VIRY.CZ

Dobrý den, ahoj..

mám šíleně zpomalený počítač a zejména internet načítá stránky strašně dlouho, jak IE tak Mozilla..chtěla jsem vložit LOG z HJT, ale nejde mi spustit, ani ta instalační varianta msi balíček..
nevím co s tím.....prosím poraďte...

Hezké poledne
nabootujte od nouzového režimu (po restartu mačkejte F8 - nouzový režim s prací v síti)

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript: - zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

Ještě jsem zkusila přejmenovat HiJackThis na HJT a zafungoval...tady je log:
Mám se pokusit o to, co jste psal výše, nebo takhle ten log stačí??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:36, on 20.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\IVA_Client\iva_control.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Doma\Dokumenty\Stažené soubory\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - :C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] :"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] :C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] :C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] :"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] :"C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] :C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ~Disabled
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - :C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - :C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0288335562
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iva_control - IT Development s.r.o. - c:\Program Files\IVA_Client\iva_control.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: uvnc_service - UltraVNC - c:\Program Files\IVA_Client\VNC\winvnc.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8453 bytes

Já jsem to chtěla v OTL rovnou mazat, ale tohle vypadá na rootkita, uděláme rovnou combofix .

Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com


-spusťte ho a nechejte pracovat. Sám se ukončí.

- Ted nerestartujte počítač!



Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
-combofix přejmenujte na žížala.com



A mimochodem, jsme žena

Právě se mi sám od sebe restartoval PC...nechápu...
OK, stáhnu Rkill, nechám ho pracovat, pak budu doufat, že se neotočí mašina a spustím stažený Combofix...a počkám na Vaše další rady..
PS: to je velmi milé, že jste žena, neobvyklé, ale potěšující...

Kdyby to nešlo, zkuste nouzový režim.
A pro jistotu si zazálohujte Vaše data

Při pokusu spustit RKill se mi pod rukama otočil PC..tak jsem to přejmenovala a zkusila spustit znovu a šlo to...když to doběhlo, tak jsem spustila ComboFix...
teď to běží...(píšu z jiného PC)..
a teď se mi to zase restartovalo, při běhu Combofixu....
znovu se objevilo okno, že Combofix dělá autoscan...

mám pak vložit log?

otočil pc..to myslíte jak?

Ano, vložte. Pravděpodobně tam máte nějakého rootkita, co všechno blokuje. Já tu ještě chvilku budu, počkám na ten log.

"otočit" = restart
tady je log:
ComboFix 11-02-16.01 - Doma 20.02.2011 13:33:19.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2669 [GMT 1:00]
Spuštěný z: c:\documents and settings\Doma\Plocha\žížala.com.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-2052111302-2139871995-1801674531-1004(2)\Dc2.jpg
c:\recycler(2)\S-1-5-21-2052111302-2139871995-1801674531-1004(2)\INFO2
c:\windows\system\MSVBVM60.DLL
c:\windows\system32\214923341.dat
c:\windows\system32\drivers\AtapiDrv.sys
c:\windows\system32\systemcpl.dll
c:\windows\system32\win32x.exe

c:\windows\system32\drivers\6b4a5b7f.sys . . . je infikován!! . . . Failed to find a valid replacement.
c:\windows\system32\proquota.exe . . . chybí !!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATAPIDRV
-------\Legacy_win32x
-------\Service_AtapiDrv
-------\Service_win32x


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-20 do 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 10:40 . 2011-02-20 10:40 388096 ----a-r- c:\documents and settings\Doma\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-20 10:40 . 2011-02-20 10:40 -------- d-----w- c:\program files\Trend Micro
2011-02-20 08:24 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-20 08:24 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-20 08:24 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-20 08:24 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-20 08:24 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-20 08:24 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-20 08:24 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-20 08:24 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-20 08:24 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-20 08:24 . 2011-02-20 08:24 -------- d-----w- c:\program files\Alwil Software
2011-02-20 08:24 . 2011-02-20 08:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-02-14 13:55 . 2011-02-14 13:55 -------- d-----w- c:\documents and settings\Doma\Local Settings\Data aplikací\IVASystem
2011-02-14 13:55 . 2011-02-14 13:55 -------- d-----w- c:\program files\IVA_Client
2011-02-08 11:30 . 2011-02-08 11:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NovaTech Network
2011-02-08 11:28 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-02-08 11:28 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-02-08 11:28 . 2011-02-08 11:28 -------- d-----w- c:\windows\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2008-09-26 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-05_17.05.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-02-20 12:38 . 2011-02-20 12:38 16384 c:\windows\temp\Perflib_Perfdata_edc.dat
+ 2011-02-20 12:38 . 2011-02-20 12:38 16384 c:\windows\temp\Perflib_Perfdata_b44.dat
+ 1998-03-26 00:12 . 1998-03-26 00:12 53248 c:\windows\system32\zlib.dll
+ 2010-12-24 18:54 . 2005-12-05 17:07 61136 c:\windows\system32\xinput9_1_0.dll
+ 2010-12-24 18:54 . 2006-07-28 08:30 62744 c:\windows\system32\xinput1_2.dll
+ 2010-12-24 18:54 . 2006-03-31 11:39 62672 c:\windows\system32\xinput1_1.dll
+ 2010-12-24 18:54 . 2006-02-03 07:41 14032 c:\windows\system32\x3daudio1_0.dll
+ 2008-09-29 20:43 . 2008-04-14 07:52 75264 c:\windows\system32\storprop.dll
- 2008-09-29 20:43 . 2008-04-14 08:52 75264 c:\windows\system32\storprop.dll
+ 2010-11-12 20:24 . 2010-01-12 05:35 80416 c:\windows\system32\RtNicProp32.dll
+ 2010-11-12 21:02 . 2008-04-14 07:10 39680 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\processr.sys
+ 2010-11-12 20:17 . 2006-10-05 14:35 35840 c:\windows\system32\ReinstallBackups\0007\DriverFiles\NVCOI.DLL
+ 2010-01-02 13:41 . 2005-05-31 23:10 73728 c:\windows\system32\PICSDK.dll
+ 2010-01-02 13:41 . 2005-06-01 02:10 77824 c:\windows\system32\PICEntry.dll
+ 2006-03-02 12:00 . 2010-11-12 21:09 58732 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-11-12 21:09 68916 c:\windows\system32\perfc005.dat
+ 2010-03-15 15:52 . 2010-03-15 15:52 61440 c:\windows\system32\OpenCL.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 81920 c:\windows\system32\nvwddi.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 14952 c:\windows\system32\NvRCoZht.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 14952 c:\windows\system32\NvRCoZhc.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 17512 c:\windows\system32\NvRCoSv.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 17512 c:\windows\system32\NvRCoRu.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 18024 c:\windows\system32\NvRCoPtb.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 17512 c:\windows\system32\NvRCoNo.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 17512 c:\windows\system32\NvRCoNl.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 15464 c:\windows\system32\NvRCoKo.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 15464 c:\windows\system32\NvRCoJa.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 18024 c:\windows\system32\NvRCoIt.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 18024 c:\windows\system32\NvRCoFr.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 17512 c:\windows\system32\NvRCoFi.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 18024 c:\windows\system32\NvRCoEsm.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 18024 c:\windows\system32\NvRCoEs.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 17000 c:\windows\system32\NvRCoENU.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 17000 c:\windows\system32\NvRCoEng.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 18024 c:\windows\system32\NvRCoDe.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 17512 c:\windows\system32\NvRCoDa.dll
+ 2008-09-29 20:12 . 2010-02-15 18:18 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-10-21 14:39 . 2009-10-21 14:40 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2010-11-11 12:24 . 2008-04-14 07:51 21504 c:\windows\system32\hidserv.dll
+ 2010-01-02 13:41 . 2004-03-03 05:10 21390 c:\windows\system32\EPPICPattern5.dat
+ 2010-01-02 13:41 . 2004-03-03 05:10 11811 c:\windows\system32\EPPICPattern4.dat
+ 2010-01-02 13:41 . 2004-03-03 05:10 24903 c:\windows\system32\EPPICPattern3.dat
+ 2010-01-02 13:41 . 2004-03-03 05:10 20148 c:\windows\system32\EPPICPattern2.dat
+ 2010-01-02 13:41 . 2004-03-03 05:10 31053 c:\windows\system32\EPPICPattern131.dat
+ 2010-01-02 13:41 . 2004-03-03 05:10 27417 c:\windows\system32\EPPICPattern121.dat
+ 2010-01-02 13:41 . 2004-03-03 05:10 26154 c:\windows\system32\EPPICPattern1.dat
+ 2010-01-02 13:41 . 2004-03-03 05:10 65536 c:\windows\system32\EPPicMgr.dll
+ 2010-11-12 21:02 . 2007-04-16 15:46 44544 c:\windows\system32\DRVSTORE\amdppm_C66586B319F61C772BA2DAB141D0FE08F299F411\AmdPPM64.sys
+ 2010-11-12 21:02 . 2007-04-16 15:46 33792 c:\windows\system32\DRVSTORE\amdppm_C66586B319F61C772BA2DAB141D0FE08F299F411\AmdPPM.sys
+ 2010-11-12 21:02 . 2006-07-01 21:42 43008 c:\windows\system32\DRVSTORE\amdk8_272AB57A055A98BD494E3A7FDA0E8216ECE25347\AmdK8.sys
+ 2010-11-11 12:24 . 2008-04-13 23:15 20608 c:\windows\system32\drivers\usbuhci.sys
+ 2005-11-03 14:40 . 2005-11-03 14:40 63488 c:\windows\system32\drivers\sfvfs02.sys
+ 2008-04-13 22:10 . 2008-04-13 23:10 24960 c:\windows\system32\drivers\pciidex.sys
- 2008-04-13 22:10 . 2008-04-14 00:10 24960 c:\windows\system32\drivers\pciidex.sys
+ 2010-11-11 12:24 . 2008-04-13 23:06 46464 c:\windows\system32\drivers\GAGP30KX.SYS
+ 2010-11-11 12:24 . 2001-08-17 19:13 27165 c:\windows\system32\drivers\fetnd5.sys
+ 2008-04-13 22:10 . 2008-04-13 23:10 96512 c:\windows\system32\drivers\atapi.sys
- 2008-04-13 22:10 . 2008-04-14 00:10 96512 c:\windows\system32\drivers\atapi.sys
+ 2010-11-12 21:02 . 2006-07-01 21:42 43008 c:\windows\system32\drivers\AmdK8.sys
+ 2010-11-11 12:24 . 2008-04-13 23:15 20608 c:\windows\system32\dllcache\usbuhci.sys
+ 2008-09-29 20:43 . 2008-04-14 07:52 75264 c:\windows\system32\dllcache\storprop.dll
+ 2008-04-13 22:10 . 2008-04-13 23:10 24960 c:\windows\system32\dllcache\pciidex.sys
+ 2010-11-11 12:24 . 2008-04-14 07:51 21504 c:\windows\system32\dllcache\hidserv.dll
+ 2010-11-11 12:24 . 2008-04-13 23:06 46464 c:\windows\system32\dllcache\gagp30kx.sys
+ 2010-11-11 12:24 . 2001-08-17 19:13 27165 c:\windows\system32\dllcache\fetnd5.sys
+ 2008-04-13 22:10 . 2008-04-13 23:10 96512 c:\windows\system32\dllcache\atapi.sys
+ 2010-12-24 18:54 . 2005-03-18 15:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2010-12-24 18:54 . 2005-03-18 15:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-07-06 14:17 . 2010-07-06 14:17 21504 c:\windows\Installer\79b250.msi
+ 2009-10-22 16:26 . 2009-10-22 16:26 49664 c:\windows\Installer\1f086a.msi
+ 2010-07-06 14:17 . 2010-07-06 14:17 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-12-24 18:52 . 2010-12-24 18:52 10134 c:\windows\Installer\{578FA426-47C0-4A3F-98A4-01ACD26B7556}\ARPPRODUCTICON.exe
+ 2010-09-30 18:23 . 2010-09-30 18:23 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-09-30 18:23 . 2010-09-30 18:23 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-30 18:23 . 2010-09-30 18:23 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-09-30 18:23 . 2010-09-30 18:23 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-09-30 18:23 . 2010-09-30 18:23 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-30 18:23 . 2010-09-30 18:23 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-09-30 18:23 . 2010-09-30 18:23 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe
+ 2010-12-24 18:54 . 2010-12-24 18:54 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-11-12 20:43 . 2010-11-12 20:43 1536 c:\windows\system32\sppcomapi.dll
+ 2010-01-02 13:41 . 2004-03-03 05:10 4943 c:\windows\system32\EPPICPattern6.dat
- 2006-03-02 12:00 . 2001-10-24 11:52 3328 c:\windows\system32\drivers\pciide.sys
+ 2006-03-02 12:00 . 2001-10-24 10:52 3328 c:\windows\system32\drivers\pciide.sys
+ 2006-03-02 12:00 . 2001-10-24 10:52 3328 c:\windows\system32\dllcache\pciide.sys
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-12-24 18:54 . 2006-07-28 08:30 236824 c:\windows\system32\xactengine2_3.dll
+ 2010-12-24 18:54 . 2006-05-31 06:24 230168 c:\windows\system32\xactengine2_2.dll
+ 2010-12-24 18:54 . 2006-03-31 11:39 229584 c:\windows\system32\xactengine2_1.dll
+ 2010-12-24 18:54 . 2006-02-03 07:42 230096 c:\windows\system32\xactengine2_0.dll
+ 2010-03-19 12:00 . 2007-02-10 23:00 426264 c:\windows\system32\wodCrypt.dll
+ 2010-11-12 20:43 . 2010-11-12 20:43 113543 c:\windows\system32\slmgr.vbs
+ 2010-11-12 20:24 . 2010-01-12 05:35 100896 c:\windows\system32\RTNUninst32.dll
+ 2009-06-05 10:30 . 2009-11-07 09:20 205740 c:\windows\system32\Restore\rstrlog.dat
+ 2010-11-12 20:17 . 2006-10-18 14:31 105472 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvata.sys
+ 2010-11-12 20:17 . 2006-10-18 14:31 363008 c:\windows\system32\ReinstallBackups\0007\DriverFiles\idecoi.dll
+ 2010-01-02 13:41 . 2005-06-01 03:10 495616 c:\windows\system32\PICSDK2.dll
+ 2006-03-02 12:00 . 2010-11-12 21:09 392432 c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2010-11-12 21:09 389938 c:\windows\system32\perfh005.dat
+ 2008-09-29 19:46 . 2010-03-03 15:36 600680 c:\windows\system32\NVUNINST.EXE
+ 2010-03-16 02:37 . 2010-03-16 02:37 154216 c:\windows\system32\nvsvc32.exe
+ 2010-03-16 02:37 . 2010-03-16 02:37 126976 c:\windows\system32\nvrszht.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 229376 c:\windows\system32\nvrszhc.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 258048 c:\windows\system32\nvrstr.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 253952 c:\windows\system32\nvrsth.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 253952 c:\windows\system32\nvrssv.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 258048 c:\windows\system32\nvrssl.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 258048 c:\windows\system32\nvrssk.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 270336 c:\windows\system32\nvrsru.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 270336 c:\windows\system32\nvrsptb.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 274432 c:\windows\system32\nvrspt.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 258048 c:\windows\system32\nvrspl.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 253952 c:\windows\system32\nvrsno.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 274432 c:\windows\system32\nvrsnl.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 266240 c:\windows\system32\nvrsko.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 274432 c:\windows\system32\nvrsja.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 282624 c:\windows\system32\nvrsit.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 262144 c:\windows\system32\nvrshu.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 335872 c:\windows\system32\nvrshe.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 286720 c:\windows\system32\nvrsfr.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 249856 c:\windows\system32\nvrsfi.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 274432 c:\windows\system32\nvrsesm.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 282624 c:\windows\system32\nvrses.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 249856 c:\windows\system32\nvrseng.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 282624 c:\windows\system32\nvrsel.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 278528 c:\windows\system32\nvrsde.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 253952 c:\windows\system32\nvrsda.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 249856 c:\windows\system32\nvrscs.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 335872 c:\windows\system32\nvrsar.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 372840 c:\windows\system32\nvraiins.dll
+ 2010-11-12 20:17 . 2010-04-08 18:30 372840 c:\windows\system32\nvraidco.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 110696 c:\windows\system32\nvmctray.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 278120 c:\windows\system32\nvmccs.dll
+ 2010-11-12 20:17 . 2010-03-22 04:28 215656 c:\windows\system32\NVCOSMB.DLL
+ 2010-03-16 02:37 . 2010-03-16 02:37 145000 c:\windows\system32\nvcolor.exe
+ 2010-03-15 15:52 . 2010-03-15 15:52 215656 c:\windows\system32\nvcodins.dll
+ 2010-03-15 15:52 . 2010-03-15 15:52 215656 c:\windows\system32\nvcod.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2010-01-02 15:08 . 2010-01-02 15:08 149280 c:\windows\system32\javaws.exe
+ 2010-01-02 15:08 . 2010-01-02 15:08 145184 c:\windows\system32\javaw.exe
+ 2010-01-02 15:08 . 2010-01-02 15:08 145184 c:\windows\system32\java.exe
+ 2008-09-29 20:41 . 2010-09-09 05:55 110992 c:\windows\system32\FNTCACHE.DAT
- 2008-09-29 20:41 . 2009-03-11 14:18 110992 c:\windows\system32\FNTCACHE.DAT
+ 2010-01-02 13:41 . 2004-03-03 05:10 114688 c:\windows\system32\EpPicPrt.dll
+ 2010-01-02 13:41 . 2005-05-31 23:20 111932 c:\windows\system32\EPPICPrinterDB.dat
+ 2010-11-12 20:24 . 2010-07-06 03:13 234392 c:\windows\system32\drivers\Rtenicxp.sys
+ 2010-11-12 20:17 . 2010-04-08 18:30 168040 c:\windows\system32\drivers\nvgts.sys
+ 2010-01-02 15:08 . 2010-01-02 15:08 411368 c:\windows\system32\deploytk.dll
+ 2009-06-04 08:03 . 2009-06-04 08:03 274432 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-09-08 12:42 . 2010-09-08 12:42 107888 c:\windows\system32\CmdLineExt.dll
+ 2010-12-24 18:54 . 2006-03-31 10:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2006-02-03 06:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2005-12-05 16:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2005-09-28 13:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2005-07-22 16:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2005-05-26 14:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2005-03-18 16:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2005-02-05 18:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2005-03-18 15:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2010-12-24 18:54 . 2005-03-18 15:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2010-12-24 18:54 . 2005-03-18 15:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-24 18:54 . 2005-03-18 15:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2010-12-24 18:54 . 2005-03-18 15:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2010-12-24 18:54 . 2005-03-18 15:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2008-09-12 12:57 . 2008-09-12 12:57 325120 c:\windows\Installer\ef8e67.msi
+ 2008-09-12 12:57 . 2008-09-12 12:57 240640 c:\windows\Installer\ef8e60.msi
+ 2008-09-12 12:57 . 2008-09-12 12:57 796672 c:\windows\Installer\ef8e5a.msi
+ 2008-09-12 12:57 . 2008-09-12 12:57 312320 c:\windows\Installer\ef8e54.msi
+ 2008-09-12 12:57 . 2008-09-12 12:57 491008 c:\windows\Installer\ef8e4e.msi
+ 2008-09-12 12:57 . 2008-09-12 12:57 898560 c:\windows\Installer\ef8e48.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 913920 c:\windows\Installer\ef8e40.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 472576 c:\windows\Installer\ef8e39.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 586240 c:\windows\Installer\ef8e32.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 121344 c:\windows\Installer\ef8e28.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 628736 c:\windows\Installer\ef8e10.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 526336 c:\windows\Installer\ef8e05.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 121344 c:\windows\Installer\ef8dfb.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 426496 c:\windows\Installer\ef8df5.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 339968 c:\windows\Installer\ef8def.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 600576 c:\windows\Installer\ef8de9.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 532480 c:\windows\Installer\ef8de3.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 121344 c:\windows\Installer\ef8ddc.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 425472 c:\windows\Installer\ef8dd6.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 326144 c:\windows\Installer\ef8dcc.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 500736 c:\windows\Installer\ef8dc6.msi
+ 2008-09-12 12:56 . 2008-09-12 12:56 514560 c:\windows\Installer\ef8dc0.msi
+ 2008-09-12 12:55 . 2008-09-12 12:55 316416 c:\windows\Installer\ef8dba.msi
+ 2008-09-12 12:55 . 2008-09-12 12:55 587776 c:\windows\Installer\ef8db4.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 694784 c:\windows\Installer\cf2b.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 194048 c:\windows\Installer\cf25.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 248832 c:\windows\Installer\cf1f.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 248832 c:\windows\Installer\cf19.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251392 c:\windows\Installer\cf13.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251392 c:\windows\Installer\cf0d.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251392 c:\windows\Installer\cf07.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251392 c:\windows\Installer\cf01.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251392 c:\windows\Installer\cefb.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251392 c:\windows\Installer\cef5.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251392 c:\windows\Installer\ceef.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251392 c:\windows\Installer\cee9.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 248320 c:\windows\Installer\cee3.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 248832 c:\windows\Installer\cedd.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 248832 c:\windows\Installer\ced7.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251392 c:\windows\Installer\ced1.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 249344 c:\windows\Installer\cecb.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251392 c:\windows\Installer\cec5.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 249344 c:\windows\Installer\cebf.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 252928 c:\windows\Installer\ceb9.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251904 c:\windows\Installer\ceb3.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 249344 c:\windows\Installer\cead.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251904 c:\windows\Installer\cea7.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 251392 c:\windows\Installer\cea1.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 268800 c:\windows\Installer\ce9b.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 268800 c:\windows\Installer\ce95.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 267776 c:\windows\Installer\ce8f.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 267776 c:\windows\Installer\ce89.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 267776 c:\windows\Installer\ce83.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 268288 c:\windows\Installer\ce7d.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 268288 c:\windows\Installer\ce77.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 267776 c:\windows\Installer\ce71.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 267776 c:\windows\Installer\ce6b.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 267776 c:\windows\Installer\ce65.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 186368 c:\windows\Installer\ce5f.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 186368 c:\windows\Installer\ce59.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 264704 c:\windows\Installer\ce53.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 264704 c:\windows\Installer\ce4d.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 187392 c:\windows\Installer\ce47.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 262656 c:\windows\Installer\ce41.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 265728 c:\windows\Installer\ce3b.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 264704 c:\windows\Installer\ce35.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 265216 c:\windows\Installer\ce2f.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 264704 c:\windows\Installer\ce29.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 264704 c:\windows\Installer\ce23.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 211456 c:\windows\Installer\ce1d.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 180224 c:\windows\Installer\ce17.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 285696 c:\windows\Installer\ce11.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 181760 c:\windows\Installer\ce0b.msi
+ 2008-11-15 18:10 . 2008-11-15 18:10 268288 c:\windows\Installer\ce05.msi
+ 2008-11-15 18:09 . 2008-11-15 18:09 258048 c:\windows\Installer\cdfb.msi
+ 2008-11-15 18:09 . 2008-11-15 18:09 774144 c:\windows\Installer\cca1.msi
+ 2011-02-20 08:24 . 2011-02-20 08:24 219648 c:\windows\Installer\91a57.msi
+ 2010-06-25 07:33 . 2010-06-25 07:33 700416 c:\windows\Installer\8e47.msi
+ 2008-11-12 18:18 . 2008-11-12 18:18 348672 c:\windows\Installer\6c2bd.msi
+ 2008-09-03 09:14 . 2008-09-03 09:14 532992 c:\windows\Installer\3bb230.msi
+ 2009-10-06 21:33 . 2009-10-06 21:33 816640 c:\windows\Installer\380be.msi
+ 2008-09-29 19:55 . 2008-09-29 19:55 317952 c:\windows\Installer\2de5c.msi
+ 2008-09-29 18:56 . 2008-09-29 18:56 265216 c:\windows\Installer\23227.msi
+ 2010-12-24 18:52 . 2010-12-24 18:52 902144 c:\windows\Installer\213d0.msi
+ 2009-03-28 21:51 . 2009-03-28 21:51 923136 c:\windows\Installer\1e3b35.msi
+ 2010-01-02 15:08 . 2010-01-02 15:08 537600 c:\windows\Installer\11aefa8.msi
+ 2010-10-01 05:48 . 2010-10-01 05:48 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2009-10-06 21:33 . 2009-10-06 21:33 102400 c:\windows\Installer\{818ABC3C-635C-4651-8183-D0E9640B7DD1}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
+ 2008-09-12 12:53 . 2010-07-06 07:50 153833 c:\windows\HPHins15.dat
- 2008-09-12 12:53 . 2008-09-12 12:57 153833 c:\windows\HPHins15.dat
+ 2010-12-24 18:54 . 2010-12-24 18:54 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2007-01-01 18:04 . 2007-01-01 18:04 1356800 c:\windows\system32\webfldrs.msi
+ 2010-03-15 15:52 . 2010-03-15 15:52 2183470 c:\windows\system32\nvdata.bin
+ 2010-03-15 15:52 . 2010-03-15 15:52 2030184 c:\windows\system32\nvcuvid.dll
+ 2010-03-15 15:52 . 2010-03-15 15:52 2646632 c:\windows\system32\nvcuvenc.dll
+ 2010-03-15 15:52 . 2010-03-15 15:52 4075520 c:\windows\system32\nvcuda.dll
+ 2010-03-15 15:52 . 2010-03-15 15:52 1097728 c:\windows\system32\nvapi.dll
+ 2010-03-15 15:52 . 2010-03-15 15:52 6432128 c:\windows\system32\nv4_disp.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-03-15 15:52 . 2010-03-15 15:52 6432128 c:\windows\system32\dllcache\nv4_disp.dll
- 2008-10-01 16:28 . 2006-03-31 10:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2008-10-01 16:28 . 2006-03-31 11:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2010-12-24 18:54 . 2006-02-03 07:43 2332368 c:\windows\system32\d3dx9_29.dll
+ 2008-10-01 16:28 . 2005-12-05 17:09 2323664 c:\windows\system32\d3dx9_28.dll
- 2008-10-01 16:28 . 2005-12-05 16:09 2323664 c:\windows\system32\d3dx9_28.dll
+ 2010-12-24 18:54 . 2005-07-22 18:59 2319568 c:\windows\system32\d3dx9_27.dll
+ 2010-12-24 18:54 . 2005-05-26 14:34 2297552 c:\windows\system32\d3dx9_26.dll
+ 2010-12-24 18:54 . 2005-03-18 16:19 2337488 c:\windows\system32\d3dx9_25.dll
+ 2010-12-24 18:54 . 2005-02-05 18:45 2222800 c:\windows\system32\d3dx9_24.dll
+ 2010-12-24 18:54 . 2004-12-01 14:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2004-09-29 11:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-15 18:11 . 2008-11-15 18:11 3650048 c:\windows\Installer\cf33.msi
+ 2010-10-01 05:48 . 2010-10-01 05:48 1575936 c:\windows\Installer\c896.msi
+ 2007-01-17 10:27 . 2007-01-17 10:27 6217216 c:\windows\Installer\6ebf9.msi
+ 2008-09-01 17:12 . 2008-09-01 17:12 6215680 c:\windows\Installer\59d64.msi
+ 2010-09-08 12:36 . 2010-09-08 12:36 1668608 c:\windows\Installer\5420aa.msi
+ 2011-02-20 10:40 . 2011-02-20 10:40 1094656 c:\windows\Installer\3acaf9.msi
+ 2008-09-29 19:57 . 2008-09-29 19:57 7336960 c:\windows\Installer\2df95.msi
+ 2008-09-29 19:54 . 2008-09-29 19:54 2109440 c:\windows\Installer\2de4a.msi
+ 2009-02-08 16:19 . 2009-02-08 16:19 3762688 c:\windows\Installer\263b17.msi
+ 2009-02-08 16:19 . 2009-02-08 16:19 1652224 c:\windows\Installer\263b13.msi
+ 2009-02-08 16:19 . 2009-02-08 16:19 8992256 c:\windows\Installer\263b0d.msi
+ 2009-02-08 16:18 . 2009-02-08 16:18 1549312 c:\windows\Installer\263b07.msi
+ 2009-02-08 16:18 . 2009-02-08 16:18 3152384 c:\windows\Installer\263b01.msi
+ 2008-09-29 20:13 . 2008-09-29 20:13 4366848 c:\windows\Installer\18168.msi
+ 2008-09-29 20:12 . 2008-09-29 20:12 3699200 c:\windows\Installer\18164.msi
+ 2010-09-30 18:23 . 2010-09-30 18:23 1223680 c:\windows\Installer\12bf416.msi
+ 2009-10-06 21:33 . 2009-10-06 21:33 1728512 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{EC391058-A292-41C5-92C7-95C5A09793B8}\HP Update.msi
+ 2008-09-01 17:54 . 2004-07-07 13:35 2440704 c:\windows\Cache\Adobe Reader 6.0.1\CZEBIG\Adobe Reader 6.0.2 CE.msi
+ 2010-12-24 18:54 . 2010-12-24 18:54 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 18:54 . 2010-12-24 18:54 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-15 15:52 . 2010-03-15 15:52 14757888 c:\windows\system32\nvoglnt.dll
+ 2010-03-16 02:37 . 2010-03-16 02:37 13670504 c:\windows\system32\nvcpl.dll
+ 2010-03-15 15:52 . 2010-03-15 15:52 11640832 c:\windows\system32\nvcompiler.dll
+ 2008-09-01 17:11 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
+ 2010-03-15 15:52 . 2010-03-15 15:52 10232352 c:\windows\system32\drivers\nv4_mini.sys
+ 2010-03-15 15:52 . 2010-03-15 15:52 10232352 c:\windows\system32\dllcache\nv4_mini.sys
+ 2005-09-23 05:48 . 2005-09-23 05:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2009-10-22 16:26 . 2009-10-22 16:26 15709696 c:\windows\Installer\1f0871.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-3-16 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\~Disabled
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2010-1-2 57344]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\TopCD\\Cossacks\\Cossacks - Napoleonic Wars\\Data\\engine.exe"=
"c:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
"c:\\Program Files\\IVA_Client\\Client_IVA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.2.2011 9:24 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.2.2011 9:24 17744]
R2 iva_control;iva_control;c:\program files\IVA_Client\iva_control.exe [19.3.2010 13:00 36864]
S1 6b4a5b7f;6b4a5b7f;c:\windows\system32\drivers\6b4a5b7f.sys [31.5.2009 14:37 0]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.7.2010 15:17 136176]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Doma\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Doma\LOCALS~1\Temp\ALSysIO.sys [?]
S3 uvnc_service;uvnc_service;c:\program files\IVA_Client\VNC\winvnc.exe [5.12.2009 16:00 1581512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 14:17]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 14:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\govoovn8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - :c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-SpybotSD TeaTimer - :c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-Adobe Reader Speed Launcher - :c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
HKLM-Run-NeroFilterCheck - :c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
HKLM-Run-HP Software Update - :c:\program files\HP\HP Software Update\HPWuSchd2.exe
HKLM-Run-nwiz - nwiz.exe
AddRemove-HijackThis - c:\documents and settings\Doma\Dokumenty\Stažené soubory\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 13:38
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3012)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-02-20 13:41:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-20 12:41
ComboFix2.txt 2009-06-04 20:27
ComboFix3.txt 2009-05-05 17:06

Před spuštěním: Volných bajtů: 80 547 979 264
Po spuštění: Volných bajtů: 80 422 383 616

- - End Of File - - 8E8899823C6F4B84313821FB69F5F0EA

Krásně zavirované pc, kde jste k tomu přišla?

otestujte na www.virustotal.com
c:\windows\system32\drivers\6b4a5b7f.sys
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.
-pokud se Vám zobrazí, že soubor tam není, nebo nepujde z nějakého důvodu nahrát, napište. Myslím, že je to vir a bude se bránit testování

On je to počítač kamaráda, který na tom hraje hry a používá ho i jeho synáček, 7 let takže asi klikne kamkoliv a je mu to jedno...
Každopádně když zadám do okénka cestu, tak pak kliknu na Send file a nic se nestane...
respektive stane se to, že to na okamžik napíše, že nemám zavírat okno, dokud nebude upload ended, ale pak se to zase dostane do toho úvodního, kd emám zadat adresu souboru...co s tím?

Vydržte chvilku, smažeme to. On se potvora nechce nechat otestovat .
Hned tu dám skriptík

Tak to mě čekají pěkné věci, syn má o rok míň a breberky mi zatím naštěstí nestahuje

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Vše šlo jako po másle:-)
tady je log:
PS: PC je znatelně rychlejší...

ComboFix 11-02-16.01 - Doma 20.02.2011 14:18:46.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2524 [GMT 1:00]
Spuštěný z: c:\documents and settings\Doma\Plocha\žížala.com.exe
Použité ovládací přepínače :: c:\documents and settings\Doma\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\proquota.exe . . . je infikován!!

c:\windows\system32\proquota.exe . . . chybí !!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALSYSIO
-------\Service_6b4a5b7f
-------\Service_ALSysIO


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-20 do 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 12:28 . 2011-02-20 12:41 -------- d-----w- C:\žížala.com
2011-02-20 10:40 . 2011-02-20 10:40 388096 ----a-r- c:\documents and settings\Doma\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-20 10:40 . 2011-02-20 10:40 -------- d-----w- c:\program files\Trend Micro
2011-02-20 08:24 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-20 08:24 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-20 08:24 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-20 08:24 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-20 08:24 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-20 08:24 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-20 08:24 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-20 08:24 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-20 08:24 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-20 08:24 . 2011-02-20 08:24 -------- d-----w- c:\program files\Alwil Software
2011-02-20 08:24 . 2011-02-20 08:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-02-14 13:55 . 2011-02-14 13:55 -------- d-----w- c:\documents and settings\Doma\Local Settings\Data aplikací\IVASystem
2011-02-14 13:55 . 2011-02-14 13:55 -------- d-----w- c:\program files\IVA_Client
2011-02-08 11:30 . 2011-02-08 11:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NovaTech Network
2011-02-08 11:28 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-02-08 11:28 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-02-08 11:28 . 2011-02-08 11:28 -------- d-----w- c:\windows\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2008-09-26 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-02-20_12.38.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-20 13:22 . 2011-02-20 13:22 16384 c:\windows\temp\Perflib_Perfdata_d90.dat
+ 2011-02-20 13:22 . 2011-02-20 13:22 16384 c:\windows\temp\Perflib_Perfdata_908.dat
+ 2008-07-18 20:10 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2008-09-29 18:50 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2008-09-29 18:50 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2011-02-20 12:40 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2011-02-20 12:40 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-09-29 18:50 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2008-09-29 18:50 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 06:51 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 06:51 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2008-09-29 18:50 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2008-09-29 18:50 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2008-09-29 18:50 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2008-07-18 20:07 . 2009-08-06 18:23 215920 c:\windows\system32\muweb.dll
+ 2008-09-02 16:38 . 2009-08-06 18:23 274288 c:\windows\system32\mucltui.dll
+ 2008-09-29 18:50 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2008-09-29 18:50 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2008-09-29 18:50 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2008-09-29 18:50 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2008-09-29 18:50 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-3-16 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\~Disabled
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2010-1-2 57344]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\TopCD\\Cossacks\\Cossacks - Napoleonic Wars\\Data\\engine.exe"=
"c:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
"c:\\Program Files\\IVA_Client\\Client_IVA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.2.2011 9:24 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.2.2011 9:24 17744]
R2 iva_control;iva_control;c:\program files\IVA_Client\iva_control.exe [19.3.2010 13:00 36864]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.7.2010 15:17 136176]
S3 uvnc_service;uvnc_service;c:\program files\IVA_Client\VNC\winvnc.exe [5.12.2009 16:00 1581512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 14:17]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 14:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\govoovn8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 14:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-02-20 14:24:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-20 13:24
ComboFix2.txt 2011-02-20 12:41
ComboFix3.txt 2009-06-04 20:27
ComboFix4.txt 2009-05-05 17:06

Před spuštěním: Volných bajtů: 80 357 142 528
Po spuštění: Volných bajtů: 80 347 787 264

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 2EE5535336A4D997A1B93FC7B5AF727B

Vy máte systém win xp a jaký sp? Potřebuji sehnat jeden chybějící soubor.

Ještě raději jeden sken

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.


stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu a spusťte
-vytvoří se log s názvem mbr.log, vložte ho zde