
SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.01.14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (seaport)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (nettcpportsharing)
SRV - [2006.03.24 09:53:55 | 000,046,592 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\rmc.exe -- (RmcSvc)
SRV - [2005.09.02 11:12:58 | 000,323,584 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Enterprise Client\aaclient.exe -- (Ad-Axis Client)
SRV - [2004.03.19 22:21:10 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2002.12.17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -- (MSSQL$PROFIBANKA)
SRV - [2002.12.17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -- (SQLAgent$PROFIBANKA)
SRV - [2002.09.21 00:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PCINFO\biflak.sys -- (BIFLAK)
DRV - [2010.05.20 07:48:06 | 000,037,376 | R--- | M] (SODATSW) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\oafile.sys -- (oaFile)
DRV - [2010.05.20 07:48:05 | 000,018,944 | R--- | M] (SODATSW) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\oaRegMgr.sys -- (oaRegMgr)
DRV - [2009.08.05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2005.04.13 18:01:32 | 000,013,312 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2004.09.24 02:39:58 | 000,064,256 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004.08.04 08:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004.08.04 08:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004.08.04 07:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.06.28 11:06:26 | 000,061,840 | ---- | M] (Gemplus) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GTwinUSB.sys -- (GTwinUSB)
DRV - [2003.02.11 22:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003.01.10 22:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001.10.24 20:54:40 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.09.13 16:58:02 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2001.08.18 07:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.18 07:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.18 07:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.18 07:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.18 07:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.18 06:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.18 06:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.18 06:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.18 06:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.18 06:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.18 06:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.18 06:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.18 06:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.18 06:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.18 05:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Služba instalace zvukového ovladače Intel(r) (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\mozilla firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.04 15:18:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.11 11:19:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.2\Extensions\\Components: C:\PROGRA~1\MOZILL~1\components\ [2006.05.03 12:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.2\Extensions\\Plugins: C:\PROGRA~1\MOZILL~1\plugins\ [2006.03.17 10:15:39 | 000,000,000 | ---D | M]
[2010.02.04 15:17:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.11 14:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz
[2010.03.29 13:04:14 | 000,081,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npfiller.dll
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.08.12 13:46:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\..\Toolbar\webbrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe (Hewlett-Packard Inc.)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\hylsova.MUUO.CZ\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2924249470-1802343777-2575672110-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Přidat na blog - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Přidat na blog Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 1530978718 (WUWebControl Class)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... 41-win.cab (Java Plug-in 1.4.1)
O16 - DPF: {cafeefac-0015-0000-0007-abcdeffedcba} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {cafeefac-0016-0000-0018-abcdeffedcba} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {fd0b6769-6490-4a91-aa0a-b5ae0dc75ac9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.158
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.06.15 13:13:38 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.08.13 09:34:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.08.13 09:10:31 | 000,000,000 | ---D | C] -- C:\_zaloha_RMC
[2010.08.12 12:49:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.08.12 12:45:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.08.12 12:45:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.08.12 12:45:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.08.12 12:45:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.08.12 12:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.08.12 12:38:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.11 21:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Hewlett-Packard
[2010.08.11 15:32:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Plocha\spybotsd162.exe
[2010.08.11 15:27:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.08.11 15:12:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.08.11 15:12:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs
[2010.08.11 15:12:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.08.11 15:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010.08.11 15:01:44 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010.08.11 15:01:44 | 000,041,088 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010.08.11 15:01:39 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010.08.11 15:01:39 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2010.08.11 15:01:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tabletoc.dll
[2010.08.11 15:01:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asr_pfu.exe
[2010.08.11 15:01:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
[2010.08.11 15:01:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\medctroc.dll
[2010.08.11 15:01:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spiisupd.exe
[2010.08.11 15:01:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2010.08.11 15:01:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2010.08.11 15:01:38 | 002,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiagn.dll
[2010.08.11 15:01:38 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2010.08.11 15:01:38 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010.08.11 15:01:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprops.cpl
[2010.08.11 15:01:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2010.08.11 15:01:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2pgasvc.dll
[2010.08.11 15:01:38 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slcoinst.dll
[2010.08.11 15:01:38 | 000,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2010.08.11 15:01:38 | 000,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010.08.11 15:01:38 | 000,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2010.08.11 15:01:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secedit.exe
[2010.08.11 15:01:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdukx.dll
[2010.08.11 15:01:38 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010.08.11 15:01:38 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
[2010.08.11 15:01:37 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2010.08.11 15:01:37 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irprops.cpl
[2010.08.11 15:01:37 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2010.08.11 15:01:37 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2010.08.11 15:01:37 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slserv.exe
[2010.08.11 15:01:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010.08.11 15:01:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrpnsp.dll
[2010.08.11 15:01:37 | 000,041,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amdk7.sys
[2010.08.11 15:01:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelppm.sys
[2010.08.11 15:01:37 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2010.08.11 15:01:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscntfy.exe
[2010.08.11 15:01:37 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tunmp.sys
[2010.08.11 15:01:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2010.08.11 15:01:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprpres.dll
[2010.08.11 15:01:37 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010.08.11 15:01:37 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
[2010.08.11 15:01:36 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msftedit.dll
[2010.08.11 15:01:36 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2psvc.dll
[2010.08.11 15:01:36 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2010.08.11 15:01:36 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2pgraph.dll
[2010.08.11 15:01:36 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slgen.dll
[2010.08.11 15:01:36 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscui.cpl
[2010.08.11 15:01:36 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\firewall.cpl
[2010.08.11 15:01:36 | 000,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2010.08.11 15:01:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sdbus.sys
[2010.08.11 15:01:36 | 000,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ip6fw.sys
[2010.08.11 15:01:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netsetup.cpl
[2010.08.11 15:01:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2010.08.11 15:01:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ssl.dll
[2010.08.11 15:01:36 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010.08.11 15:01:36 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2010.08.11 15:01:36 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2010.08.11 15:01:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2010.08.11 15:01:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsmsno.dll
[2010.08.11 15:01:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfi1.dll
[2010.08.11 15:01:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmlt47.dll
[2010.08.11 15:01:36 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010.08.11 15:01:36 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\siint5.dll
[2010.08.11 15:01:35 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnb.dll
[2010.08.11 15:01:35 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbeio.dll
[2010.08.11 15:01:35 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadiag.dll
[2010.08.11 15:01:35 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshbth.dll
[2010.08.11 15:01:35 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2010.08.11 15:01:35 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slrundll.exe
[2010.08.11 15:01:35 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2010.08.11 15:01:35 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010.08.11 15:01:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hccoin.dll
[2010.08.11 15:01:35 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010.08.11 15:01:35 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbali.sys
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
[2010.08.11 15:01:35 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbali.sys
[2010.08.11 15:01:33 | 004,263,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2010.08.11 15:01:33 | 000,188,928 | ---- | C] (Společnost Microsoft) -- C:\WINDOWS\System32\dllcache\sprs0405.dll
[2010.08.11 15:01:33 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2010.08.11 15:01:33 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwcfg.dll
[2010.08.11 15:01:33 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010.08.11 15:01:33 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
[2010.08.11 15:01:33 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010.08.11 15:01:33 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\ch7xxnt5.dll
[2010.08.11 15:01:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbinst.exe
[2010.08.11 15:01:32 | 000,262,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2010.08.11 15:01:32 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2010.08.11 15:01:31 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2010.08.11 15:01:30 | 002,927,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprt0405.dll
[2010.08.11 15:01:30 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhd.dll
[2010.08.11 15:01:30 | 001,689,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d9.dll
[2010.08.11 15:01:30 | 000,937,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winbrand.dll
[2010.08.11 15:01:30 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2010.08.11 15:01:30 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2010.08.11 15:01:30 | 000,463,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrs0405.dll
[2010.08.11 15:01:30 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssap.dll
[2010.08.11 15:01:30 | 000,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2010.08.11 15:01:30 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2pnetsh.dll
[2010.08.11 15:01:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010.08.11 15:01:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\twext.dll
[2010.08.11 15:01:30 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010.08.11 15:01:30 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2010.08.11 15:01:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spnpinst.exe
[2010.08.11 15:01:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmal.dll
[2010.08.11 15:01:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2010.08.11 15:01:29 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2010.08.11 15:01:29 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slextspk.dll
[2010.08.11 15:01:29 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fsquirt.exe
[2010.08.11 15:01:29 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqldb20.dll
[2010.08.11 15:01:29 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xmlprov.dll
[2010.08.11 15:01:29 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlse20.dll
[2010.08.11 15:01:29 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\btpanui.dll
[2010.08.11 15:01:29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xmlprovi.dll
[2010.08.11 15:01:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbth.sys
[2010.08.11 15:01:29 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2010.08.11 15:01:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthci.dll
[2010.08.11 15:01:29 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2010.08.11 15:01:29 | 000,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssmbios.sys
[2010.08.11 15:01:29 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidir.sys
[2010.08.11 15:01:29 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmsetacl.dll
[2010.08.11 15:01:29 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sffdisk.sys
[2010.08.11 15:01:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sffp_sd.sys
[2010.08.11 15:01:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinbe1.dll
[2010.08.11 15:01:29 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010.08.11 15:01:29 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
[2010.08.11 15:01:28 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2010.08.11 15:01:28 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlqp20.dll
[2010.08.11 15:01:28 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2010.08.11 15:01:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscsvc.dll
[2010.08.11 15:01:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powercfg.exe
[2010.08.11 15:01:28 | 000,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gagp30kx.sys
[2010.08.11 15:01:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthserv.dll
[2010.08.11 15:01:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2010.08.11 15:01:28 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2010.08.11 15:01:28 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2010.08.11 15:01:28 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winshfhc.dll
[2010.08.11 15:01:28 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010.08.11 15:01:28 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2010.08.11 15:01:28 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010.08.11 15:01:28 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mutohpen.sys
[2010.08.11 15:01:28 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010.08.11 15:01:28 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\vchnt5.dll
[2010.08.11 15:01:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2010.08.11 15:01:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsmsfi.dll
[2010.08.11 15:01:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2010.08.11 15:01:28 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010.08.11 15:01:28 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
[2010.08.11 15:01:28 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010.08.11 15:01:28 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
[2010.08.11 15:01:27 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2010.08.11 15:01:27 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010.08.11 15:01:27 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2010.08.11 15:01:27 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010.08.11 15:01:27 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctfime.ime
[2010.08.11 15:01:27 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2p.dll
[2010.08.11 15:01:27 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2010.08.11 15:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blastcln.exe
[2010.08.11 15:01:27 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spgrmr.dll
[2010.08.11 15:01:27 | 000,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uagp35.sys
[2010.08.11 15:01:27 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2010.08.11 15:01:27 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfcisp2.dll
[2010.08.11 15:01:27 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010.08.11 15:01:27 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2010.08.11 15:01:27 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010.08.11 15:01:27 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2010.08.11 15:01:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\encapi.dll
[2010.08.11 15:01:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\auditusr.exe
[2010.08.11 15:01:27 | 000,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wacompen.sys
[2010.08.11 15:01:27 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2010.08.11 15:01:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdno1.dll
[2010.08.11 15:01:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2010.08.11 15:01:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinben.dll
[2010.08.11 15:01:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmlt48.dll
[2010.08.11 15:01:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmaori.dll
[2010.08.11 15:01:27 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010.08.11 15:01:27 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
[2010.08.11 15:01:27 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010.08.11 15:01:27 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
[2010.08.11 15:01:26 | 000,330,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010.08.11 15:01:26 | 000,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2010.08.11 15:01:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sdhcinst.dll
[2010.08.11 15:01:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2010.08.11 15:01:25 | 000,660,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqqm.dll
[2010.08.11 15:01:25 | 000,489,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqutil.dll
[2010.08.11 15:01:25 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqrt.dll
[2010.08.11 15:01:25 | 000,163,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwrdr.sys
[2010.08.11 15:01:25 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqad.dll
[2010.08.11 15:01:25 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsec.dll
[2010.08.11 15:01:25 | 000,072,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqac.sys
[2010.08.11 15:01:25 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwapi32.dll
[2010.08.11 15:01:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqupgrd.dll
[2010.08.11 15:01:25 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqdscli.dll
[2010.08.11 15:01:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqise.dll
[2010.08.11 15:01:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwwks.dll
[2010.08.11 15:01:10 | 001,852,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acgenral.dll
[2010.08.11 15:01:10 | 000,450,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.08.11 15:01:10 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsvr.exe
[2010.08.11 15:01:10 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acspecfc.dll
[2010.08.11 15:01:10 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclua.dll
[2010.08.11 15:01:10 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acxtrnal.dll
[2010.08.11 15:01:10 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdpv.dll
[2010.08.11 15:01:10 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdp2.dll
[2010.08.11 15:01:09 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010.08.11 15:01:09 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2010.08.11 15:01:08 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010.08.11 15:01:08 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010.08.11 15:01:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010.08.11 15:01:08 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010.08.11 15:01:07 | 002,138,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010.08.11 15:01:07 | 002,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010.08.11 15:01:07 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2010.08.11 15:01:07 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2010.08.11 15:01:03 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2010.08.11 15:01:00 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010.08.11 15:00:59 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apphelp.dll
[2010.08.11 15:00:58 | 001,023,488 | ---- | C] (Společnost Microsoft) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010.08.11 15:00:58 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2010.08.11 15:00:57 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ciodm.dll
[2010.08.11 15:00:55 | 001,055,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2010.08.11 15:00:52 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2010.08.11 15:00:52 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2010.08.11 15:00:50 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2010.08.11 15:00:49 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2010.08.11 15:00:49 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2010.08.11 15:00:48 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010.08.11 15:00:48 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hlink.dll
[2010.08.11 15:00:48 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2010.08.11 15:00:47 | 000,163,840 | ---- | C] (America Online) -- C:\WINDOWS\System32\dllcache\jgdw400.dll
[2010.08.11 15:00:47 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iphlpapi.dll
[2010.08.11 15:00:47 | 000,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\dllcache\jgpl400.dll
[2010.08.11 15:00:46 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010.08.11 15:00:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2010.08.11 15:00:45 | 000,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.08.11 15:00:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
[2010.08.11 15:00:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2010.08.11 15:00:39 | 001,104,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010.08.11 15:00:39 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2010.08.11 15:00:38 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010.08.11 15:00:38 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netsetup.exe
[2010.08.11 15:00:36 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledlg.dll
[2010.08.11 15:00:34 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2010.08.11 15:00:34 | 001,290,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010.08.11 15:00:34 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasmans.dll
[2010.08.11 15:00:34 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasadhlp.dll
[2010.08.11 15:00:33 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010.08.11 15:00:33 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riched20.dll
[2010.08.11 15:00:31 | 008,458,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010.08.11 15:00:31 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010.08.11 15:00:31 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2010.08.11 15:00:31 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimeng.dll
[2010.08.11 15:00:30 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2010.08.11 15:00:29 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2010.08.11 15:00:27 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnphost.dll
[2010.08.11 15:00:26 | 000,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.08.11 15:00:26 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2010.08.11 15:00:24 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiaservc.dll
[2010.08.11 15:00:24 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.drv
[2010.08.11 15:00:23 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010.08.11 15:00:14 | 000,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\autoconv.exe
[2010.08.11 15:00:14 | 000,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2010.08.11 15:00:14 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2010.08.11 15:00:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2010.08.11 15:00:13 | 000,983,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2010.08.11 15:00:13 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.08.11 15:00:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2010.08.11 15:00:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpcsvc.dll
[2010.08.11 15:00:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2010.08.11 15:00:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2010.08.11 15:00:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2010.08.11 15:00:12 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2010.08.11 15:00:12 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010.08.11 15:00:12 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2010.08.11 15:00:12 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2010.08.11 15:00:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2010.08.11 15:00:12 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2010.08.11 15:00:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2010.08.11 15:00:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2010.08.11 15:00:11 | 000,662,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2010.08.11 15:00:11 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2010.08.11 15:00:11 | 000,423,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2010.08.11 15:00:11 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2010.08.11 15:00:11 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2010.08.11 15:00:11 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwprovau.dll
[2010.08.11 15:00:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2010.08.11 15:00:11 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2010.08.11 15:00:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2010.08.11 15:00:11 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2010.08.11 15:00:10 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010.08.11 15:00:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2010.08.11 15:00:09 | 000,989,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2010.08.11 15:00:09 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2010.08.11 15:00:09 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2010.08.11 15:00:09 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2010.08.11 15:00:08 | 001,845,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010.08.11 15:00:08 | 001,845,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010.08.11 15:00:08 | 000,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2010.08.11 15:00:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2010.08.11 15:00:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2010.08.11 15:00:08 | 000,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010.08.11 15:00:08 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2010.08.11 15:00:08 | 000,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2010.08.11 15:00:07 | 000,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2010.08.11 15:00:07 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010.08.11 15:00:07 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010.08.11 15:00:07 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2010.08.11 15:00:07 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2010.08.11 15:00:06 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2010.08.11 15:00:06 | 000,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2010.08.11 15:00:06 | 000,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ks.sys
[2010.08.11 15:00:06 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2010.08.11 15:00:06 | 000,036,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2010.08.11 15:00:06 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2010.08.11 15:00:06 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2010.08.11 15:00:06 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2010.08.11 15:00:05 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.08.11 15:00:05 | 000,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2010.08.11 15:00:04 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2010.08.11 15:00:04 | 000,088,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2010.08.11 15:00:04 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2010.08.11 15:00:03 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010.08.11 15:00:03 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2010.08.11 15:00:03 | 000,068,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pci.sys
[2010.08.11 15:00:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2010.08.11 15:00:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciidex.sys
[2010.08.11 15:00:02 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2010.08.11 15:00:02 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010.08.11 15:00:02 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdbss.sys
[2010.08.11 15:00:02 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2010.08.11 15:00:02 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2010.08.11 15:00:01 | 000,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2010.08.11 15:00:01 | 000,332,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010.08.11 15:00:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2010.08.11 15:00:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2010.08.11 15:00:01 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2010.08.11 15:00:01 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2010.08.11 15:00:01 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2010.08.11 15:00:00 | 000,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
[2010.08.11 15:00:00 | 000,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010.08.11 15:00:00 | 000,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010.08.11 15:00:00 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbhub.sys
[2010.08.11 15:00:00 | 000,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2010.08.11 15:00:00 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2010.08.11 15:00:00 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2010.08.11 15:00:00 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2010.08.11 14:59:59 | 002,182,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010.08.11 14:59:59 | 002,182,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010.08.11 14:59:59 | 002,059,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010.08.11 14:59:59 | 002,059,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010.08.11 14:59:59 | 000,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2010.08.11 14:59:59 | 000,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2010.08.11 14:59:59 | 000,131,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2010.08.11 14:59:59 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2010.08.11 14:59:59 | 000,079,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2010.08.11 14:59:59 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010.08.11 14:59:59 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2010.08.11 14:59:59 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2010.08.11 14:54:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010.08.11 14:51:22 | 322,523,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.08.11 14:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2010.08.11 14:05:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010.08.11 13:48:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010.08.11 13:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GHISLER
[2010.08.11 13:33:41 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\MGADiag.exe
[2010.08.11 11:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Adobe
[2010.08.11 11:19:36 | 001,273,224 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\WindowsXP-KB927891-v3-x86-CSY.exe
[2010.08.11 11:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.08.11 11:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\AdobeUM
[2010.08.11 11:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Adobe
[2010.08.11 11:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\Opravy_WINDOWS
[2010.08.11 10:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Office Genuine Advantage
[2010.08.11 10:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\GHISLER
[2010.08.11 10:17:59 | 000,000,000 | ---D | C] -- C:\AULOGS
[2010.08.11 10:17:11 | 016,760,320 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\au_client_tool_v7.exe
[2010.08.11 09:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\IObit
[2010.08.11 09:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.08.11 09:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Sun
[2010.08.11 09:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Adobe
[2010.08.11 09:13:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010.08.11 09:13:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010.08.11 09:11:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010.08.10 07:42:33 | 000,327,680 | R--- | C] (Monet+,a.s.) -- C:\WINDOWS\System32\icpkcsip.dll
[2010.08.10 07:40:38 | 000,192,512 | ---- | C] (Monet+,a.s.) -- C:\WINDOWS\System32\icpkcsi.dll
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[237 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.08.13 12:40:00 | 000,000,482 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE852C7C-60DB-4DBD-B6AA-45A9D5EA6D15}.job
[2010.08.13 12:40:00 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6D202921-4E6C-4278-95FD-A2B1AF09F1FB}.job
[2010.08.13 09:23:35 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.13 09:13:52 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.08.13 09:13:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.13 09:13:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.13 09:12:58 | 1064,357,888 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.13 09:11:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.08.12 18:14:21 | 002,538,696 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.08.12 13:47:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.12 13:46:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.12 12:49:23 | 000,000,264 | RHS- | M] () -- C:\BOOT.INI
[2010.08.12 12:42:30 | 003,816,717 | R--- | M] () -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2010.08.11 16:32:04 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\IE_aktual1.bat
[2010.08.11 16:25:41 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\avenger.exe
[2010.08.11 16:24:02 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Co Microsoft podstrkává potají do vašich Windows.doc
[2010.08.11 16:23:37 | 000,037,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.08.11 16:16:02 | 044,089,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\avira_antivir_personal_en.exe
[2010.08.11 15:35:40 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Spybot - Search & Destroy.lnk
[2010.08.11 15:32:06 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Plocha\spybotsd162.exe
[2010.08.11 15:31:15 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.08.11 15:30:36 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.08.11 15:30:36 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.08.11 15:16:24 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010.08.11 14:34:01 | 000,003,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Windows Registry Editor Version 5.reg
[2010.08.11 14:21:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\xp_update_fix.exe
[2010.08.11 13:52:57 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.11 13:33:42 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\MGADiag.exe
[2010.08.11 11:21:09 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\FreeCommander.lnk
[2010.08.11 11:19:58 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.08.11 11:19:38 | 001,273,224 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\WindowsXP-KB927891-v3-x86-CSY.exe
[2010.08.11 10:46:10 | 000,000,390 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.08.11 10:17:14 | 016,760,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\au_client_tool_v7.exe
[2010.08.11 09:25:35 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\HijackThis.lnk
[2010.08.11 09:11:15 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Windows Media Player.lnk
[2010.08.10 07:42:35 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CSOB CryptoPlus.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[237 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.08.13 09:31:04 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\rmc.exe
[2010.08.12 12:49:23 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2010.08.12 12:49:21 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.08.12 12:45:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.08.12 12:45:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.08.12 12:45:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.08.12 12:45:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.08.12 12:45:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.08.11 16:32:04 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\IE_aktual1.bat
[2010.08.11 16:25:27 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\avenger.exe
[2010.08.11 16:24:01 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Co Microsoft podstrkává potají do vašich Windows.doc
[2010.08.11 16:16:00 | 044,089,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\avira_antivir_personal_en.exe
[2010.08.11 16:12:07 | 003,816,717 | R--- | C] () -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2010.08.11 15:35:40 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Spybot - Search & Destroy.lnk
[2010.08.11 15:35:38 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\IEreg-2.bat
[2010.08.11 15:35:33 | 000,002,145 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\IEreg.bat
[2010.08.11 15:01:39 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wstrendr.ax
[2010.08.11 15:01:39 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wstpager.ax
[2010.08.11 15:01:39 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010.08.11 15:01:39 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010.08.11 15:01:38 | 000,102,826 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010.08.11 15:01:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax
[2010.08.11 15:01:37 | 000,186,368 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2010.08.11 15:01:36 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2010.08.11 15:01:36 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2data.ax
[2010.08.11 15:01:36 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010.08.11 15:01:36 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010.08.11 15:01:28 | 000,759,966 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2010.08.11 15:01:12 | 000,086,336 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm
[2010.08.11 15:01:10 | 000,225,660 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2010.08.11 15:01:08 | 000,198,736 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2010.08.11 15:00:12 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\locale.nls
[2010.08.11 15:00:10 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sorttbls.nls
[2010.08.11 14:45:13 | 1064,357,888 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.11 14:34:01 | 000,003,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Windows Registry Editor Version 5.reg
[2010.08.11 14:21:30 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\xp_update_fix.exe
[2010.08.11 11:21:09 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\FreeCommander.lnk
[2010.08.11 11:19:57 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.08.11 09:25:35 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\HijackThis.lnk
[2010.08.11 09:13:41 | 000,002,632 | ---- | C] () -- C:\Documents and Settings\Administrator\ErrorLog.txt
[2010.08.11 09:13:28 | 000,000,482 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE852C7C-60DB-4DBD-B6AA-45A9D5EA6D15}.job
[2010.08.11 09:11:15 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Windows Media Player.lnk
[2010.08.10 07:42:37 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CSOB CryptoPlus.lnk
[2010.08.10 07:42:33 | 000,000,128 | R--- | C] () -- C:\WINDOWS\System32\icpkcsip.sig
[2010.02.04 14:59:16 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\ct.ini
[2009.12.16 11:05:42 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SecureStorePKCS11.dll
[2009.11.20 17:04:04 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCspRes.dll
[2009.11.20 17:03:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCSP.dll
[2009.11.20 17:02:52 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCore.dll
[2009.11.03 08:30:14 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\PrintMon.dll
[2009.10.01 14:01:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.05.14 15:29:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009.03.17 12:08:48 | 000,131,960 | ---- | C] () -- C:\WINDOWS\System32\ICAEnroll.dll
[2009.03.17 12:08:48 | 000,078,712 | ---- | C] () -- C:\WINDOWS\System32\ICARenewal.dll
[2006.11.02 10:35:31 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL
[2006.11.02 10:32:45 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2006.11.02 10:32:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2006.11.02 10:30:42 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2006.11.02 10:30:17 | 000,011,237 | ---- | C] () -- C:\WINDOWS\hplj1320.ini
[2006.03.13 15:34:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRTSERV.DLL
[2006.03.13 15:32:31 | 000,000,728 | ---- | C] () -- C:\WINDOWS\Setupwizard.ini
[2005.07.15 12:39:50 | 003,956,736 | ---- | C] () -- C:\WINDOWS\System32\qt-mt334.dll
[2005.07.15 01:35:56 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\reffileinfo.dll
[2005.07.15 01:35:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\aalog2xml.dll
[2005.06.29 18:19:48 | 000,954,368 | ---- | C] () -- C:\WINDOWS\System32\ice21.dll
[2005.06.29 18:19:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\iceutil21.dll
[2005.06.27 11:22:45 | 000,000,066 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.06.20 11:15:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\winklav.ini
[2005.06.20 11:15:21 | 000,001,734 | ---- | C] () -- C:\WINDOWS\wg2000.ini
[2005.06.20 09:07:17 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CrcValidation.dll
[2005.06.20 09:07:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\KBSQLSup.dll
[2005.06.20 09:03:25 | 000,000,239 | ---- | C] () -- C:\WINDOWS\pcb_msde.ini
[2005.06.15 15:35:33 | 000,000,456 | ---- | C] () -- C:\WINDOWS\4GLSRVI1.INI
[2005.06.15 14:44:50 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.04.13 18:10:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.04.13 18:08:54 | 000,005,126 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2005.04.13 18:08:54 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2005.04.13 18:08:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2005.04.13 18:07:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2005.04.13 18:07:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005.04.13 18:07:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005.04.13 17:44:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005.04.13 16:25:56 | 000,002,289 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.03.19 21:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004.01.09 15:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2001.07.31 12:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1980.01.01 09:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
< End of report >
[2010.08.11 15:01:33 | 004,263,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2010.08.11 15:01:33 | 000,188,928 | ---- | C] (Společnost Microsoft) -- C:\WINDOWS\System32\dllcache\sprs0405.dll
[2010.08.11 15:01:33 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2010.08.11 15:01:33 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwcfg.dll
[2010.08.11 15:01:33 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010.08.11 15:01:33 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
[2010.08.11 15:01:33 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010.08.11 15:01:33 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\ch7xxnt5.dll
[2010.08.11 15:01:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbinst.exe
[2010.08.11 15:01:32 | 000,262,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2010.08.11 15:01:32 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2010.08.11 15:01:31 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2010.08.11 15:01:30 | 002,927,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprt0405.dll
[2010.08.11 15:01:30 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhd.dll
[2010.08.11 15:01:30 | 001,689,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d9.dll
[2010.08.11 15:01:30 | 000,937,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winbrand.dll
[2010.08.11 15:01:30 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2010.08.11 15:01:30 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2010.08.11 15:01:30 | 000,463,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrs0405.dll
[2010.08.11 15:01:30 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssap.dll
[2010.08.11 15:01:30 | 000,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2010.08.11 15:01:30 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2pnetsh.dll
[2010.08.11 15:01:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010.08.11 15:01:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\twext.dll
[2010.08.11 15:01:30 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010.08.11 15:01:30 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2010.08.11 15:01:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spnpinst.exe
[2010.08.11 15:01:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmal.dll
[2010.08.11 15:01:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2010.08.11 15:01:29 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2010.08.11 15:01:29 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slextspk.dll
[2010.08.11 15:01:29 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fsquirt.exe
[2010.08.11 15:01:29 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqldb20.dll
[2010.08.11 15:01:29 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xmlprov.dll
[2010.08.11 15:01:29 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlse20.dll
[2010.08.11 15:01:29 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\btpanui.dll
[2010.08.11 15:01:29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xmlprovi.dll
[2010.08.11 15:01:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbth.sys
[2010.08.11 15:01:29 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2010.08.11 15:01:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthci.dll
[2010.08.11 15:01:29 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2010.08.11 15:01:29 | 000,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssmbios.sys
[2010.08.11 15:01:29 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidir.sys
[2010.08.11 15:01:29 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmsetacl.dll
[2010.08.11 15:01:29 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sffdisk.sys
[2010.08.11 15:01:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sffp_sd.sys
[2010.08.11 15:01:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinbe1.dll
[2010.08.11 15:01:29 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010.08.11 15:01:29 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
[2010.08.11 15:01:28 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2010.08.11 15:01:28 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlqp20.dll
[2010.08.11 15:01:28 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2010.08.11 15:01:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscsvc.dll
[2010.08.11 15:01:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powercfg.exe
[2010.08.11 15:01:28 | 000,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gagp30kx.sys
[2010.08.11 15:01:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthserv.dll
[2010.08.11 15:01:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2010.08.11 15:01:28 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2010.08.11 15:01:28 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2010.08.11 15:01:28 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winshfhc.dll
[2010.08.11 15:01:28 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010.08.11 15:01:28 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2010.08.11 15:01:28 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010.08.11 15:01:28 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mutohpen.sys
[2010.08.11 15:01:28 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010.08.11 15:01:28 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\vchnt5.dll
[2010.08.11 15:01:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2010.08.11 15:01:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsmsfi.dll
[2010.08.11 15:01:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2010.08.11 15:01:28 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010.08.11 15:01:28 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
[2010.08.11 15:01:28 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010.08.11 15:01:28 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
[2010.08.11 15:01:27 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2010.08.11 15:01:27 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010.08.11 15:01:27 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2010.08.11 15:01:27 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010.08.11 15:01:27 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctfime.ime
[2010.08.11 15:01:27 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2p.dll
[2010.08.11 15:01:27 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2010.08.11 15:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blastcln.exe
[2010.08.11 15:01:27 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spgrmr.dll
[2010.08.11 15:01:27 | 000,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uagp35.sys
[2010.08.11 15:01:27 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2010.08.11 15:01:27 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfcisp2.dll
[2010.08.11 15:01:27 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010.08.11 15:01:27 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2010.08.11 15:01:27 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010.08.11 15:01:27 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2010.08.11 15:01:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\encapi.dll
[2010.08.11 15:01:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\auditusr.exe
[2010.08.11 15:01:27 | 000,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wacompen.sys
[2010.08.11 15:01:27 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2010.08.11 15:01:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdno1.dll
[2010.08.11 15:01:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2010.08.11 15:01:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinben.dll
[2010.08.11 15:01:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmlt48.dll
[2010.08.11 15:01:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmaori.dll
[2010.08.11 15:01:27 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010.08.11 15:01:27 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
[2010.08.11 15:01:27 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010.08.11 15:01:27 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
[2010.08.11 15:01:26 | 000,330,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010.08.11 15:01:26 | 000,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2010.08.11 15:01:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sdhcinst.dll
[2010.08.11 15:01:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2010.08.11 15:01:25 | 000,660,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqqm.dll
[2010.08.11 15:01:25 | 000,489,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqutil.dll
[2010.08.11 15:01:25 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqrt.dll
[2010.08.11 15:01:25 | 000,163,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwrdr.sys
[2010.08.11 15:01:25 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqad.dll
[2010.08.11 15:01:25 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsec.dll
[2010.08.11 15:01:25 | 000,072,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqac.sys
[2010.08.11 15:01:25 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwapi32.dll
[2010.08.11 15:01:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqupgrd.dll
[2010.08.11 15:01:25 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqdscli.dll
[2010.08.11 15:01:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqise.dll
[2010.08.11 15:01:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwwks.dll
[2010.08.11 15:01:10 | 001,852,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acgenral.dll
[2010.08.11 15:01:10 | 000,450,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.08.11 15:01:10 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsvr.exe
[2010.08.11 15:01:10 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acspecfc.dll
[2010.08.11 15:01:10 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclua.dll
[2010.08.11 15:01:10 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acxtrnal.dll
[2010.08.11 15:01:10 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdpv.dll
[2010.08.11 15:01:10 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdp2.dll
[2010.08.11 15:01:09 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010.08.11 15:01:09 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2010.08.11 15:01:08 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010.08.11 15:01:08 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010.08.11 15:01:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010.08.11 15:01:08 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010.08.11 15:01:07 | 002,138,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010.08.11 15:01:07 | 002,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010.08.11 15:01:07 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2010.08.11 15:01:07 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2010.08.11 15:01:03 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2010.08.11 15:01:00 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010.08.11 15:00:59 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apphelp.dll
[2010.08.11 15:00:58 | 001,023,488 | ---- | C] (Společnost Microsoft) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010.08.11 15:00:58 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2010.08.11 15:00:57 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ciodm.dll
[2010.08.11 15:00:55 | 001,055,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2010.08.11 15:00:52 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2010.08.11 15:00:52 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2010.08.11 15:00:50 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2010.08.11 15:00:49 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2010.08.11 15:00:49 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2010.08.11 15:00:48 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010.08.11 15:00:48 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hlink.dll
[2010.08.11 15:00:48 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2010.08.11 15:00:47 | 000,163,840 | ---- | C] (America Online) -- C:\WINDOWS\System32\dllcache\jgdw400.dll
[2010.08.11 15:00:47 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iphlpapi.dll
[2010.08.11 15:00:47 | 000,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\dllcache\jgpl400.dll
[2010.08.11 15:00:46 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010.08.11 15:00:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2010.08.11 15:00:45 | 000,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.08.11 15:00:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
[2010.08.11 15:00:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2010.08.11 15:00:39 | 001,104,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010.08.11 15:00:39 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2010.08.11 15:00:38 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010.08.11 15:00:38 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netsetup.exe
[2010.08.11 15:00:36 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledlg.dll
[2010.08.11 15:00:34 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2010.08.11 15:00:34 | 001,290,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010.08.11 15:00:34 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasmans.dll
[2010.08.11 15:00:34 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasadhlp.dll
[2010.08.11 15:00:33 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010.08.11 15:00:33 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riched20.dll
[2010.08.11 15:00:31 | 008,458,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010.08.11 15:00:31 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010.08.11 15:00:31 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2010.08.11 15:00:31 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimeng.dll
[2010.08.11 15:00:30 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2010.08.11 15:00:29 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2010.08.11 15:00:27 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnphost.dll
[2010.08.11 15:00:26 | 000,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.08.11 15:00:26 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2010.08.11 15:00:24 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiaservc.dll
[2010.08.11 15:00:24 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.drv
[2010.08.11 15:00:23 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010.08.11 15:00:14 | 000,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\autoconv.exe
[2010.08.11 15:00:14 | 000,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2010.08.11 15:00:14 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2010.08.11 15:00:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2010.08.11 15:00:13 | 000,983,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2010.08.11 15:00:13 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.08.11 15:00:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2010.08.11 15:00:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpcsvc.dll
[2010.08.11 15:00:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2010.08.11 15:00:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2010.08.11 15:00:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2010.08.11 15:00:12 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2010.08.11 15:00:12 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010.08.11 15:00:12 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2010.08.11 15:00:12 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2010.08.11 15:00:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2010.08.11 15:00:12 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2010.08.11 15:00:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2010.08.11 15:00:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2010.08.11 15:00:11 | 000,662,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2010.08.11 15:00:11 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2010.08.11 15:00:11 | 000,423,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2010.08.11 15:00:11 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2010.08.11 15:00:11 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2010.08.11 15:00:11 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwprovau.dll
[2010.08.11 15:00:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2010.08.11 15:00:11 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2010.08.11 15:00:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2010.08.11 15:00:11 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2010.08.11 15:00:10 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010.08.11 15:00:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2010.08.11 15:00:09 | 000,989,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2010.08.11 15:00:09 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2010.08.11 15:00:09 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2010.08.11 15:00:09 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2010.08.11 15:00:08 | 001,845,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010.08.11 15:00:08 | 001,845,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010.08.11 15:00:08 | 000,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2010.08.11 15:00:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2010.08.11 15:00:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2010.08.11 15:00:08 | 000,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010.08.11 15:00:08 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2010.08.11 15:00:08 | 000,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2010.08.11 15:00:07 | 000,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2010.08.11 15:00:07 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010.08.11 15:00:07 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010.08.11 15:00:07 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2010.08.11 15:00:07 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2010.08.11 15:00:06 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2010.08.11 15:00:06 | 000,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2010.08.11 15:00:06 | 000,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ks.sys
[2010.08.11 15:00:06 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2010.08.11 15:00:06 | 000,036,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2010.08.11 15:00:06 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2010.08.11 15:00:06 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2010.08.11 15:00:06 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2010.08.11 15:00:05 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.08.11 15:00:05 | 000,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2010.08.11 15:00:04 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2010.08.11 15:00:04 | 000,088,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2010.08.11 15:00:04 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2010.08.11 15:00:03 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010.08.11 15:00:03 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2010.08.11 15:00:03 | 000,068,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pci.sys
[2010.08.11 15:00:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2010.08.11 15:00:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciidex.sys
[2010.08.11 15:00:02 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2010.08.11 15:00:02 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010.08.11 15:00:02 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdbss.sys
[2010.08.11 15:00:02 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2010.08.11 15:00:02 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2010.08.11 15:00:01 | 000,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2010.08.11 15:00:01 | 000,332,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010.08.11 15:00:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2010.08.11 15:00:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2010.08.11 15:00:01 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2010.08.11 15:00:01 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2010.08.11 15:00:01 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2010.08.11 15:00:00 | 000,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
[2010.08.11 15:00:00 | 000,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010.08.11 15:00:00 | 000,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010.08.11 15:00:00 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbhub.sys
[2010.08.11 15:00:00 | 000,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2010.08.11 15:00:00 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2010.08.11 15:00:00 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2010.08.11 15:00:00 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2010.08.11 14:59:59 | 002,182,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010.08.11 14:59:59 | 002,182,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010.08.11 14:59:59 | 002,059,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010.08.11 14:59:59 | 002,059,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010.08.11 14:59:59 | 000,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2010.08.11 14:59:59 | 000,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2010.08.11 14:59:59 | 000,131,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2010.08.11 14:59:59 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2010.08.11 14:59:59 | 000,079,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2010.08.11 14:59:59 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010.08.11 14:59:59 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2010.08.11 14:59:59 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2010.08.11 14:54:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010.08.11 14:51:22 | 322,523,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.08.11 14:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2010.08.11 14:05:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010.08.11 13:48:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010.08.11 13:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GHISLER
[2010.08.11 13:33:41 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\MGADiag.exe
[2010.08.11 11:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Adobe
[2010.08.11 11:19:36 | 001,273,224 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\WindowsXP-KB927891-v3-x86-CSY.exe
[2010.08.11 11:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.08.11 11:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\AdobeUM
[2010.08.11 11:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Adobe
[2010.08.11 11:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\Opravy_WINDOWS
[2010.08.11 10:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Office Genuine Advantage
[2010.08.11 10:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\GHISLER
[2010.08.11 10:17:59 | 000,000,000 | ---D | C] -- C:\AULOGS
[2010.08.11 10:17:11 | 016,760,320 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\au_client_tool_v7.exe
[2010.08.11 09:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\IObit
[2010.08.11 09:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.08.11 09:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Sun
[2010.08.11 09:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Adobe
[2010.08.11 09:13:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010.08.11 09:13:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010.08.11 09:11:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010.08.10 07:42:33 | 000,327,680 | R--- | C] (Monet+,a.s.) -- C:\WINDOWS\System32\icpkcsip.dll
[2010.08.10 07:40:38 | 000,192,512 | ---- | C] (Monet+,a.s.) -- C:\WINDOWS\System32\icpkcsi.dll
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[237 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.08.13 12:40:00 | 000,000,482 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE852C7C-60DB-4DBD-B6AA-45A9D5EA6D15}.job
[2010.08.13 12:40:00 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6D202921-4E6C-4278-95FD-A2B1AF09F1FB}.job
[2010.08.13 09:23:35 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.13 09:13:52 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.08.13 09:13:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.13 09:13:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.13 09:12:58 | 1064,357,888 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.13 09:11:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.08.12 18:14:21 | 002,538,696 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.08.12 13:47:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.12 13:46:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.12 12:49:23 | 000,000,264 | RHS- | M] () -- C:\BOOT.INI
[2010.08.12 12:42:30 | 003,816,717 | R--- | M] () -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2010.08.11 16:32:04 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\IE_aktual1.bat
[2010.08.11 16:25:41 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\avenger.exe
[2010.08.11 16:24:02 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Co Microsoft podstrkává potají do vašich Windows.doc
[2010.08.11 16:23:37 | 000,037,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.08.11 16:16:02 | 044,089,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\avira_antivir_personal_en.exe
[2010.08.11 15:35:40 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Spybot - Search & Destroy.lnk
[2010.08.11 15:32:06 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Plocha\spybotsd162.exe
[2010.08.11 15:31:15 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.08.11 15:30:36 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.08.11 15:30:36 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.08.11 15:16:24 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010.08.11 14:34:01 | 000,003,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Windows Registry Editor Version 5.reg
[2010.08.11 14:21:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\xp_update_fix.exe
[2010.08.11 13:52:57 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.11 13:33:42 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\MGADiag.exe
[2010.08.11 11:21:09 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\FreeCommander.lnk
[2010.08.11 11:19:58 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.08.11 11:19:38 | 001,273,224 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\WindowsXP-KB927891-v3-x86-CSY.exe
[2010.08.11 10:46:10 | 000,000,390 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.08.11 10:17:14 | 016,760,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\au_client_tool_v7.exe
[2010.08.11 09:25:35 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\HijackThis.lnk
[2010.08.11 09:11:15 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Windows Media Player.lnk
[2010.08.10 07:42:35 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CSOB CryptoPlus.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[237 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.08.13 09:31:04 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\rmc.exe
[2010.08.12 12:49:23 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2010.08.12 12:49:21 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.08.12 12:45:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.08.12 12:45:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.08.12 12:45:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.08.12 12:45:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.08.12 12:45:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.08.11 16:32:04 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\IE_aktual1.bat
[2010.08.11 16:25:27 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\avenger.exe
[2010.08.11 16:24:01 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Co Microsoft podstrkává potají do vašich Windows.doc
[2010.08.11 16:16:00 | 044,089,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\avira_antivir_personal_en.exe
[2010.08.11 16:12:07 | 003,816,717 | R--- | C] () -- C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
[2010.08.11 15:35:40 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Spybot - Search & Destroy.lnk
[2010.08.11 15:35:38 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\IEreg-2.bat
[2010.08.11 15:35:33 | 000,002,145 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\IEreg.bat
[2010.08.11 15:01:39 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wstrendr.ax
[2010.08.11 15:01:39 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wstpager.ax
[2010.08.11 15:01:39 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010.08.11 15:01:39 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010.08.11 15:01:38 | 000,102,826 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010.08.11 15:01:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax
[2010.08.11 15:01:37 | 000,186,368 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2010.08.11 15:01:36 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2010.08.11 15:01:36 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2data.ax
[2010.08.11 15:01:36 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010.08.11 15:01:36 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010.08.11 15:01:28 | 000,759,966 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2010.08.11 15:01:12 | 000,086,336 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm
[2010.08.11 15:01:10 | 000,225,660 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2010.08.11 15:01:08 | 000,198,736 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2010.08.11 15:00:12 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\locale.nls
[2010.08.11 15:00:10 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sorttbls.nls
[2010.08.11 14:45:13 | 1064,357,888 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.11 14:34:01 | 000,003,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Windows Registry Editor Version 5.reg
[2010.08.11 14:21:30 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\xp_update_fix.exe
[2010.08.11 11:21:09 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\FreeCommander.lnk
[2010.08.11 11:19:57 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.08.11 09:25:35 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\HijackThis.lnk
[2010.08.11 09:13:41 | 000,002,632 | ---- | C] () -- C:\Documents and Settings\Administrator\ErrorLog.txt
[2010.08.11 09:13:28 | 000,000,482 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE852C7C-60DB-4DBD-B6AA-45A9D5EA6D15}.job
[2010.08.11 09:11:15 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Windows Media Player.lnk
[2010.08.10 07:42:37 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CSOB CryptoPlus.lnk
[2010.08.10 07:42:33 | 000,000,128 | R--- | C] () -- C:\WINDOWS\System32\icpkcsip.sig
[2010.02.04 14:59:16 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\ct.ini
[2009.12.16 11:05:42 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SecureStorePKCS11.dll
[2009.11.20 17:04:04 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCspRes.dll
[2009.11.20 17:03:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCSP.dll
[2009.11.20 17:02:52 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCore.dll
[2009.11.03 08:30:14 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\PrintMon.dll
[2009.10.01 14:01:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.05.14 15:29:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009.03.17 12:08:48 | 000,131,960 | ---- | C] () -- C:\WINDOWS\System32\ICAEnroll.dll
[2009.03.17 12:08:48 | 000,078,712 | ---- | C] () -- C:\WINDOWS\System32\ICARenewal.dll
[2006.11.02 10:35:31 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL
[2006.11.02 10:32:45 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2006.11.02 10:32:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2006.11.02 10:30:42 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2006.11.02 10:30:17 | 000,011,237 | ---- | C] () -- C:\WINDOWS\hplj1320.ini
[2006.03.13 15:34:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRTSERV.DLL
[2006.03.13 15:32:31 | 000,000,728 | ---- | C] () -- C:\WINDOWS\Setupwizard.ini
[2005.07.15 12:39:50 | 003,956,736 | ---- | C] () -- C:\WINDOWS\System32\qt-mt334.dll
[2005.07.15 01:35:56 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\reffileinfo.dll
[2005.07.15 01:35:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\aalog2xml.dll
[2005.06.29 18:19:48 | 000,954,368 | ---- | C] () -- C:\WINDOWS\System32\ice21.dll
[2005.06.29 18:19:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\iceutil21.dll
[2005.06.27 11:22:45 | 000,000,066 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.06.20 11:15:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\winklav.ini
[2005.06.20 11:15:21 | 000,001,734 | ---- | C] () -- C:\WINDOWS\wg2000.ini
[2005.06.20 09:07:17 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CrcValidation.dll
[2005.06.20 09:07:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\KBSQLSup.dll
[2005.06.20 09:03:25 | 000,000,239 | ---- | C] () -- C:\WINDOWS\pcb_msde.ini
[2005.06.15 15:35:33 | 000,000,456 | ---- | C] () -- C:\WINDOWS\4GLSRVI1.INI
[2005.06.15 14:44:50 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.04.13 18:10:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.04.13 18:08:54 | 000,005,126 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2005.04.13 18:08:54 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2005.04.13 18:08:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2005.04.13 18:07:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2005.04.13 18:07:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005.04.13 18:07:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005.04.13 17:44:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005.04.13 16:25:56 | 000,002,289 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.03.19 21:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004.01.09 15:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2001.07.31 12:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1980.01.01 09:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
< End of report >
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
C:\Documents and Settings\Administrator\Plocha\xp_update_fix.exe je prosim pekne co?
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
Jedná se o právný balík na přeregistraci knihoven pro rozchození Windovs Update.
Ale základní problém, mě to nevyřešilo.
Knihovna BITS zůstane po restartu vypnuta.
Instalace na SP3 nejde dokončit.
Registry se přepisují na %fystemroot% ...
Ale základní problém, mě to nevyřešilo.
Knihovna BITS zůstane po restartu vypnuta.
Instalace na SP3 nejde dokončit.
Registry se přepisují na %fystemroot% ...
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
uffff
zkusme detekci na rootkit..
stahnete GMER , rozbalte a spustte
v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"
probehne sken, po jehoz ukonceni na vas bafnou vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem
zkusme detekci na rootkit..
stahnete GMER , rozbalte a spustte
v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"
probehne sken, po jehoz ukonceni na vas bafnou vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: PC - klient odmítá kryptovací funkce, přepisuje %systemr
První log soubor je zde:
(jedno pozitivum zde je dostal jsem SP3 do systému)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-16 14:28:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwdoipog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs oaFile.sys (OptimAccess® Driver/SODATSW)
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
(jedno pozitivum zde je dostal jsem SP3 do systému)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-16 14:28:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwdoipog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs oaFile.sys (OptimAccess® Driver/SODATSW)
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Přispějete na provoz fóra?