Preventivní kontrola

[makimaki]

Dobrý den, chtěl bych požádat o preventivní kontrolu. Předem děkuji.

1. část

Logfile of random's system information tool 1.08 (written by random/random)
Run by domaa at 2010-09-25 21:26:24
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 137 GB (90%) free of 152 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:26:31, on 25.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Totalcmd\TOTALCMD.EXE
C:\Documents and Settings\domaa\Plocha\RSIT.exe
C:\Program Files\trend micro\domaa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3426556734
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--
End of file - 6312 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
QuickStores-Toolbar - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - QuickStores-Toolbar - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-18 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-07-26 716800]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-27 85160]
"pdfFactory Pro Dispatcher v2"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2005-04-03 483328]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"HonorAutorunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"HonorAutorunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server"
"C:\Program Files\proe2000i2\i486_nt\obj\pro_comm_msg.exe"="C:\Program Files\proe2000i2\i486_nt\obj\pro_comm_msg.exe:*:Enabled:pro_comm_msg"
"C:\Program Files\proe2000i2\i486_nt\obj\xtop.exe"="C:\Program Files\proe2000i2\i486_nt\obj\xtop.exe:*:Enabled:xtop"
"C:\Program Files\proe2000i2\i486_nt\nms\nmsd.exe"="C:\Program Files\proe2000i2\i486_nt\nms\nmsd.exe:*:Enabled:nmsd"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.cmd - open - C:\Program Files\proe2000i2\i486_nt\obj\proemsg.exe
.cmd - edit -
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-09-25 21:26:24 ----D---- C:\rsit
2010-09-25 08:45:30 ----D---- C:\Program Files\Unlocker
2010-09-25 08:44:53 ----D---- C:\Documents and Settings\domaa\Data aplikací\QuickStoresToolbar
2010-09-24 21:09:38 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-09-24 21:09:37 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-09-24 21:09:36 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-09-24 21:09:36 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-09-24 21:09:34 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-09-24 21:09:34 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-09-24 21:09:34 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-09-24 21:09:27 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-09-24 21:09:25 ----D---- C:\Program Files\Alwil Software
2010-09-24 21:09:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-09-23 19:58:48 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-23 19:58:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-23 19:58:46 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-22 20:27:15 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-09-15 19:37:27 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-09-15 19:36:36 ----D---- C:\Documents and Settings\domaa\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-09-15 16:55:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 16:55:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 16:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 16:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 16:55:33 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 16:55:29 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 16:54:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-13 20:32:03 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-09-13 20:27:57 ----D---- C:\Program Files\Zrychleni Pocitace
2010-09-13 19:49:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2010-09-13 19:49:24 ----D---- C:\Program Files\NVIDIA Corporation
2010-09-11 19:05:40 ----D---- C:\Documents and Settings\domaa\Data aplikací\Help
2010-09-11 18:53:10 ----A---- C:\WINDOWS\system32\CSVer.dll
2010-09-10 16:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-09-10 09:12:25 ----D---- C:\WINDOWS\system32\XPSViewer
2010-09-10 09:12:23 ----D---- C:\Program Files\MSBuild
2010-09-10 09:12:22 ----D---- C:\WINDOWS\system32\en-US
2010-09-10 09:12:19 ----D---- C:\Program Files\Reference Assemblies
2010-09-10 09:12:01 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-09-10 09:12:01 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-09-10 09:12:00 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-09-10 08:59:19 ----D---- C:\Program Files\OpenHardwareMonitor
2010-09-10 06:55:33 ----A---- C:\WINDOWS\system32\drivers\ASACPI.sys
2010-09-09 18:02:12 ----D---- C:\WINDOWS\system32\NtmsData
2010-09-09 11:17:18 ----D---- C:\Documents and Settings\domaa\Data aplikací\Malwarebytes
2010-09-09 11:17:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-09-07 20:52:20 ----D---- C:\Program Files\trend micro
2010-09-03 14:01:51 ----D---- C:\Documents and Settings\domaa\Data aplikací\Ahead
2010-09-03 14:01:38 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-03 07:19:52 ----D---- C:\Program Files\HD Tune
2010-09-02 15:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-09-02 15:30:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-09-02 15:00:49 ----D---- C:\Documents and Settings\domaa\Data aplikací\Macromedia
2010-09-02 14:56:21 ----N---- C:\WINDOWS\system32\fppr232.dll
2010-09-02 14:56:21 ----N---- C:\WINDOWS\system32\fppmon2.dll
2010-09-02 14:44:38 ----D---- C:\Documents and Settings\domaa\Data aplikací\Corel
2010-09-02 14:43:05 ----D---- C:\WINDOWS\Corel
2010-09-02 14:40:11 ----D---- C:\Program Files\Corel
2010-09-02 14:40:11 ----D---- C:\Program Files\Common Files\Corel
2010-09-02 14:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-09-02 14:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-09-02 14:20:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2183461$
2010-09-02 14:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-09-02 14:20:07 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-09-02 14:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-09-02 14:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-09-02 14:19:14 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-09-02 14:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-09-02 14:19:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-09-02 14:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-09-02 14:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-09-02 14:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-09-02 14:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-09-02 14:18:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-09-02 14:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-09-02 14:18:35 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-09-02 14:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-09-02 14:18:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-09-02 14:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-09-02 14:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-09-02 14:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-09-02 14:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-09-02 14:18:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-09-02 14:17:57 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-09-02 14:17:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-09-02 14:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-09-02 14:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-09-02 14:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-09-02 14:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-09-02 14:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-09-02 14:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-09-02 14:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-09-02 14:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-09-02 14:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-09-02 14:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-09-02 14:16:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-09-02 14:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-09-02 14:16:48 ----D---- C:\Program Files\MSXML 4.0
2010-09-02 14:16:42 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-09-02 14:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-09-02 14:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-09-02 14:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-09-02 14:16:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-09-02 14:16:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-09-02 14:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-09-02 14:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-09-02 14:15:33 ----D---- C:\WINDOWS\ie8updates
2010-09-02 14:15:15 ----D---- C:\WINDOWS\WBEM
2010-09-02 14:14:24 ----HDC---- C:\WINDOWS\ie8
2010-09-02 14:13:38 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-02 14:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-09-02 14:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-09-02 14:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-09-02 14:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-09-02 14:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-09-02 14:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-09-02 14:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-09-02 14:04:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-09-02 14:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-09-02 14:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-09-02 14:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-09-02 14:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-09-02 14:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-09-02 14:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-09-02 14:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-09-02 14:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-09-02 14:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-09-02 14:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-09-02 14:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-09-02 14:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-09-02 14:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-09-02 14:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-09-02 14:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-09-02 14:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-09-02 14:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-09-02 14:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-09-02 14:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-09-02 13:49:25 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-09-02 13:30:41 ----D---- C:\WINDOWS\system32\PreInstall
2010-09-02 13:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-09-02 13:30:39 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-02 13:24:55 ----A---- C:\WINDOWS\system32\wups2.dll
2010-09-02 13:24:55 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-09-02 13:24:55 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-09-02 13:24:54 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-09-02 13:24:54 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-09-02 13:14:50 ----D---- C:\Program Files\Autodesk
2010-09-02 13:14:27 ----D---- C:\Program Files\AnswerWorks 4.0
2010-09-02 13:13:48 ----D---- C:\Program Files\Common Files\Autodesk Shared
2010-09-02 13:13:48 ----D---- C:\Program Files\AutoCAD 2005
2010-09-02 13:13:48 ----D---- C:\Documents and Settings\domaa\Data aplikací\Autodesk
2010-09-02 13:13:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Autodesk
2010-09-02 13:11:43 ----RSD---- C:\WINDOWS\assembly
2010-09-02 13:11:42 ----D---- C:\WINDOWS\system32\URTTemp
2010-09-02 13:11:42 ----D---- C:\WINDOWS\Microsoft.NET
2010-09-02 13:03:58 ----A---- C:\WINDOWS\system32\WgaTray.exe
2010-09-02 13:03:58 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2010-09-02 13:03:58 ----A---- C:\WINDOWS\system32\opuc.dll
2010-09-02 13:03:58 ----A---- C:\WINDOWS\system32\OGACheckControl.dll
2010-09-02 13:03:58 ----A---- C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
2010-09-02 13:03:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Office Genuine Advantage
2010-09-02 13:03:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-09-02 13:03:37 ----A---- C:\WINDOWS\system32\legitcheckcontrol.dll.bak
2010-09-02 13:03:37 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2010-09-02 12:53:55 ----D---- C:\Program Files\Microsoft Works
2010-09-02 12:53:47 ----D---- C:\Program Files\Common Files\DESIGNER
2010-09-02 12:51:49 ----D---- C:\WINDOWS\SHELLNEW
2010-09-02 12:51:36 ----D---- C:\Program Files\Microsoft Office
2010-09-02 12:51:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-09-02 12:51:21 ----RHD---- C:\MSOCache
2010-09-02 12:48:15 ----D---- C:\Documents and Settings\domaa\Data aplikací\Adobe
2010-09-02 12:43:48 ----D---- C:\Program Files\xp-AntiSpy
2010-09-02 12:42:56 ----D---- C:\Program Files\Elaborate Bytes
2010-09-02 12:36:05 ----D---- C:\Documents and Settings\domaa\Data aplikací\GlarySoft
2010-09-02 12:29:55 ----D---- C:\Documents and Settings\domaa\Data aplikací\IObit
2010-09-02 12:29:54 ----D---- C:\Program Files\IObit
2010-09-02 12:27:29 ----D---- C:\Program Files\Totalcmd
2010-09-01 22:12:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2010-09-01 21:09:07 ----D---- C:\Program Files\Total_Commander
2010-09-01 20:39:22 ----D---- C:\Documents and Settings\domaa\Data aplikací\WinRAR
2010-09-01 20:37:56 ----D---- C:\Documents and Settings\domaa\Data aplikací\URSoft
2010-09-01 20:15:47 ----D---- C:\Program Files\proe2000i2
2010-09-01 20:11:08 ----A---- C:\WINDOWS\Esa.INI
2010-09-01 20:10:01 ----A---- C:\WINDOWS\system32\CadsCmnDlgs8.dll
2010-09-01 20:09:33 ----D---- C:\Program Files\SafeNet Sentinel
2010-09-01 20:09:33 ----D---- C:\Program Files\Common Files\SafeNet Sentinel
2010-09-01 20:09:19 ----D---- C:\WINDOWS\Downloaded Installations
2010-09-01 20:09:12 ----D---- C:\Documents and Settings\domaa\Data aplikací\CADS
2010-09-01 20:09:12 ----A---- C:\WINDOWS\A3D.INI
2010-09-01 20:09:10 ----A---- C:\WINDOWS\system32\vc8-re200l.dll
2010-09-01 20:09:10 ----A---- C:\WINDOWS\system32\RWUXThemeS80.dll
2010-09-01 20:09:10 ----A---- C:\WINDOWS\system32\cstas.dll
2010-09-01 20:09:10 ----A---- C:\WINDOWS\system32\csgas.dll
2010-09-01 20:09:10 ----A---- C:\WINDOWS\system32\csflas.dll
2010-09-01 20:09:10 ----A---- C:\WINDOWS\system32\cadsppp8.dll
2010-09-01 20:09:10 ----A---- C:\WINDOWS\system32\CadsPCP8r.dll
2010-09-01 20:09:08 ----D---- C:\Program Files\Common Files\CADS Shared
2010-09-01 20:09:08 ----D---- C:\Program Files\CADS
2010-09-01 20:09:08 ----A---- C:\WINDOWS\system32\Machnm1.exe
2010-09-01 20:09:08 ----A---- C:\WINDOWS\CADS.INI
2010-09-01 20:09:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\CADS
2010-09-01 20:07:02 ----D---- C:\Program Files\SCIA
2010-09-01 20:04:16 ----D---- C:\Program Files\cdrLabel 7.1
2010-09-01 20:03:33 ----D---- C:\Program Files\KmpPlayer
2010-09-01 20:00:23 ----N---- C:\WINDOWS\UNNMP.exe
2010-09-01 19:58:13 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-09-01 19:56:58 ----D---- C:\Program Files\Glary Utilities
2010-09-01 19:56:56 ----N---- C:\WINDOWS\UNNeroVision.exe
2010-09-01 19:56:56 ----N---- C:\WINDOWS\system32\msxml3a.dll
2010-09-01 19:56:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ahead
2010-09-01 19:56:25 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2010-09-01 19:56:25 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2010-09-01 19:56:24 ----N---- C:\WINDOWS\system32\picn20.dll
2010-09-01 19:56:24 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2010-09-01 19:56:24 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2010-09-01 19:56:24 ----N---- C:\WINDOWS\system32\ImagX7.dll
2010-09-01 19:56:24 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-09-01 19:56:21 ----D---- C:\Program Files\Common Files\Ahead
2010-09-01 19:56:16 ----D---- C:\Program Files\Ahead
2010-09-01 19:43:09 ----D---- C:\Documents and Settings\domaa\Data aplikací\Zoner
2010-09-01 19:42:48 ----D---- C:\Program Files\Zoner
2010-09-01 19:34:58 ----D---- C:\Program Files\WinRAR
2010-09-01 19:30:07 ----D---- C:\Program Files\CCleaner
2010-09-01 19:24:01 ----A---- C:\WINDOWS\system32\VB6DE.DLL
2010-09-01 19:24:00 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2010-09-01 19:24:00 ----A---- C:\WINDOWS\system32\Tdbgpp8.DLL
2010-09-01 19:24:00 ----A---- C:\WINDOWS\system32\FlxGdDE.dll
2010-09-01 19:24:00 ----A---- C:\WINDOWS\system32\DBLstDE.dll
2010-09-01 19:24:00 ----A---- C:\WINDOWS\system32\CmDlgDE.dll
2010-09-01 19:23:50 ----D---- C:\Program Files\NORD
2010-09-01 19:19:11 ----D---- C:\Program Files\TweakNow RegCleaner Std
2010-09-01 13:06:16 ----A---- C:\WINDOWS\WTRAN32.INI
2010-09-01 13:06:09 ----A---- C:\WINDOWS\STXKBD32.INI
2010-09-01 13:05:07 ----D---- C:\Program Files\Translator_full
2010-09-01 13:04:20 ----D---- C:\Ins
2010-09-01 13:04:14 ----D---- C:\ptc
2010-09-01 13:03:34 ----SHD---- C:\RECYCLER
2010-09-01 13:01:27 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-09-01 12:21:32 ----D---- C:\Program Files\MSECache
2010-09-01 12:13:50 ----A---- C:\WINDOWS\ODBC.INI
2010-09-01 12:13:46 ----A---- C:\WINDOWS\system32\mdimon.dll
2010-09-01 12:12:53 ----D---- C:\Program Files\Microsoft Visual Studio
2010-09-01 12:09:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-09-01 12:09:27 ----D---- C:\Program Files\Common Files\Adobe
2010-09-01 12:09:27 ----D---- C:\Program Files\Adobe
2010-09-01 12:08:50 ----D---- C:\Documents and Settings\domaa\Data aplikací\GHISLER
2010-09-01 12:08:50 ----A---- C:\WINDOWS\UC.PIF
2010-09-01 12:08:50 ----A---- C:\WINDOWS\RAR.PIF
2010-09-01 12:08:50 ----A---- C:\WINDOWS\PKZIP.PIF
2010-09-01 12:08:50 ----A---- C:\WINDOWS\PKUNZIP.PIF
2010-09-01 12:08:50 ----A---- C:\WINDOWS\NOCLOSE.PIF
2010-09-01 12:08:50 ----A---- C:\WINDOWS\LHA.PIF
2010-09-01 12:08:50 ----A---- C:\WINDOWS\ARJ.PIF
2010-09-01 11:39:50 ----D---- C:\WINDOWS\Prefetch
2010-09-01 11:11:52 ----N---- C:\WINDOWS\system32\msxml6r.dll
2010-09-01 11:11:52 ----A---- C:\WINDOWS\system32\msxml6.dll
2010-09-01 11:11:46 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2010-09-01 11:11:45 ----N---- C:\WINDOWS\system32\smtpapi.dll
2010-09-01 11:11:45 ----N---- C:\WINDOWS\system32\rwnh.dll
2010-09-01 11:11:45 ----N---- C:\WINDOWS\system32\comsdupd.exe
2010-09-01 11:11:45 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2010-09-01 11:11:45 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2010-09-01 11:11:45 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\credssp.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\azroles.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\ati3duag.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2010-09-01 11:11:44 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\napstat.exe
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\mssha.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\kbdnepr.dll

[makimaki]

2. část

2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-09-01 11:11:43 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\verclsid.exe
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\slserv.exe
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\slrundll.exe
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\slgen.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\slextspk.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\slcoinst.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\setupn.exe
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\s3gnb.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\qutil.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\qagent.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2010-09-01 11:11:42 ----N---- C:\WINDOWS\system32\onex.dll
2010-09-01 11:11:41 ----N---- C:\WINDOWS\system32\wmphoto.dll
2010-09-01 11:11:41 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-09-01 11:11:41 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2010-09-01 11:11:41 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2010-09-01 11:11:41 ----N---- C:\WINDOWS\slrundll.exe
2010-09-01 11:11:41 ----A---- C:\WINDOWS\system32\xmllite.dll
2010-09-01 11:11:40 ----D---- C:\WINDOWS\system32\cs-cz
2010-09-01 11:11:40 ----D---- C:\WINDOWS\system32\cs
2010-09-01 11:11:40 ----D---- C:\WINDOWS\system32\bits
2010-09-01 11:11:40 ----D---- C:\WINDOWS\l2schemas
2010-09-01 11:10:34 ----D---- C:\WINDOWS\ServicePackFiles
2010-09-01 11:09:20 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2010-09-01 11:09:20 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2010-09-01 11:09:20 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2010-09-01 11:09:20 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2010-09-01 11:09:20 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2010-09-01 11:09:20 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2010-09-01 11:09:20 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2010-09-01 11:09:20 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2-09-01 11:09:20 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2010-09-01 11:09:20 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2010-09-01 11:09:20 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2010-09-01 11:09:20 ----D---- C:\WINDOWS\network diagnostic
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2010-09-01 11:09:19 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2010-09-01 11:09:18 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2010-09-01 11:09:17 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2010-09-01 11:08:28 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-09-01 11:08:25 ----A---- C:\WINDOWS\002691_.tmp
2010-09-01 11:07:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-09-01 11:06:20 ----A---- C:\WINDOWS\system32\h323log.txt
2010-09-01 10:55:37 ----D---- C:\WINDOWS\system32\drivers\system32
2010-09-01 10:55:37 ----D---- C:\WINDOWS\system32\drivers\INF
2010-09-01 10:55:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-01 10:55:09 ----D---- C:\Program Files\Intel
2010-09-01 10:55:05 ----D---- C:\Intel
2010-09-01 10:47:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-09-01 10:47:35 ----N---- C:\WINDOWS\system32\wdmioctl.dll
2010-09-01 10:47:35 ----N---- C:\WINDOWS\system32\SMMedia.dll
2010-09-01 10:47:35 ----N---- C:\WINDOWS\system32\CleanUp.exe
2010-09-01 10:47:35 ----D---- C:\Program Files\Analog Devices
2010-09-01 10:47:35 ----A---- C:\WINDOWS\system32\DSndUp.exe
2010-09-01 10:46:24 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-09-01 10:46:23 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-09-01 10:46:22 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2010-09-01 10:46:18 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-09-01 10:46:17 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-09-01 10:46:16 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-09-01 10:46:15 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-09-01 10:46:14 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-09-01 10:46:12 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2010-09-01 10:46:11 ----A---- C:\WINDOWS\system32\drivers\mspqm.sys
2010-09-01 10:46:10 ----A---- C:\WINDOWS\system32\drivers\mspclock.sys
2010-09-01 10:46:05 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-09-01 10:46:05 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2010-09-01 10:46:05 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-09-01 10:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2010-09-01 10:45:58 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-09-01 10:42:43 ----A---- C:\WINDOWS\system32\PostProc.dll
2010-09-01 10:42:43 ----A---- C:\WINDOWS\system32\drivers\senfilt.sys
2010-09-01 10:42:43 ----A---- C:\WINDOWS\system32\drivers\aeaudio.sys
2010-09-01 10:42:43 ----A---- C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010-09-01 10:42:42 ----A---- C:\WINDOWS\system32\a3d.dll
2010-09-01 10:41:04 ----A---- C:\WINDOWS\AS_Debug.txt
2010-09-01 10:40:43 ----A---- C:\WINDOWS\system32\drivers\Rtenicxp.sys
2010-09-01 10:40:42 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-01 10:40:42 ----D---- C:\WINDOWS\OPTIONS
2010-09-01 10:40:42 ----D---- C:\Program Files\Realtek
2010-09-01 09:56:51 ----D---- C:\WINDOWS\Logs
2010-09-01 09:56:46 ----D---- C:\Program Files\ScreenShot Wizard
2010-09-01 09:56:23 ----D---- C:\Documents and Settings\domaa\Data aplikací\Mozilla
2010-09-01 09:56:19 ----D---- C:\Program Files\Mozilla Firefox
2010-09-01 09:53:51 ----D---- C:\WINDOWS\nview
2010-09-01 09:53:51 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-09-01 09:53:12 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-09-01 09:53:06 ----D---- C:\Program Files\Common Files\InstallShield
2010-09-01 09:52:40 ----D---- C:\Documents and Settings\domaa\Data aplikací\Identities
2010-09-01 09:52:39 ----HD---- C:\Program Files\Uninstall Information
2010-09-01 09:52:24 ----SD---- C:\Documents and Settings\domaa\Data aplikací\Microsoft
2010-09-01 09:52:24 ----ASH---- C:\Documents and Settings\domaa\Data aplikací\desktop.ini
2010-09-01 09:48:08 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2010-09-01 09:47:41 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-09-01 09:47:01 ----A---- C:\WINDOWS\system32\usbui.dll
2010-09-01 09:46:11 ----SHD---- C:\WINDOWS\Installer
2010-09-01 09:46:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-01 09:46:10 ----D---- C:\Program Files\Common Files\ODBC
2010-09-01 09:46:10 ----A---- C:\WINDOWS\ODBCINST.INI
2010-09-01 09:46:07 ----RD---- C:\Program Files
2010-09-01 09:46:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-09-01 09:46:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-01 09:46:07 ----D---- C:\Program Files\Common Files
2010-09-01 09:46:04 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-09-01 09:46:04 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-09-01 09:46:04 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-09-01 09:46:01 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-09-01 09:45:58 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-09-01 09:45:58 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-09-01 09:45:58 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-09-01 09:45:58 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-09-01 09:45:58 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-09-01 09:45:58 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-09-01 09:45:58 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-09-01 09:45:57 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-09-01 09:45:57 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-09-01 09:45:57 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-09-01 09:45:57 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-09-01 09:45:56 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-09-01 09:45:53 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-09-01 09:45:53 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-09-01 09:45:53 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-09-01 09:45:53 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-09-01 09:45:52 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-09-01 09:45:52 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-09-01 09:45:52 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-09-01 09:45:52 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-09-01 09:45:52 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-09-01 09:45:52 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-09-01 09:45:51 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-09-01 09:45:51 ----A---- C:\WINDOWS\system32\irclass.dll
2010-09-01 09:45:51 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-09-01 09:45:51 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-09-01 09:45:51 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-09-01 09:45:48 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-09-01 09:45:48 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-09-01 09:45:48 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-09-01 09:45:48 ----A---- C:\WINDOWS\system32\batt.dll
2010-09-01 09:45:47 ----A---- C:\WINDOWS\notepad.exe
2010-09-01 09:45:46 ----A---- C:\WINDOWS\system32\storprop.dll
2010-09-01 09:45:40 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-09-01 09:43:58 ----RA---- C:\WINDOWS\SET8.tmp
2010-09-01 09:43:56 ----RA---- C:\WINDOWS\SET4.tmp
2010-09-01 09:43:55 ----RA---- C:\WINDOWS\SET3.tmp
2010-09-01 09:43:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-01 09:43:51 ----D---- C:\WINDOWS\system32\CatRoot
2010-09-01 09:43:45 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-09-01 09:43:23 ----SHD---- C:\System Volume Information
2010-09-01 09:43:23 ----D---- C:\Documents and Settings
2010-09-01 09:42:30 ----SH---- C:\boot.ini
2010-09-01 09:41:30 ----D---- C:\WINDOWS\SoftwareDistribution
2010-09-01 09:41:28 ----SD---- C:\WINDOWS\system32\Microsoft
2010-09-01 09:41:28 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-09-01 09:36:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-01 09:36:56 ----RSD---- C:\WINDOWS\Fonts
2010-09-01 09:36:56 ----RD---- C:\WINDOWS\Web
2010-09-01 09:36:56 ----HD---- C:\WINDOWS\inf
2010-09-01 09:36:56 ----D---- C:\WINDOWS\WinSxS
2010-09-01 09:36:56 ----D---- C:\WINDOWS\twain_32
2010-09-01 09:36:56 ----D---- C:\WINDOWS\Temp
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\wins
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\wbem
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\usmt
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\spool
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\ShellExt
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\Setup
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\ras
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\oobe
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\npp
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\mui
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\inetsrv
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\IME
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\icsxml
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\ias
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\export
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\drivers\disdn
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\drivers
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\dhcp
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\config
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\3com_dmi
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\3076
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\2052
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\1054
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\1042
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\1041
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\1037
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\1033
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\1031
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\1029
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\1028
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32\1025
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system32
2010-09-01 09:36:56 ----D---- C:\WINDOWS\system
2010-09-01 09:36:56 ----D---- C:\WINDOWS\security
2010-09-01 09:36:56 ----D---- C:\WINDOWS\Resources
2010-09-01 09:36:56 ----D---- C:\WINDOWS\repair
2010-09-01 09:36:56 ----D---- C:\WINDOWS\Provisioning
2010-09-01 09:36:56 ----D---- C:\WINDOWS\pchealth
2010-09-01 09:36:56 ----D---- C:\WINDOWS\PeerNet
2010-09-01 09:36:56 ----D---- C:\WINDOWS\mui
2010-09-01 09:36:56 ----D---- C:\WINDOWS\msapps
2010-09-01 09:36:56 ----D---- C:\WINDOWS\msagent
2010-09-01 09:36:56 ----D---- C:\WINDOWS\Media
2010-09-01 09:36:56 ----D---- C:\WINDOWS\java
2010-09-01 09:36:56 ----D---- C:\WINDOWS\ime
2010-09-01 09:36:56 ----D---- C:\WINDOWS\Help
2010-09-01 09:36:56 ----D---- C:\WINDOWS\ehome
2010-09-01 09:36:56 ----D---- C:\WINDOWS\Driver Cache
2010-09-01 09:36:56 ----D---- C:\WINDOWS\Debug
2010-09-01 09:36:56 ----D---- C:\WINDOWS\Cursors
2010-09-01 09:36:56 ----D---- C:\WINDOWS\Connection Wizard
2010-09-01 09:36:56 ----D---- C:\WINDOWS\Config
2010-09-01 09:36:56 ----D---- C:\WINDOWS\AppPatch
2010-09-01 09:36:56 ----D---- C:\WINDOWS\addins
2010-09-01 09:36:56 ----D---- C:\WINDOWS
2010-09-01 09:36:56 ----ASH---- C:\pagefile.sys
2010-09-01 09:11:34 ----D---- C:\WINDOWS\system32\xircom
2010-09-01 09:11:34 ----D---- C:\Program Files\xerox
2010-09-01 09:11:34 ----D---- C:\Program Files\microsoft frontpage
2010-09-01 09:11:16 ----RASH---- C:\MSDOS.SYS
2010-09-01 09:11:16 ----RASH---- C:\IO.SYS
2010-09-01 09:11:16 ----A---- C:\WINDOWS\control.ini
2010-09-01 09:11:16 ----A---- C:\CONFIG.SYS
2010-09-01 09:11:16 ----A---- C:\AUTOEXEC.BAT
2010-09-01 09:11:04 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-09-01 09:10:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-01 09:10:27 ----RD---- C:\WINDOWS\Offline Web Pages
2010-09-01 09:10:27 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-09-01 09:10:23 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-09-01 09:10:19 ----HD---- C:\Program Files\WindowsUpdate
2010-09-01 09:10:16 ----D---- C:\Program Files\Online Services
2010-09-01 09:10:00 ----D---- C:\WINDOWS\system32\DirectX
2010-09-01 09:09:37 ----A---- C:\WINDOWS\system32\atrace.dll
2010-09-01 09:09:34 ----A---- C:\WINDOWS\system32\desktop.ini
2010-09-01 09:09:34 ----A---- C:\WINDOWS\desktop.ini
2010-09-01 09:09:26 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-09-01 09:09:25 ----A---- C:\WINDOWS\system32\acctres.dll
2010-09-01 09:09:24 ----D---- C:\Program Files\Common Files\Services
2010-09-01 09:09:21 ----SD---- C:\WINDOWS\Tasks
2010-09-01 09:09:21 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-09-01 09:09:20 ----D---- C:\Program Files\Common Files\MSSoap
2010-09-01 09:09:16 ----D---- C:\WINDOWS\srchasst
2010-09-01 09:09:15 ----D---- C:\WINDOWS\system32\Macromed
2010-09-01 09:09:12 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-09-01 09:09:12 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-09-01 09:09:12 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-09-01 09:09:12 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-09-01 09:09:11 ----A---- C:\WINDOWS\system32\wups.dll
2010-09-01 09:09:11 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-09-01 09:09:11 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-09-01 09:09:11 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-09-01 09:09:11 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-09-01 09:09:11 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-09-01 09:09:11 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-09-01 09:09:10 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-09-01 09:09:10 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-09-01 09:09:06 ----D---- C:\Program Files\Movie Maker
2010-09-01 09:09:01 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-09-01 09:09:01 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-09-01 09:09:01 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-09-01 09:09:01 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-09-01 09:08:56 ----A---- C:\WINDOWS\system32\fltmc.exe
2010-09-01 09:08:56 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-09-01 09:08:56 ----A---- C:\WINDOWS\system32\drivers\fltmgr.sys
2010-09-01 09:08:55 ----D---- C:\WINDOWS\system32\Restore
2010-09-01 09:08:55 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-09-01 09:08:55 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-09-01 09:08:55 ----A---- C:\WINDOWS\system32\srclient.dll
2010-09-01 09:08:55 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-09-01 09:08:54 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-09-01 09:08:54 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-09-01 09:08:54 ----A---- C:\WINDOWS\system32\ils.dll
2010-09-01 09:08:53 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-09-01 09:08:53 ----A---- C:\WINDOWS\system32\msconf.dll
2010-09-01 09:08:53 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-09-01 09:08:50 ----D---- C:\Program Files\NetMeeting
2010-09-01 09:08:50 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-09-01 09:08:50 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-09-01 09:08:49 ----A---- C:\WINDOWS\system32\inetres.dll
2010-09-01 09:08:49 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-09-01 09:08:46 ----D---- C:\Program Files\Outlook Express
2010-09-01 09:08:46 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-09-01 09:08:46 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-09-01 09:08:46 ----A---- C:\WINDOWS\system32\mstask.dll
2010-09-01 09:08:46 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-09-01 09:08:46 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-09-01 09:08:45 ----A---- C:\WINDOWS\system32\isign32.dll
2010-09-01 09:08:45 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-09-01 09:08:39 ----D---- C:\Program Files\Common Files\System
2010-09-01 09:08:38 ----D---- C:\Program Files\Internet Explorer
2010-09-01 09:08:13 ----D---- C:\Program Files\ComPlus Applications
2010-09-01 09:08:11 ----A---- C:\WINDOWS\vbaddin.ini
2010-09-01 09:08:11 ----A---- C:\WINDOWS\vb.ini
2010-09-01 09:08:07 ----D---- C:\WINDOWS\Registration
2010-09-01 09:08:01 ----D---- C:\Program Files\Windows Media Player
2010-09-01 09:07:56 ----D---- C:\Program Files\Messenger
2010-09-01 09:07:51 ----D---- C:\Program Files\MSN Gaming Zone
2010-09-01 09:07:51 ----A---- C:\WINDOWS\system32\write.exe
2010-09-01 09:07:40 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-09-01 09:07:40 ----A---- C:\WINDOWS\system32\hticons.dll
2010-09-01 09:07:40 ----A---- C:\WINDOWS\system32\avwav.dll
2010-09-01 09:07:40 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-09-01 09:07:40 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-09-01 09:07:39 ----A---- C:\WINDOWS\system32\winchat.exe
2010-09-01 09:07:32 ----A---- C:\WINDOWS\system32\getuname.dll
2010-09-01 09:07:31 ----A---- C:\WINDOWS\system32\sol.exe
2010-09-01 09:07:31 ----A---- C:\WINDOWS\system32\charmap.exe
2010-09-01 09:07:31 ----A---- C:\WINDOWS\system32\calc.exe
2010-09-01 09:07:30 ----A---- C:\WINDOWS\system32\winmine.exe
2010-09-01 09:07:30 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-09-01 09:07:30 ----A---- C:\WINDOWS\system32\reset.exe
2010-09-01 09:07:30 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-09-01 09:07:30 ----A---- C:\WINDOWS\system32\freecell.exe
2010-09-01 09:07:29 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-09-01 09:07:29 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-09-01 09:07:29 ----A---- C:\WINDOWS\system32\tskill.exe
2010-09-01 09:07:29 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-09-01 09:07:29 ----A---- C:\WINDOWS\system32\tscon.exe
2010-09-01 09:07:29 ----A---- C:\WINDOWS\system32\shadow.exe
2010-09-01 09:07:29 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-09-01 09:07:29 ----A---- C:\WINDOWS\system32\regini.exe
2010-09-01 09:07:29 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-09-01 09:07:29 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-09-01 09:07:29 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-09-01 09:07:28 ----A---- C:\WINDOWS\system32\msg.exe
2010-09-01 09:07:28 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-09-01 09:07:28 ----A---- C:\WINDOWS\system32\logoff.exe
2010-09-01 09:07:28 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-09-01 09:07:27 ----A---- C:\WINDOWS\system32\stclient.dll
2010-09-01 09:07:27 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-09-01 09:07:27 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-09-01 09:07:27 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-09-01 09:07:27 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-09-01 09:07:27 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-09-01 09:07:27 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-09-01 09:07:26 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-09-01 09:07:21 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-09-01 09:07:20 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-09-01 09:07:20 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-09-01 09:07:20 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-09-01 09:07:20 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-09-01 09:07:19 ----D---- C:\Program Files\Windows NT
2010-09-01 09:07:19 ----A---- C:\WINDOWS\system32\spider.exe
2010-09-01 09:07:19 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-09-01 09:07:19 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-09-01 09:07:18 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-09-01 09:07:18 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-09-01 09:07:18 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-09-01 09:07:18 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-09-01 09:07:18 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-09-01 09:07:18 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-09-01 09:07:17 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-09-01 09:07:17 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-09-01 09:07:17 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-09-01 09:07:17 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-09-01 09:07:17 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-09-01 09:07:17 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-09-01 09:07:17 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-09-01 09:07:17 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-09-01 09:07:17 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-09-01 09:07:16 ----D---- C:\WINDOWS\system32\MsDtc
2010-09-01 09:07:16 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-09-01 09:07:16 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-09-01 09:07:16 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-09-01 09:07:16 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-09-01 09:07:16 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-09-01 09:07:16 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-09-01 09:07:16 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-09-01 09:07:15 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-09-01 09:07:15 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-09-01 09:07:15 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-09-01 09:07:15 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-09-01 09:07:14 ----D---- C:\WINDOWS\system32\Com
2010-09-01 09:07:14 ----A---- C:\WINDOWS\system32\colbact.dll
2010-09-01 09:07:14 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-09-01 09:07:14 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-09-01 09:07:14 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-09-01 09:07:14 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-09-01 09:07:13 ----A---- C:\WINDOWS\system32\comuid.dll
2010-09-01 09:07:13 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-09-01 09:07:13 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-09-01 09:07:07 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-09-01 09:07:07 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-09-01 09:07:07 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-09-01 09:07:07 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-09-01 09:07:03 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-09-01 09:07:03 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2010-09-01 07:16:49 ----A---- C:\WINDOWS\system32\nvwss.dll
2010-09-01 07:16:49 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2010-09-01 07:16:48 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2010-09-01 07:16:48 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2010-09-01 07:16:48 ----A---- C:\WINDOWS\system32\nvmobls.dll
2010-09-01 07:16:48 ----A---- C:\WINDOWS\system32\nvmccss.dll
2010-09-01 07:16:48 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2010-09-01 07:16:48 ----A---- C:\WINDOWS\system32\nvgames.dll
2010-09-01 07:16:48 ----A---- C:\WINDOWS\system32\nvexpbar.dll
2010-09-01 07:16:48 ----A---- C:\WINDOWS\system32\nvdisps.dll
2010-09-01 07:16:48 ----A---- C:\WINDOWS\system32\nvcplui.exe
2010-09-01 07:16:47 ----A---- C:\WINDOWS\system32\nvcodins.dll
2010-09-01 07:16:47 ----A---- C:\WINDOWS\system32\nvcod.dll
2010-09-01 07:16:47 ----A---- C:\WINDOWS\system32\nvapi.dll
2010-09-01 07:16:47 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2010-09-01 07:16:47 ----A---- C:\WINDOWS\system32\drivers\nv4_mini.sys

======List of files/folders modified in the last 1 months======

2010-09-02 12:46:23 ----A---- C:\WINDOWS\win.ini
2010-09-01 09:46:06 ----A---- C:\WINDOWS\system.ini
2010-09-01 09:10:56 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2007-04-27 90688]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-05 151552]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-12-19 92800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-10 10604128]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-06-07 393088]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MSICPL;MSICPL; \??\F:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2007-04-27 206400]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-09-02 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------010

[motji]

Dobrý večer
Máte s počítačem nějaké problémy?

[makimaki]

V podstatě ne, pouze při kontrole programem filemon mě neustále vyskakují odkazy na soubory: csrss.exe a svchost.exe - tak jsem chtěl vědět, zda není někde problém. HDD stále něco přechroustává, využití CPU je ale nízké ...

Ale třeba je vše v pořádku ?

[motji]

Promiňte, ten program neznám. Jaké odkazy, co by s těmi soubory mělo být?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[makimaki]

Raději doslovný překlad :
Filemon monitoruje a zobrazuje veškerou činnost souborového systému. Pomocí tohoto programu lze sledovat, jak aplikace používají soubory a DLL a vystopovat možné problémy - chtěl jsem amatersky zjistit co se v počítači děje a jestli nějaký "vir" něco netropí, ale abych pravdu řekl hledám něco a nevím co

MBAM pošlu následně.

[makimaki]

Tak ještě ten MBAM - vypadá to v pořádku ?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.9.2010 9:30:51
mbam-log-2010-09-26 (09-30-51).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|)
Skenované objekty: 320704
Uplynulý čas: 30 minuta(y), 21 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[motji]

csrss a svchost jsou systémové soubory.

start-spustit - napište chkdsk /f/r
-[enter]
souhlas - restartuje se pc a nechá se disk zkontrolovat

A pak napište, jestli to chroupání přestalo.

[makimaki]

Disk jsem zkontroloval a chroupe dál , jen pro představu, které soubory naskakují dále...
Chroupe to jen když jsem připojen na internet, když nic nedělám je vše ok.

RAM FILES\ALWIL SOFTWARE\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\PROGRAM FILES\ALWIL SOFTWARE\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE C:\PROGRAM FILES\ALWIL SOFTWARE\ SUCCESS
10:34:14 svchost.exe:1216 OPEN C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\ SUCCESS
10:34:14 svchost.exe:1216 OPEN C:\PROGRAM FILES\MOZILLA FIREFOX\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\PROGRAM FILES\MOZILLA FIREFOX\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE C:\PROGRAM FILES\MOZILLA FIREFOX\ SUCCESS
10:34:14 svchost.exe:1216 OPEN C:\PROGRAM FILES\UNLOCKER\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\PROGRAM FILES\UNLOCKER\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE C:\PROGRAM FILES\UNLOCKER\ SUCCESS
10:34:14 svchost.exe:1216 OPEN C:\WINDOWS\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE C:\WINDOWS\ SUCCESS
10:34:14 svchost.exe:1216 OPEN C:\WINDOWS\REGISTRATION\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\REGISTRATION\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE C:\WINDOWS\REGISTRATION\ SUCCESS
10:34:14 svchost.exe:1216 OPEN C:\WINDOWS\SYSTEM32\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\SYSTEM32\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE C:\WINDOWS\SYSTEM32\ SUCCESS
10:34:14 svchost.exe:1216 OPEN C:\WINDOWS\SYSTEM32\CONFIG\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\SYSTEM32\CONFIG\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE C:\WINDOWS\SYSTEM32\CONFIG\ SUCCESS
10:34:14 svchost.exe:1216 OPEN C:\WINDOWS\SYSTEM32\DRIVERS\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\SYSTEM32\DRIVERS\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE C:\WINDOWS\SYSTEM32\DRIVERS\ SUCCESS
10:34:14 winlogon.exe:756 DIRECTORY C:\WINDOWS\system32 Change Notify
10:34:14 svchost.exe:1216 OPEN C:\WINDOWS\WINSXS\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\WINSXS\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE C:\WINDOWS\WINSXS\ SUCCESS
10:34:14 svchost.exe:1216 OPEN C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83\ SUCCESS
10:34:14 svchost.exe:1216 OPEN E:\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION E:\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE E:\ SUCCESS
10:34:14 svchost.exe:1216 OPEN E:\ZALOHY_PROGRAMU\ SUCCESS Options: Open Access: All
10:34:14 svchost.exe:1216 QUERY INFORMATION E:\ZALOHY_PROGRAMU\ SUCCESS FileInternalInformation
10:34:14 svchost.exe:1216 CLOSE E:\ZALOHY_PROGRAMU\ SUCCESS
10:34:14 svchost.exe:1216 CREATE C:\WINDOWS\Prefetch\FILEMON.EXE-0F652BA3.pf SUCCESS Options: OverwriteIf Access: All
10:34:14 svchost.exe:1216 OPEN C:\WINDOWS\Prefetch\ SUCCESS Options: Open Directory Access: 00000000
10:34:14 svchost.exe:1216 WRITE C:\WINDOWS\Prefetch\FILEMON.EXE-0F652BA3.pf SUCCESS Offset: 0 Length: 49822
10:34:14 svchost.exe:1216 CLOSE C:\WINDOWS\Prefetch\FILEMON.EXE-0F652BA3.pf SUCCESS
10:34:14 svchost.exe:1216 SET INFORMATION C:\WINDOWS\system32\config\software.LOG SUCCESS Length: 12288
10:34:14 svchost.exe:1216 SET INFORMATION C:\WINDOWS\system32\config\software.LOG SUCCESS Length: 12288
10:34:14 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\SoftwareDistribution\ReportingEvents.log SUCCESS Length: 198122
10:34:23 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG SUCCESS Options: Open Access: All
10:34:23 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG SUCCESS Length: 20
10:34:23 svchost.exe:1216 READ C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG SUCCESS Offset: 4 Length: 4
10:34:23 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG SUCCESS
10:34:23 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 237568 Length: 8192
10:34:23 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 32768 Length: 8192
10:34:23 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 32768 Length: 8192
10:34:23 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 40960 Length: 8192
10:34:24 svchost.exe:1216 FLUSH C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS
10:34:24 svchost.exe:1216 WRITE C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP SUCCESS Offset: 0 Length: 4924
10:34:24 svchost.exe:1216 FLUSH C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS
10:34:24 svchost.exe:1216 WRITE C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP SUCCESS Offset: 4924 Length: 792
10:34:24 svchost.exe:1216 WRITE C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP SUCCESS Offset: 0 Length: 4924
10:34:24 svchost.exe:1216 WRITE C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP SUCCESS Offset: 0 Length: 792
10:34:24 svchost.exe:1216 FLUSH C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP SUCCESS
10:34:24 svchost.exe:1216 WRITE C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP SUCCESS Offset: 0 Length: 4096
10:34:24 svchost.exe:1216 FLUSH C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP SUCCESS
10:34:24 svchost.exe:1216 WRITE C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP SUCCESS Offset: 0 Length: 8192
10:34:24 svchost.exe:1216 FLUSH C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP SUCCESS
10:34:24 svchost.exe:1216 WRITE C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP SUCCESS Offset: 0 Length: 8192
10:34:25 svchost.exe:1216 WRITE C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER SUCCESS Offset: 0 Length: 4
10:34:25 svchost.exe:1216 FLUSH C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER SUCCESS
10:34:25 svchost.exe:1216 WRITE C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER SUCCESS Offset: 0 Length: 4096
10:34:25 wmiprvse.exe:2288 CLOSE C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 SUCCESS
10:34:25 wmiprvse.exe:2288 CLOSE C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 SUCCESS
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1040384 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 0 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 49152 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 671744 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 368640 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1187840 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 212992 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 81920 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5701632 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 131072 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 352256 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 466944 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 557056 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 417792 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4931584 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 65536 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4644864 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5054464 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9322496 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 3112960 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 1048576 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5021696 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 974848 Length: 8192
10:34:46 svchost.exe:1216 READ C: SUCCESS Offset: 99328 Length: 32768
10:34:46 svchost.exe:1216 READ C: SUCCESS Offset: 54272 Length: 32768
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4702208 Length: 8192
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Repository\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG SUCCESS Length: 20
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG SUCCESS Length: 20
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG SUCCESS Offset: 4 Length: 4
10:34:46 svchost.exe:1216 FLUSH C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG SUCCESS
10:34:46 svchost.exe:1216 READ C: SUCCESS Offset: 46080 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9273344 Length: 8192
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG SUCCESS
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1351680 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 483328 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 491520 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 335872 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 368640 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5734400 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4546560 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9420800 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5062656 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 1261568 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 1744896 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 3112960 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5242880 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 6733824 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5185536 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9388032 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9445376 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4497408 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9363456 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 3555328 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9396224 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5644288 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 3317760 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5300224 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2162688 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 3768320 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5701632 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4644864 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4546560 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9158656 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 65536 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9388032 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 974848 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5267456 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2482176 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 1581056 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5308416 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1294336 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4390912 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9330688 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4702208 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2596864 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4964352 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 1744896 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 1269760 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 3768320 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 3563520 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 548864 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5242880 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9388032 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9396224 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9158656 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5095424 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5701632 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4546560 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5308416 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 6733824 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 1818624 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2277376 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4702208 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5054464 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 376832 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 712704 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 3162112 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4366336 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 884736 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 1744896 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4399104 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5070848 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4931584 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5267456 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2211840 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 3112960 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2596864 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 1490944 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 991232 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 573440 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 753664 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1032192 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 81920 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4251648 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 557056 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 401408 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5447680 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 434176 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 557056 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 491520 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 1114112 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2252800 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1351680 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1187840 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2744320 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1040384 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5693440 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5341184 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5210112 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5349376 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5267456 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2154496 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9420800 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 0 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2596864 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4743168 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1212416 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 712704 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 172032 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 671744 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 368640 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 352256 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1187840 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5062656 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 139264 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9273344 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 466944 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 1155072 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 401408 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 974848 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1253376 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 335872 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 32768 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 65536 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 483328 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 974848 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1032192 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1351680 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 491520 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1212416 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 245760 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1155072 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1253376 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 49152 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 335872 Length: 8192
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS Attributes: A
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS Options: Open Access: Execute
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS Length: 47104
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS Offset: 0 Length: 32768
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS Attributes: A
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS Options: Open Access: Execute
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS Length: 47104
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS Offset: 5120 Length: 31232
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS Offset: 36864 Length: 7680
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS Offset: 1024 Length: 4096
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\ncprov.dll SUCCESS Offset: 36352 Length: 512
10:34:46 svchost.exe:1216 READ C: SUCCESS Offset: 193536 Length: 16384
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 212992 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 376832 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2662400 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 32768 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 712704 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 5120000 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1032192 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 114688 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 172032 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1351680 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 344064 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 434176 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 311296 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 81920 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 131072 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 180224 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 401408 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1187840 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 212992 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 491520 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 458752 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1040384 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 196608 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1212416 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 974848 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 671744 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1155072 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 1294336 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 466944 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 557056 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 417792 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9322496 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR SUCCESS Offset: 139264 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 2482176 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 9330688 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA SUCCESS Offset: 4964352 Length: 8192
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Attributes: A
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Options: Open Access: Execute
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Length: 71680
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Offset: 0 Length: 32768
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Attributes: A
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Options: Open Access: Execute
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Length: 71680
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Offset: 9216 Length: 32768
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Offset: 64512 Length: 1024
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Offset: 41984 Length: 22016
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Offset: 1024 Length: 8192
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\wbem\wbemcons.dll SUCCESS Offset: 64000 Length: 512
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Attributes: D
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1140
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1140
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 1140 Length: 95
10:34:46 svchost.exe:1216 READ C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 0 Length: 4096
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 svchost.exe:1216 READ C: SUCCESS Offset: 35868672 Length: 4096
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 523172 Length: 176
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 523348 Length: 40
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 523348 Length: 240
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 523588 Length: 40
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1235
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1235
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 1235 Length: 95
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 523588 Length: 228
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 523816 Length: 40
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 523816 Length: 244
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 524060 Length: 40
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 524060 Length: 192
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 524252 Length: 36
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 48 Length: 4
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 0 Length: 4096
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 48 Length: 188
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 236 Length: 40
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1330
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1330
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 1330 Length: 95
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 236 Length: 232
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 468 Length: 40
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1425
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1425
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 1425 Length: 95
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 468 Length: 176
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 644 Length: 40
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1520
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1520
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 1520 Length: 95
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 644 Length: 180
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 824 Length: 40
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 824 Length: 208
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 1032 Length: 40
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 1032 Length: 216
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 1248 Length: 40
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 1248 Length: 164
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 1412 Length: 40
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1615
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1615
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 1615 Length: 95
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 1412 Length: 204
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 1616 Length: 40
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 1616 Length: 236
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 1852 Length: 40
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1710
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1710
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 1710 Length: 95
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 1852 Length: 180
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 2032 Length: 40
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1805
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1805
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 1805 Length: 95
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 2032 Length: 224
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 2256 Length: 40
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 2256 Length: 220
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 2476 Length: 40
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1900
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1900
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 1900 Length: 95
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 2476 Length: 208
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 2684 Length: 40
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1995
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 1995
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 1995 Length: 95
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 2684 Length: 196
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 2880 Length: 40
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 2090
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 2090
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 2090 Length: 95
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 2880 Length: 184
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 3064 Length: 40
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Options: OpenIf Access: All
10:34:46 svchost.exe:1216 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Directory Access: 00000000
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 2185
10:34:46 svchost.exe:1216 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Length: 2185
10:34:46 svchost.exe:1216 WRITE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS Offset: 2185 Length: 95
10:34:46 svchost.exe:1216 CLOSE C:\WINDOWS\system32\WBEM\Logs\wbemess.log SUCCESS
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 3064 Length: 236
10:34:46 services.exe:800 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 3300 Length: 40
10:34:53 winlogon.exe:756 QUERY INFORMATION C:\WINDOWS\system32\Msctf.dll SUCCESS Attributes: A
10:34:53 winlogon.exe:756 OPEN C:\WINDOWS\system32\Msctf.dll SUCCESS Options: Open Access: Execute
10:34:53 winlogon.exe:756 QUERY INFORMATION C:\WINDOWS\system32\Msctf.dll SUCCESS Length: 297984
10:34:53 winlogon.exe:756 CLOSE C:\WINDOWS\system32\Msctf.dll SUCCESS
10:34:54 VCDDaemon.exe:1956 QUERY INFORMATION C:\WINDOWS\system32\Msctf.dll SUCCESS Attributes: A
10:34:54 VCDDaemon.exe:1956 QUERY INFORMATION C:\WINDOWS\system32\Msctf.dll SUCCESS Attributes: A
10:34:55 AvastSvc.exe:1556 OPEN C:\Program Files\Alwil Software\Avast5\setup\setup.ini SUCCESS Options: Open Access: All
10:34:55 AvastSvc.exe:1556 LOCK C:\Program Files\Alwil Software\Avast5\setup\setup.ini SUCCESS Excl: No Offset: 0 Length: -1
10:34:55 AvastSvc.exe:1556 QUERY INFORMATION C:\Program Files\Alwil Software\Avast5\setup\setup.ini SUCCESS Length: 953
10:34:55 AvastSvc.exe:1556 READ C:\Program Files\Alwil Software\Avast5\setup\setup.ini SUCCESS Offset: 0 Length: 953
10:34:55 AvastSvc.exe:1556 UNLOCK C:\Program Files\Alwil Software\Avast5\setup\setup.ini RANGE NOT LOCKED Offset: 0 Length: -1
10:34:55 AvastSvc.exe:1556 CLOSE C:\Program Files\Alwil Software\Avast5\setup\setup.ini SUCCESS
10:35:00 AvastSvc.exe:1556 READ C: SUCCESS Offset: 134144 Length: 12288
10:35:00 AvastSvc.exe:1556 LOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Excl: Yes Offset: 1073741824 Length: 1
10:35:00 AvastSvc.exe:1556 LOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Excl: No Offset: 1073741826 Length: 510
10:35:00 AvastSvc.exe:1556 UNLOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Offset: 1073741824 Length: 1
10:35:00 AvastSvc.exe:1556 QUERY INFORMATION C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C NOT FOUND Attributes: Error
10:35:00 AvastSvc.exe:1556 QUERY INFORMATION C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Length: 26624
10:35:00 AvastSvc.exe:1556 READ C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Offset: 24 Length: 16
10:35:00 AvastSvc.exe:1556 LOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Excl: Yes Offset: 1073741825 Length: 1
10:35:00 AvastSvc.exe:1556 OPEN C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS Options: OpenIf Access: All
10:35:00 AvastSvc.exe:1556 WRITE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS Offset: 0 Length: 512
10:35:00 AvastSvc.exe:1556 WRITE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS Offset: 512 Length: 4
10:35:00 AvastSvc.exe:1556 WRITE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS Offset: 516 Length: 1024
10:35:00 AvastSvc.exe:1556 WRITE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS Offset: 1540 Length: 4
10:35:00 AvastSvc.exe:1556 WRITE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS Offset: 1544 Length: 4
10:35:00 AvastSvc.exe:1556 WRITE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS Offset: 1548 Length: 1024
10:35:00 AvastSvc.exe:1556 WRITE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS Offset: 2572 Length: 4
10:35:00 AvastSvc.exe:1556 LOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Excl: Yes Offset: 1073741824 Length: 1
10:35:00 AvastSvc.exe:1556 UNLOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Offset: 1073741826 Length: 510
10:35:00 AvastSvc.exe:1556 LOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Excl: Yes Offset: 1073741826 Length: 510
10:35:00 AvastSvc.exe:1556 WRITE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Offset: 0 Length: 1024
10:35:00 AvastSvc.exe:1556 WRITE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Offset: 25600 Length: 1024
10:35:00 AvastSvc.exe:1556 CLOSE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS
10:35:00 AvastSvc.exe:1556 OPEN C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS Options: Open Access: All
10:35:00 AvastSvc.exe:1556 QUERY INFORMATION C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS FileAttributeTagInformation
10:35:00 AvastSvc.exe:1556 DELETE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS
10:35:00 AvastSvc.exe:1556 CLOSE C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C SUCCESS
10:35:00 AvastSvc.exe:1556 QUERY INFORMATION C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal\journal3C1BBB6C NOT FOUND Attributes: Error
10:35:00 AvastSvc.exe:1556 UNLOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Offset: 1073741826 Length: 510
10:35:00 AvastSvc.exe:1556 LOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Excl: No Offset: 1073741826 Length: 510
10:35:00 AvastSvc.exe:1556 UNLOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Offset: 1073741825 Length: 1
10:35:00 AvastSvc.exe:1556 UNLOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Offset: 1073741824 Length: 1
10:35:00 AvastSvc.exe:1556 UNLOCK C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\Log.db SUCCESS Offset: 1073741826 Length: 510
10:35:03 winlogon.exe:756 QUERY INFORMATION C:\WINDOWS\system32\Msctf.dll SUCCESS Attributes: A
10:35:03 winlogon.exe:756 OPEN C:\WINDOWS\system32\Msctf.dll SUCCESS Options: Open Access: Execute
10:35:03 winlogon.exe:756 QUERY INFORMATION C:\WINDOWS\system32\Msctf.dll SUCCESS Length: 297984
10:35:03 winlogon.exe:756 CLOSE C:\WINDOWS\system32\Msctf.dll SUCCESS
10:35:05 explorer.exe:1728 OPEN C:\ SUCCESS Options: Open Directory Access: All
10:35:05 explorer.exe:1728 QUERY INFORMATION C:\ SUCCESS FileFsFullSizeInformation
10:35:05 explorer.exe:1728 CLOSE C:\ SUCCESS
10:35:05 explorer.exe:1728 OPEN D:\ SUCCESS Options: Open Directory Access: All
10:35:05 explorer.exe:1728 QUERY INFORMATION D:\ SUCCESS FileFsFullSizeInformation
10:35:05 explorer.exe:1728 CLOSE D:\ SUCCESS
10:35:05 explorer.exe:1728 OPEN E:\ SUCCESS Options: Open Directory Access: All
10:35:05 explorer.exe:1728 QUERY INFORMATION E:\ SUCCESS FileFsFullSizeInformation
10:35:05 explorer.exe:1728 CLOSE E:\ SUCCESS

[motji]

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[makimaki]

Trocha dobrodružství , ale je to zde ... , doufám že jen planě neužírám Váš čas.
Bohužel mě nejde nastavit konzola pro zotavení - jednak po mě chce jakési licenční dodatky, pokud to odmítnu tak počítač dojde do kroku 10 a spadne systém a provede se restart tak už nevím ...


ComboFix 10-09-25.07 - domaa 26.09.2010 13:17:12.1.2 - x86
Spuštěný z: c:\documents and settings\domaa\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-26 do 2010-09-26 )))))))))))))))))))))))))))))))
.

2010-09-25 19:26 . 2010-09-25 19:26 -------- d-----w- C:\rsit
2010-09-25 06:45 . 2010-09-25 06:45 -------- d-----w- c:\program files\Unlocker
2010-09-24 19:09 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-24 19:09 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-24 19:09 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-24 19:09 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-24 19:09 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-24 19:09 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-24 19:09 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-24 19:09 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-24 19:09 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-24 19:09 . 2010-09-24 19:09 -------- d-----w- c:\program files\Alwil Software
2010-09-23 18:58 . 2010-09-23 18:58 -------- d-sh--w- c:\documents and settings\domaa\IECompatCache
2010-09-23 17:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 17:58 . 2010-09-23 18:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 17:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 18:27 . 2010-09-22 18:27 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-09-15 17:37 . 2010-09-15 17:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-13 18:32 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-13 18:27 . 2010-09-13 18:30 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-09-13 17:49 . 2010-09-15 14:48 233804 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-13 17:49 . 2010-09-15 14:48 233804 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-13 17:49 . 2010-09-15 14:48 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-13 17:49 . 2010-09-13 17:49 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-11 16:53 . 2009-12-14 10:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-10 06:59 . 2010-09-25 20:50 -------- d-----w- c:\program files\OpenHardwareMonitor
2010-09-10 04:55 . 2004-08-13 08:56 5810 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2010-09-09 16:02 . 2010-09-23 18:34 -------- d-----w- c:\windows\system32\NtmsData
2010-09-07 18:52 . 2010-09-25 19:26 -------- d-----w- c:\program files\trend micro
2010-09-03 05:19 . 2010-09-03 05:19 -------- d-----w- c:\program files\HD Tune
2010-09-02 12:58 . 2010-09-02 12:58 -------- d-sh--w- c:\documents and settings\domaa\PrivacIE
2010-09-02 12:56 . 2005-04-03 17:10 286720 ------w- c:\windows\system32\fppmon2.dll
2010-09-02 12:56 . 2005-03-31 07:09 118784 ------w- c:\windows\system32\fppr232.dll
2010-09-02 12:43 . 2010-09-02 12:43 -------- d-----w- c:\windows\Corel
2010-09-02 12:40 . 2010-09-02 12:40 -------- d-----w- c:\program files\Corel
2010-09-02 12:40 . 2010-09-02 12:40 -------- d-----w- c:\program files\Common Files\Corel
2010-09-02 12:26 . 2010-09-02 12:26 -------- d-sh--w- c:\documents and settings\domaa\IETldCache
2010-09-02 12:16 . 2010-09-02 12:16 -------- d-----w- c:\program files\MSXML 4.0
2010-09-02 12:15 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-02 12:15 . 2010-09-02 12:15 -------- d-----w- c:\windows\ie8updates
2010-09-02 12:15 . 2010-06-24 12:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-02 12:15 . 2010-06-24 12:27 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-02 12:15 . 2010-06-24 12:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-02 12:15 . 2010-06-24 12:27 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-02 12:15 . 2010-06-24 12:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-02 12:15 . 2010-06-24 15:57 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-09-02 12:15 . 2010-06-24 12:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-02 12:14 . 2010-09-02 12:15 -------- dc-h--w- c:\windows\ie8
2010-09-02 11:57 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-02 11:56 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-02 11:52 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-02 11:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-09-02 11:47 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-02 11:45 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-09-02 11:45 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-09-02 11:45 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-02 11:41 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-09-02 11:35 . 2010-04-28 18:15 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-02 11:35 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-09-02 11:35 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-09-02 11:35 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-09-02 11:35 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-09-02 11:35 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-09-02 11:35 . 2009-06-25 08:27 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-09-02 11:35 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-09-02 11:35 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-09-02 11:35 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-09-02 11:35 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-02 11:35 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-02 11:34 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-09-02 11:33 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-02 11:33 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-09-02 11:31 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-02 11:31 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-02 11:30 . 2010-09-15 14:55 -------- d--h--w- c:\windows\$hf_mig$
2010-09-02 11:24 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-09-02 11:14 . 2010-09-02 11:14 -------- d-----w- c:\program files\Autodesk
2010-09-02 11:14 . 2010-09-02 11:14 -------- d-----w- c:\program files\AnswerWorks 4.0
2010-09-02 11:13 . 2010-09-02 11:14 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-09-02 11:13 . 2010-09-02 11:14 -------- d-----w- c:\program files\AutoCAD 2005
2010-09-02 11:11 . 2010-09-02 11:12 -------- d-----w- c:\windows\system32\URTTemp
2010-09-02 11:03 . 2008-03-17 20:49 524288 ----a-w- c:\windows\system32\opuc.dll
2010-09-02 11:03 . 2008-02-05 00:23 693792 ----a-w- c:\windows\system32\OGACheckControl.dll
2010-09-02 11:03 . 2007-07-31 08:25 142696 ----a-w- c:\windows\system32\MicrosoftUpdateCatalogWebControl.dll
2010-09-02 10:53 . 2010-09-02 10:53 -------- d-----w- c:\program files\Microsoft Works
2010-09-02 10:51 . 2010-09-02 10:51 -------- d-----w- c:\windows\SHELLNEW
2010-09-02 10:51 . 2010-09-02 10:51 -------- d-----r- C:\MSOCache
2010-09-02 10:43 . 2010-09-02 10:43 -------- d-----w- c:\program files\xp-AntiSpy
2010-09-02 10:42 . 2010-09-02 10:42 -------- d-----w- c:\program files\Elaborate Bytes
2010-09-02 10:29 . 2010-09-02 10:29 -------- d-----w- c:\program files\IObit
2010-09-02 10:27 . 2010-09-11 17:05 -------- d-----w- c:\program files\Totalcmd
2010-09-01 19:09 . 2010-09-01 19:24 -------- d-----w- c:\program files\Total_Commander
2010-09-01 18:32 . 2010-09-01 18:32 -------- d-sh--w- c:\documents and settings\domaa\UserData
2010-09-01 18:15 . 2010-09-01 18:20 -------- d-----w- c:\program files\proe2000i2
2010-09-01 18:10 . 2007-06-11 16:03 98304 ----a-w- c:\windows\system32\CadsCmnDlgs8.dll
2010-09-01 18:08 . 2010-09-01 18:08 -------- d-----w- c:\documents and settings\domaa\ESA71
2010-09-01 18:07 . 2010-09-01 18:07 -------- d-----w- c:\program files\SCIA
2010-09-01 18:04 . 2010-09-01 18:04 -------- d-----w- c:\program files\cdrLabel 7.1
2010-09-01 18:03 . 2010-09-01 18:03 -------- d-----w- c:\program files\KmpPlayer
2010-09-01 18:00 . 2004-06-23 17:26 1994752 ------w- c:\windows\UNNMP.exe
2010-09-01 17:58 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-09-01 17:56 . 2010-09-02 10:35 -------- d-----w- c:\program files\Glary Utilities
2010-09-01 17:56 . 2004-07-26 17:09 2023424 ------w- c:\windows\UNNeroVision.exe
2010-09-01 17:56 . 2001-03-08 17:30 24064 ------w- c:\windows\system32\msxml3a.dll
2010-09-01 17:56 . 2004-07-20 15:24 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-09-01 17:56 . 2004-07-09 07:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2010-09-01 17:56 . 2004-07-20 15:24 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-09-01 17:56 . 2004-07-20 15:24 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-09-01 17:56 . 2004-07-20 15:24 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-09-01 17:56 . 2001-06-26 06:15 38912 ------w- c:\windows\system32\picn20.dll
2010-09-01 17:56 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-09-01 17:56 . 2010-09-01 17:57 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-01 17:56 . 2010-09-01 18:00 -------- d-----w- c:\program files\Ahead
2010-09-01 17:42 . 2010-09-01 17:42 -------- d-----w- c:\program files\Zoner
2010-09-01 17:30 . 2010-09-01 17:30 -------- d-----w- c:\program files\CCleaner
2010-09-01 17:24 . 2000-10-02 10:27 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2010-09-01 17:24 . 2004-11-30 12:57 507904 ----a-w- c:\windows\system32\Tdbgpp8.DLL
2010-09-01 17:24 . 1998-07-06 04:00 33792 ----a-w- c:\windows\system32\CmDlgDE.dll
2010-09-01 17:24 . 1998-07-06 04:00 32768 ----a-w- c:\windows\system32\DBLstDE.dll
2010-09-01 17:24 . 1998-07-05 23:00 42496 ----a-w- c:\windows\system32\FlxGdDE.dll
2010-09-01 17:24 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-09-01 17:23 . 2010-09-01 17:23 -------- d-----w- c:\program files\NORD
2010-09-01 17:19 . 2010-09-01 17:19 -------- d-----w- c:\program files\TweakNow RegCleaner Std
2010-09-01 11:05 . 2010-09-01 11:07 -------- d-----w- c:\program files\Translator_full
2010-09-01 11:04 . 2010-09-08 18:40 -------- d-----w- C:\Ins

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 18:15 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-09-20 18:15 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-09-10 07:12 . 2010-09-10 07:12 -------- d-----w- c:\program files\MSBuild
2010-09-10 07:12 . 2010-09-10 07:12 -------- d-----w- c:\program files\Reference Assemblies
2010-09-01 18:09 . 2010-09-01 18:09 -------- d-----w- c:\program files\CADS
2010-09-01 18:09 . 2010-09-01 18:09 -------- d-----w- c:\program files\SafeNet Sentinel
2010-09-01 18:09 . 2010-09-01 18:09 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2010-09-01 18:09 . 2010-09-01 18:09 -------- d-----w- c:\program files\Common Files\CADS Shared
2010-09-01 18:06 . 2010-09-01 07:53 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-01 09:13 . 2010-09-01 07:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-01 09:13 . 2010-09-01 07:10 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-09-01 09:12 . 2010-09-01 07:10 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-09-01 07:56 . 2010-09-01 07:56 -------- d-----w- c:\program files\ScreenShot Wizard
2010-09-01 07:56 . 2010-09-01 07:56 0 ----a-w- c:\windows\nsreg.dat
2010-09-01 07:11 . 2010-09-01 07:11 -------- d-----w- c:\program files\microsoft frontpage
2010-09-01 07:08 . 2010-09-01 07:08 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-17 13:17 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:46 . 2004-08-18 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24 . 2010-07-09 14:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24 . 2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24 . 2010-07-09 14:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24 . 2010-07-09 14:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24 . 2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-30 12:33 . 2004-08-18 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-04-03 483328]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\proe2000i2\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\proe2000i2\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\proe2000i2\\i486_nt\\nms\\nmsd.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.9.2010 21:09 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.9.2010 21:09 17744]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27.4.2007 1:00 316992]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - FILEMON70
.
Obsah adresáře 'Naplánované úlohy'

2010-09-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-09-01 09:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\domaa\Data aplikací\Mozilla\Firefox\Profiles\0cknrmzu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 13:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-09-26 13:19:58
ComboFix-quarantined-files.txt 2010-09-26 11:19

Před spuštěním: Volných bajtů: 143 149 187 072
Po spuštění: Volných bajtů: 143 158 480 896

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe

- - End Of File - - 57E86E782267F269C1D0C73C68AC2737

[makimaki]

Tak se to povedlo ! Ale neznám ortel .....


ComboFix 10-09-25.07 - domaa 26.09.2010 13:45:01.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1666 [GMT 2:00]
Spuštěný z: c:\documents and settings\domaa\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-26 do 2010-09-26 )))))))))))))))))))))))))))))))
.

2010-09-25 19:26 . 2010-09-25 19:26 -------- d-----w- C:\rsit
2010-09-25 06:45 . 2010-09-25 06:45 -------- d-----w- c:\program files\Unlocker
2010-09-24 19:09 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-24 19:09 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-24 19:09 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-24 19:09 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-24 19:09 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-24 19:09 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-24 19:09 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-24 19:09 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-24 19:09 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-24 19:09 . 2010-09-24 19:09 -------- d-----w- c:\program files\Alwil Software
2010-09-23 18:58 . 2010-09-23 18:58 -------- d-sh--w- c:\documents and settings\domaa\IECompatCache
2010-09-23 17:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 17:58 . 2010-09-23 18:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 17:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 18:27 . 2010-09-22 18:27 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-09-15 17:37 . 2010-09-15 17:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-13 18:32 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-13 18:27 . 2010-09-13 18:30 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-09-13 17:49 . 2010-09-15 14:48 233804 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-13 17:49 . 2010-09-15 14:48 233804 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-13 17:49 . 2010-09-15 14:48 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-13 17:49 . 2010-09-13 17:49 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-11 16:53 . 2009-12-14 10:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-10 06:59 . 2010-09-25 20:50 -------- d-----w- c:\program files\OpenHardwareMonitor
2010-09-10 04:55 . 2004-08-13 08:56 5810 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2010-09-09 16:02 . 2010-09-23 18:34 -------- d-----w- c:\windows\system32\NtmsData
2010-09-07 18:52 . 2010-09-25 19:26 -------- d-----w- c:\program files\trend micro
2010-09-03 05:19 . 2010-09-03 05:19 -------- d-----w- c:\program files\HD Tune
2010-09-02 12:58 . 2010-09-02 12:58 -------- d-sh--w- c:\documents and settings\domaa\PrivacIE
2010-09-02 12:56 . 2005-04-03 17:10 286720 ------w- c:\windows\system32\fppmon2.dll
2010-09-02 12:56 . 2005-03-31 07:09 118784 ------w- c:\windows\system32\fppr232.dll
2010-09-02 12:43 . 2010-09-02 12:43 -------- d-----w- c:\windows\Corel
2010-09-02 12:40 . 2010-09-02 12:40 -------- d-----w- c:\program files\Corel
2010-09-02 12:40 . 2010-09-02 12:40 -------- d-----w- c:\program files\Common Files\Corel
2010-09-02 12:26 . 2010-09-02 12:26 -------- d-sh--w- c:\documents and settings\domaa\IETldCache
2010-09-02 12:16 . 2010-09-02 12:16 -------- d-----w- c:\program files\MSXML 4.0
2010-09-02 12:15 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-02 12:15 . 2010-09-02 12:15 -------- d-----w- c:\windows\ie8updates
2010-09-02 12:15 . 2010-06-24 12:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-02 12:15 . 2010-06-24 12:27 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-02 12:15 . 2010-06-24 12:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-02 12:15 . 2010-06-24 12:27 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-02 12:15 . 2010-06-24 12:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-02 12:15 . 2010-06-24 15:57 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-09-02 12:15 . 2010-06-24 12:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-02 12:14 . 2010-09-02 12:15 -------- dc-h--w- c:\windows\ie8
2010-09-02 11:57 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-02 11:56 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-02 11:52 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-02 11:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-09-02 11:47 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-02 11:45 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-09-02 11:45 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-09-02 11:45 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-02 11:41 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-09-02 11:35 . 2010-04-28 18:15 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-02 11:35 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-09-02 11:35 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-09-02 11:35 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-09-02 11:35 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-09-02 11:35 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-09-02 11:35 . 2009-06-25 08:27 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-09-02 11:35 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-09-02 11:35 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-09-02 11:35 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-09-02 11:35 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-02 11:35 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-02 11:34 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-09-02 11:33 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-02 11:33 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-09-02 11:31 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-02 11:31 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-02 11:30 . 2010-09-15 14:55 -------- d--h--w- c:\windows\$hf_mig$
2010-09-02 11:24 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-09-02 11:14 . 2010-09-02 11:14 -------- d-----w- c:\program files\Autodesk
2010-09-02 11:14 . 2010-09-02 11:14 -------- d-----w- c:\program files\AnswerWorks 4.0
2010-09-02 11:13 . 2010-09-02 11:14 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-09-02 11:13 . 2010-09-02 11:14 -------- d-----w- c:\program files\AutoCAD 2005
2010-09-02 11:11 . 2010-09-02 11:12 -------- d-----w- c:\windows\system32\URTTemp
2010-09-02 11:03 . 2008-03-17 20:49 524288 ----a-w- c:\windows\system32\opuc.dll
2010-09-02 11:03 . 2008-02-05 00:23 693792 ----a-w- c:\windows\system32\OGACheckControl.dll
2010-09-02 11:03 . 2007-07-31 08:25 142696 ----a-w- c:\windows\system32\MicrosoftUpdateCatalogWebControl.dll
2010-09-02 10:53 . 2010-09-02 10:53 -------- d-----w- c:\program files\Microsoft Works
2010-09-02 10:51 . 2010-09-02 10:51 -------- d-----w- c:\windows\SHELLNEW
2010-09-02 10:51 . 2010-09-02 10:51 -------- d-----r- C:\MSOCache
2010-09-02 10:43 . 2010-09-02 10:43 -------- d-----w- c:\program files\xp-AntiSpy
2010-09-02 10:42 . 2010-09-02 10:42 -------- d-----w- c:\program files\Elaborate Bytes
2010-09-02 10:29 . 2010-09-02 10:29 -------- d-----w- c:\program files\IObit
2010-09-02 10:27 . 2010-09-11 17:05 -------- d-----w- c:\program files\Totalcmd
2010-09-01 19:09 . 2010-09-01 19:24 -------- d-----w- c:\program files\Total_Commander
2010-09-01 18:32 . 2010-09-01 18:32 -------- d-sh--w- c:\documents and settings\domaa\UserData
2010-09-01 18:15 . 2010-09-01 18:20 -------- d-----w- c:\program files\proe2000i2
2010-09-01 18:10 . 2007-06-11 16:03 98304 ----a-w- c:\windows\system32\CadsCmnDlgs8.dll
2010-09-01 18:08 . 2010-09-01 18:08 -------- d-----w- c:\documents and settings\domaa\ESA71
2010-09-01 18:07 . 2010-09-01 18:07 -------- d-----w- c:\program files\SCIA
2010-09-01 18:04 . 2010-09-01 18:04 -------- d-----w- c:\program files\cdrLabel 7.1
2010-09-01 18:03 . 2010-09-01 18:03 -------- d-----w- c:\program files\KmpPlayer
2010-09-01 18:00 . 2004-06-23 17:26 1994752 ------w- c:\windows\UNNMP.exe
2010-09-01 17:58 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-09-01 17:56 . 2010-09-02 10:35 -------- d-----w- c:\program files\Glary Utilities
2010-09-01 17:56 . 2004-07-26 17:09 2023424 ------w- c:\windows\UNNeroVision.exe
2010-09-01 17:56 . 2001-03-08 17:30 24064 ------w- c:\windows\system32\msxml3a.dll
2010-09-01 17:56 . 2004-07-20 15:24 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-09-01 17:56 . 2004-07-09 07:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2010-09-01 17:56 . 2004-07-20 15:24 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-09-01 17:56 . 2004-07-20 15:24 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-09-01 17:56 . 2004-07-20 15:24 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-09-01 17:56 . 2001-06-26 06:15 38912 ------w- c:\windows\system32\picn20.dll
2010-09-01 17:56 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-09-01 17:56 . 2010-09-01 17:57 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-01 17:56 . 2010-09-01 18:00 -------- d-----w- c:\program files\Ahead
2010-09-01 17:42 . 2010-09-01 17:42 -------- d-----w- c:\program files\Zoner
2010-09-01 17:30 . 2010-09-01 17:30 -------- d-----w- c:\program files\CCleaner
2010-09-01 17:24 . 2000-10-02 10:27 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2010-09-01 17:24 . 2004-11-30 12:57 507904 ----a-w- c:\windows\system32\Tdbgpp8.DLL
2010-09-01 17:24 . 1998-07-06 04:00 33792 ----a-w- c:\windows\system32\CmDlgDE.dll
2010-09-01 17:24 . 1998-07-06 04:00 32768 ----a-w- c:\windows\system32\DBLstDE.dll
2010-09-01 17:24 . 1998-07-05 23:00 42496 ----a-w- c:\windows\system32\FlxGdDE.dll
2010-09-01 17:24 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-09-01 17:23 . 2010-09-01 17:23 -------- d-----w- c:\program files\NORD
2010-09-01 17:19 . 2010-09-01 17:19 -------- d-----w- c:\program files\TweakNow RegCleaner Std
2010-09-01 11:05 . 2010-09-01 11:07 -------- d-----w- c:\program files\Translator_full
2010-09-01 11:04 . 2010-09-08 18:40 -------- d-----w- C:\Ins

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 18:15 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-09-20 18:15 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-09-10 07:12 . 2010-09-10 07:12 -------- d-----w- c:\program files\MSBuild
2010-09-10 07:12 . 2010-09-10 07:12 -------- d-----w- c:\program files\Reference Assemblies
2010-09-01 18:09 . 2010-09-01 18:09 -------- d-----w- c:\program files\CADS
2010-09-01 18:09 . 2010-09-01 18:09 -------- d-----w- c:\program files\SafeNet Sentinel
2010-09-01 18:09 . 2010-09-01 18:09 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2010-09-01 18:09 . 2010-09-01 18:09 -------- d-----w- c:\program files\Common Files\CADS Shared
2010-09-01 18:06 . 2010-09-01 07:53 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-01 09:13 . 2010-09-01 07:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-01 09:13 . 2010-09-01 07:10 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-09-01 09:12 . 2010-09-01 07:10 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-09-01 07:56 . 2010-09-01 07:56 -------- d-----w- c:\program files\ScreenShot Wizard
2010-09-01 07:56 . 2010-09-01 07:56 0 ----a-w- c:\windows\nsreg.dat
2010-09-01 07:11 . 2010-09-01 07:11 -------- d-----w- c:\program files\microsoft frontpage
2010-09-01 07:08 . 2010-09-01 07:08 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-17 13:17 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:46 . 2004-08-18 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24 . 2010-07-09 14:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24 . 2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24 . 2010-07-09 14:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24 . 2010-07-09 14:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24 . 2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-30 12:33 . 2004-08-18 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-04-03 483328]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\proe2000i2\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\proe2000i2\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\proe2000i2\\i486_nt\\nms\\nmsd.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.9.2010 21:09 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.9.2010 21:09 17744]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27.4.2007 1:00 316992]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-09-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-09-01 09:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\domaa\Data aplikací\Mozilla\Firefox\Profiles\0cknrmzu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3020)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-09-26 13:47:23
ComboFix-quarantined-files.txt 2010-09-26 11:47
ComboFix2.txt 2010-09-26 11:19

Před spuštěním: Volných bajtů: 143 041 871 872
Po spuštění: Volných bajtů: 143 027 159 040

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 00A3AC4160B85385782E2DDFC216B448

[motji]

Tuto složku znáte?
C:\Ins

Jak to ted vypadá s počítačem?

[makimaki]

Řekl bych, že to vypadá stejně.
V INS mám některé klíče (Advanced SystemCare..) a *.exe soubory (HD Tune, XP anti spy).

[motji]

Pořád chroupe? A při zátěži, nebo jen tak?

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"-
"Adobe ARM"=-
"NeroFilterCheck"=-
"VirtualCloneDrive"=-
"UnlockerAssistant"=-

Driver::
SetupNTGLM7X

File::
f:\ntglm7x.sys

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci