VIRY.CZ

Dobrý večer, žádám touto cestou o kontrolu RSIT logu. Děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tatínek at 2011-07-13 21:43:17
Microsoft Windows 7 Ultimate
System drive C: has 237 GB (50%) free of 477 GB
Total RAM: 3070 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:43:23, on 13.7.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Tatínek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=479133 ... f=homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{A5D ... 9228F32C77}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=19405
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe /warmup
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Armed Assault Drivers Auto Removal (pr2agmlb) (pr2agmlb) - Unknown owner - C:\Windows\system32\pr2agmlb.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8032 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2184
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\CCleaner\CCleaner64.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=2356.9ae2600.1748118260 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.5.0" -omnijar C:\Program Files (x86)\Mozilla Firefox\omni.jar 2356 \\.\pipe\gecko-crash-server-pipe.2356 plugin
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\Tatínek\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Tatínek\AppData\Roaming\Mozilla\Firefox\Profiles\wydnga5w.default

prefs.js - "browser.startup.homepage" - "about:home"
prefs.js - "extensions.enabledItems" - "{a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, adonis.cuhk@gmail.com:1.5, LogMeInClient@logmein.com:1.0.0.608, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFFICE.DLL
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
SearchTheWeb.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Tatínek\AppData\Roaming\Mozilla\Firefox\Profiles\wydnga5w.default\extensions\
LogMeInClient@logmein.com

C:\Users\Tatínek\AppData\Roaming\Mozilla\Firefox\Profiles\wydnga5w.default\searchplugins\
SearchTheWeb.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Iminent.BHO.NavigationError - C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll [2011-01-26 101096]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - HyperCam Toolbar - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2010-10-27 1242448]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-07-04 3493720]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"IMBooster"=C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe /warmup []
"Iminent.Notifier"=C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe [2011-01-26 1863168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-13 21:43:18 ----D---- C:\Program Files\trend micro
2011-07-13 21:43:17 ----D---- C:\rsit
2011-07-13 21:15:53 ----A---- C:\Windows\isRS-000.tmp
2011-07-13 21:02:11 ----D---- C:\Users\Tatínek\AppData\Roaming\Malwarebytes
2011-07-13 21:02:08 ----D---- C:\ProgramData\Malwarebytes
2011-07-13 21:02:08 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-07-13 21:02:05 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-13 21:02:05 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-13 15:51:07 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 15:51:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 15:51:04 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 15:51:04 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 15:51:02 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 15:51:01 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 15:50:56 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 15:50:50 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 15:50:49 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 15:50:49 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 15:50:49 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 15:50:49 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 15:50:46 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 15:50:46 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 15:50:46 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 15:50:46 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 15:50:46 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 15:50:46 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 15:50:46 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 15:50:42 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-10 13:14:32 ----D---- C:\SSTQDefilerNET
2011-07-07 23:07:41 ----D---- C:\Windows\cs
2011-07-07 23:06:41 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-07 23:05:30 ----D---- C:\Program Files (x86)\Windows Live
2011-07-07 23:02:17 ----A---- C:\Windows\SYSWOW64\UIRibbonRes.dll
2011-07-07 23:02:17 ----A---- C:\Windows\system32\UIRibbonRes.dll
2011-07-07 23:02:16 ----A---- C:\Windows\SYSWOW64\UIRibbon.dll
2011-07-07 23:02:16 ----A---- C:\Windows\system32\UIRibbon.dll
2011-07-02 19:08:33 ----D---- C:\Program Files (x86)\GamersFirst
2011-07-02 13:33:28 ----D---- C:\Program Files (x86)\Iminent
2011-07-02 12:12:45 ----D---- C:\Program Files\Babylon
2011-06-29 13:00:24 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 13:00:23 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-06-29 13:00:23 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-06-29 13:00:23 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-06-29 13:00:23 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-06-29 13:00:20 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 13:00:19 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-06-29 13:00:19 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 13:00:18 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-06-29 13:00:18 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 13:00:17 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 13:00:16 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-06-29 13:00:16 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-06-29 13:00:16 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-06-29 13:00:16 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 13:00:16 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 13:00:15 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-06-29 13:00:15 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 13:00:15 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-29 13:00:14 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-06-29 13:00:14 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-06-29 13:00:14 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-06-29 13:00:14 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-28 14:03:37 ----D---- C:\Program Files (x86)\Valve
2011-06-16 13:32:15 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-06-16 13:32:11 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-16 13:32:11 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-16 13:32:08 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-16 13:32:08 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-16 13:32:08 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-16 13:31:57 ----A---- C:\Windows\system32\mshtml.dll
2011-06-16 13:31:56 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-06-16 13:31:55 ----A---- C:\Windows\system32\ieframe.dll
2011-06-16 13:31:52 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-06-16 13:31:49 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-06-16 13:31:49 ----A---- C:\Windows\system32\urlmon.dll
2011-06-16 13:31:49 ----A---- C:\Windows\system32\iertutil.dll
2011-06-16 13:31:48 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-06-16 13:31:46 ----A---- C:\Windows\system32\msfeeds.dll
2011-06-16 13:31:45 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-06-16 13:31:45 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-06-16 13:31:45 ----A---- C:\Windows\system32\wininet.dll
2011-06-16 13:31:44 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-06-16 13:31:44 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-06-16 13:31:44 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-06-16 13:31:44 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-06-16 13:31:44 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-06-16 13:31:44 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-06-16 13:31:44 ----A---- C:\Windows\system32\mstime.dll
2011-06-16 13:31:44 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-16 13:31:44 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-06-16 13:31:44 ----A---- C:\Windows\system32\ieui.dll
2011-06-16 13:31:44 ----A---- C:\Windows\system32\iepeers.dll
2011-06-16 13:31:44 ----A---- C:\Windows\system32\iedkcs32.dll
2011-06-16 13:31:43 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-06-16 13:31:43 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-06-16 13:31:43 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-06-16 13:31:43 ----A---- C:\Windows\system32\msfeedssync.exe
2011-06-16 13:31:43 ----A---- C:\Windows\system32\licmgr10.dll
2011-06-16 13:31:43 ----A---- C:\Windows\system32\jsproxy.dll
2011-06-16 13:31:31 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-06-16 13:31:31 ----A---- C:\Windows\system32\d3d10_1.dll
2011-06-16 13:31:30 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-16 13:31:30 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-16 13:31:30 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-16 13:31:28 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-06-16 13:31:28 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-16 13:31:27 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-06-16 13:31:27 ----A---- C:\Windows\system32\inetcomm.dll

======List of files/folders modified in the last 1 month======

2011-07-13 21:43:19 ----D---- C:\Windows\Temp
2011-07-13 21:43:18 ----RD---- C:\Program Files
2011-07-13 21:30:40 ----D---- C:\Windows\system32\config
2011-07-13 21:29:42 ----SHD---- C:\Windows\Installer
2011-07-13 21:29:41 ----RD---- C:\Program Files (x86)
2011-07-13 21:29:34 ----SHD---- C:\System Volume Information
2011-07-13 21:24:28 ----D---- C:\Windows\debug
2011-07-13 21:24:28 ----D---- C:\Windows
2011-07-13 21:15:53 ----D---- C:\Windows\SYSWOW64\drivers
2011-07-13 21:02:08 ----HD---- C:\ProgramData
2011-07-13 21:02:05 ----D---- C:\Windows\system32\drivers
2011-07-13 18:57:49 ----D---- C:\Windows\winsxs
2011-07-13 18:56:29 ----D---- C:\Windows\SysWOW64
2011-07-13 18:56:29 ----D---- C:\Windows\System32
2011-07-13 18:56:27 ----D---- C:\Windows\AppPatch
2011-07-13 18:56:26 ----D---- C:\Windows\system32\DriverStore
2011-07-13 16:49:51 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 16:49:39 ----A---- C:\Windows\win.ini
2011-07-13 15:50:32 ----D---- C:\Windows\system32\catroot
2011-07-13 15:50:31 ----D---- C:\Windows\system32\catroot2
2011-07-12 09:57:53 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-07-10 17:53:04 ----D---- C:\Windows\system32\Tasks
2011-07-08 21:36:36 ----RSD---- C:\Windows\assembly
2011-07-08 21:36:17 ----RSD---- C:\Windows\Fonts
2011-07-08 18:18:15 ----D---- C:\Users\Tatínek\AppData\Roaming\Mumble
2011-07-07 23:05:55 ----SD---- C:\ProgramData\Microsoft
2011-07-07 23:05:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-07 23:00:04 ----D---- C:\Windows\Prefetch
2011-07-07 22:59:55 ----D---- C:\Windows\SoftwareDistribution
2011-07-07 22:54:50 ----D---- C:\Program Files (x86)\Common Files
2011-07-07 22:29:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-07 10:48:04 ----D---- C:\Windows\system32\LogFiles
2011-07-06 21:36:03 ----D---- C:\Program Files (x86)\THQ
2011-07-06 21:36:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-07-05 18:23:40 ----D---- C:\Windows\pss
2011-07-05 18:00:01 ----D---- C:\Windows\SYSWOW64\LogFiles
2011-07-05 17:57:08 ----D---- C:\Windows\Minidump
2011-07-04 13:43:51 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-07-04 13:43:42 ----A---- C:\Windows\system32\aswBoot.exe
2011-07-02 20:04:23 ----D---- C:\Users\Tatínek\AppData\Roaming\Media Player Classic
2011-07-02 17:35:45 ----SD---- C:\Users\Tatínek\AppData\Roaming\Microsoft
2011-07-02 12:33:18 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-07-02 09:19:27 ----RD---- C:\Program Files (x86)\Skype
2011-07-02 09:19:21 ----D---- C:\ProgramData\Skype
2011-06-30 09:30:21 ----D---- C:\ProgramData\Skype Extras
2011-06-29 20:18:32 ----D---- C:\Windows\Microsoft.NET
2011-06-21 14:18:55 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-06-18 08:32:43 ----D---- C:\Program Files (x86)\GTA San Andreas Turbo_XD Mod v2
2011-06-17 07:42:12 ----D---- C:\Windows\SYSWOW64\migration
2011-06-17 07:42:12 ----D---- C:\Windows\system32\migration
2011-06-17 07:42:12 ----D---- C:\Program Files\Internet Explorer
2011-06-17 07:42:12 ----D---- C:\Program Files (x86)\Internet Explorer
2011-06-14 15:15:09 ----D---- C:\Users\Tatínek\AppData\Roaming\Skype
2011-06-14 13:40:16 ----D---- C:\Users\Tatínek\AppData\Roaming\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 pe3agmlb;Armed Assault Environment Driver (pe3agmlb); C:\Windows\system32\drivers\pe3agmlb.sys [2007-06-04 73088]
R0 ps6agmlb;Armed Assault Synchronization Driver (ps6agmlb); C:\Windows\system32\drivers\ps6agmlb.sys [2007-06-04 77704]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-22 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 31064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 600920]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 288088]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 45400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 7883264]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-29 285696]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-07-17 82816]
S2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-06-14 296448]
S3 ALSysIO;ALSysIO; \??\C:\Users\TATNEK~1\AppData\Local\Temp\ALSysIO64.sys []
S3 ap7q41m6;ap7q41m6; C:\Windows\system32\drivers\ap7q41m6.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 7883264]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-10-30 25640]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo; \??\C:\Users\TATNEK~1\AppData\Local\Temp\TCCpuInfo64.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
S3 X6va001;X6va001; \??\C:\Users\FILPEK~1\AppData\Local\Temp\00149E3.tmp []
S3 X6va003;X6va003; \??\C:\Users\FILPEK~1\AppData\Local\Temp\003E57F.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-29 203264]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-11-20 75136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 pr2agmlb;Armed Assault Drivers Auto Removal (pr2agmlb); C:\Windows\system32\pr2agmlb.exe [2007-06-04 754304]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-07-21 407336]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1255736]

-----------------EOF-----------------

Zdravím! Log vypadá čistý.

Ve firefoxu mi to při hledání klíčového slova přes URL řádek nabízí nějaký Iminent search místo toho, aby to dalo výsledek z Googla. A v CCleaneru nic pro odinstalování nemám?

Smažte cache prohlížeče.

To jsem udělal CClenaerem.

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 11-07-18.04 - Tatínek 18.07.2011 22:12:26.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3070.1902 [GMT 2:00]
Spuštěný z: c:\users\Tatínek\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\desktop.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-18 do 2011-07-18 )))))))))))))))))))))))))))))))
.
.
2011-07-18 20:23 . 2011-07-18 20:23 -------- d-----w- c:\users\Jiříček\AppData\Local\temp
2011-07-17 20:38 . 2005-01-02 03:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-07-17 20:38 . 2003-07-18 12:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-07-17 20:37 . 2011-07-17 20:37 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-07-17 20:37 . 2011-07-17 20:37 -------- d-----w- c:\users\Filˇpek
2011-07-15 06:17 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2DED7761-6B94-41A0-AF96-9DACC8B7A10A}\mpengine.dll
2011-07-14 21:39 . 2011-07-14 21:39 -------- d-----w- c:\users\Jiříček\AppData\Roaming\Malwarebytes
2011-07-14 06:17 . 2011-07-14 06:17 -------- d-----w- c:\users\Filípek\AppData\Roaming\Malwarebytes
2011-07-13 19:43 . 2011-07-13 19:43 -------- d-----w- c:\program files\trend micro
2011-07-13 19:43 . 2011-07-13 19:43 -------- d-----w- C:\rsit
2011-07-13 19:02 . 2011-07-13 19:02 -------- d-----w- c:\users\Tatínek\AppData\Roaming\Malwarebytes
2011-07-13 19:02 . 2011-07-13 19:02 -------- d-----w- c:\programdata\Malwarebytes
2011-07-13 19:02 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-13 19:02 . 2011-07-15 16:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-13 19:02 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-13 13:50 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-07-10 11:14 . 2011-07-12 07:40 -------- d-----w- C:\SSTQDefilerNET
2011-07-07 21:09 . 2011-07-07 21:10 -------- d-----w- c:\users\Filípek\AppData\Local\{8B785050-7D9E-4A64-BC78-FFAC69AA3210}
2011-07-07 21:07 . 2011-07-07 21:07 -------- d-----w- c:\windows\cs
2011-07-07 21:06 . 2011-07-07 21:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-07-07 21:05 . 2011-07-07 21:06 -------- d-----w- c:\program files (x86)\Windows Live
2011-07-07 21:02 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-07-07 21:02 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-07-07 21:02 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-07-07 21:02 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-07-07 20:54 . 2011-07-07 21:09 -------- d-----w- c:\users\Filípek\AppData\Local\Windows Live
2011-07-07 20:54 . 2011-07-07 20:54 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-07-02 17:08 . 2011-07-02 17:08 -------- d-----w- c:\program files (x86)\GamersFirst
2011-07-02 10:12 . 2011-07-02 10:33 -------- d-----w- c:\program files\Babylon
2011-06-28 12:03 . 2011-06-28 12:56 -------- d-----w- c:\program files (x86)\Valve
2011-06-28 12:03 . 2011-06-28 12:03 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-06-28 12:03 . 2003-09-03 00:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-06-28 12:03 . 2003-09-03 00:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-06-28 12:03 . 2003-09-03 00:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-06-28 12:03 . 2003-09-03 00:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-06-28 12:03 . 2003-09-03 00:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-06-28 12:03 . 2011-06-28 12:03 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-06-26 12:21 . 2011-06-26 12:21 -------- d-----w- c:\users\Filípek\AppData\Roaming\Unity
2011-06-26 12:19 . 2011-06-26 12:19 -------- d-----w- c:\users\Filípek\AppData\Local\Unity
2011-06-23 19:59 . 2011-06-23 19:59 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 19:59 . 2011-06-23 19:59 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 22:47 . 2010-04-29 21:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-07-16 22:47 . 2010-04-29 21:01 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-12 07:57 . 2010-04-29 21:01 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-07-10 11:12 . 2011-07-10 11:12 427952 ----a-w- C:\SSTQDefilerNET.zip
2011-07-07 21:05 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-04 11:43 . 2010-06-29 19:06 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-04-29 20:46 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:43 . 2011-01-15 22:38 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-04-11 23:02 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-04-29 20:46 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-04-29 20:46 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-04-29 20:46 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-04-29 20:46 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-04-29 20:46 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-17 05:43 . 2011-05-18 10:16 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-02 05:56 . 2011-07-13 13:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-16 11:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-16 11:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2010-04-29 20:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-13 13:42 . 2011-05-13 13:42 302448 ----a-w- c:\windows\WLXPGSS.SCR
2011-05-04 02:51 . 2011-06-16 11:32 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-16 11:32 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-16 11:32 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-16 11:31 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-16 11:31 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-16 11:31 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-16 11:31 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-16 11:31 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-16 11:32 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 05:32 . 2011-06-16 11:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:44 . 2011-06-16 11:32 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 20:18 . 2011-05-25 06:08 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 20:18 . 2011-06-16 11:31 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 20:14 . 2011-06-16 11:31 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 19:31 . 2011-06-16 11:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-22 19:31 . 2011-06-16 11:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-22 18:49 . 2011-06-16 11:31 482816 ----a-w- c:\windows\system32\html.iec
2011-04-22 18:23 . 2011-06-16 11:31 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-01-29 10:57 . 2011-01-29 10:57 706084 ----a-w- c:\program files (x86)\unins000.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 pr2agmlb;Armed Assault Drivers Auto Removal (pr2agmlb);c:\windows\system32\pr2agmlb.exe svc [x]
R3 ALSysIO;ALSysIO;c:\users\TATNEK~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TCCrystalCpuInfo;TCCrystalCpuInfo;c:\users\TATNEK~1\AppData\Local\Temp\TCCpuInfo64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\FILPEK~1\AppData\Local\Temp\00149E3.tmp [x]
R3 X6va003;X6va003;c:\users\FILPEK~1\AppData\Local\Temp\003E57F.tmp [x]
S0 pe3agmlb;Armed Assault Environment Driver (pe3agmlb);c:\windows\system32\drivers\pe3agmlb.sys [x]
S0 ps6agmlb;Armed Assault Synchronization Driver (ps6agmlb);c:\windows\system32\drivers\ps6agmlb.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page = hxxp://www.bigseekpro.com/hypercam/{A5D2D9E1-8 ... 9228F32C77}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cnb.cz\abok
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Tatínek\AppData\Roaming\Mozilla\Firefox\Profiles\wydnga5w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Wow6432Node-HKLM-Run-IMBooster - c:\program files (x86)\Iminent\IMBooster\IMBooster.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va001]
"ImagePath"="\??\c:\users\FILPEK~1\AppData\Local\Temp\00149E3.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va003]
"ImagePath"="\??\c:\users\FILPEK~1\AppData\Local\Temp\003E57F.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3905075324-2828060491-1913704057-1001\Software\SecuROM\License information*]
"datasecu"=hex:0a,80,6e,8e,cc,45,a3,d6,9c,52,5a,08,84,49,cf,fc,f4,5c,17,fb,1b,
6e,e8,57,12,74,d2,ee,f8,2d,d2,b0,02,8d,3f,00,9d,48,19,27,f3,65,96,2e,7e,42,\
"rkeysecu"=hex:94,b2,f6,3f,56,ab,91,20,e2,bc,77,60,8d,bd,b5,29
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2011-07-18 22:46:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-18 20:46
.
Před spuštěním: Volných bajtů: 240 200 863 744
Po spuštění: Volných bajtů: 247 807 606 784
.
- - End Of File - - 738C6AE278D45D84AFDCDD53FA6BAD04

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\users\FILPEK~1\AppData\Local\Temp\00149E3.tmp
c:\users\FILPEK~1\AppData\Local\Temp\003E57F.tmp

Driver::
X6va001
X6va003

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 11-07-18.04 - Tatínek 18.07.2011 23:30:56.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3070.1792 [GMT 2:00]
Spuštěný z: c:\users\TatÝnek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\TatÝnek\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-18 do 2011-07-18 )))))))))))))))))))))))))))))))
.
.
2011-07-18 21:41 . 2011-07-18 21:41 -------- d-----w- c:\users\Jiříček\AppData\Local\temp
2011-07-18 21:41 . 2011-07-18 21:41 -------- d-----w- c:\users\Filípek\AppData\Local\temp
2011-07-18 21:41 . 2011-07-18 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-17 20:38 . 2005-01-02 03:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-07-17 20:38 . 2003-07-18 12:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-07-17 20:37 . 2011-07-17 20:37 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-07-17 20:37 . 2011-07-17 20:37 -------- d-----w- c:\users\Filˇpek
2011-07-15 06:17 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2DED7761-6B94-41A0-AF96-9DACC8B7A10A}\mpengine.dll
2011-07-14 21:39 . 2011-07-14 21:39 -------- d-----w- c:\users\Jiříček\AppData\Roaming\Malwarebytes
2011-07-14 06:17 . 2011-07-14 06:17 -------- d-----w- c:\users\Filípek\AppData\Roaming\Malwarebytes
2011-07-13 19:43 . 2011-07-13 19:43 -------- d-----w- c:\program files\trend micro
2011-07-13 19:43 . 2011-07-13 19:43 -------- d-----w- C:\rsit
2011-07-13 19:02 . 2011-07-13 19:02 -------- d-----w- c:\users\Tatínek\AppData\Roaming\Malwarebytes
2011-07-13 19:02 . 2011-07-13 19:02 -------- d-----w- c:\programdata\Malwarebytes
2011-07-13 19:02 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-13 19:02 . 2011-07-15 16:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-13 19:02 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-13 13:50 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-07-10 11:14 . 2011-07-12 07:40 -------- d-----w- C:\SSTQDefilerNET
2011-07-07 21:09 . 2011-07-07 21:10 -------- d-----w- c:\users\Filípek\AppData\Local\{8B785050-7D9E-4A64-BC78-FFAC69AA3210}
2011-07-07 21:07 . 2011-07-07 21:07 -------- d-----w- c:\windows\cs
2011-07-07 21:06 . 2011-07-07 21:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-07-07 21:05 . 2011-07-07 21:06 -------- d-----w- c:\program files (x86)\Windows Live
2011-07-07 21:02 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-07-07 21:02 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-07-07 21:02 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-07-07 21:02 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-07-07 20:54 . 2011-07-07 21:09 -------- d-----w- c:\users\Filípek\AppData\Local\Windows Live
2011-07-07 20:54 . 2011-07-07 20:54 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-07-02 17:08 . 2011-07-02 17:08 -------- d-----w- c:\program files (x86)\GamersFirst
2011-07-02 10:12 . 2011-07-02 10:33 -------- d-----w- c:\program files\Babylon
2011-06-28 12:03 . 2011-06-28 12:56 -------- d-----w- c:\program files (x86)\Valve
2011-06-28 12:03 . 2011-06-28 12:03 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-06-28 12:03 . 2003-09-03 00:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-06-28 12:03 . 2003-09-03 00:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-06-28 12:03 . 2003-09-03 00:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-06-28 12:03 . 2003-09-03 00:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-06-28 12:03 . 2003-09-03 00:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-06-28 12:03 . 2011-06-28 12:03 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-06-26 12:21 . 2011-06-26 12:21 -------- d-----w- c:\users\Filípek\AppData\Roaming\Unity
2011-06-26 12:19 . 2011-06-26 12:19 -------- d-----w- c:\users\Filípek\AppData\Local\Unity
2011-06-23 19:59 . 2011-06-23 19:59 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 19:59 . 2011-06-23 19:59 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 22:47 . 2010-04-29 21:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-07-16 22:47 . 2010-04-29 21:01 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-12 07:57 . 2010-04-29 21:01 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-07-10 11:12 . 2011-07-10 11:12 427952 ----a-w- C:\SSTQDefilerNET.zip
2011-07-07 21:05 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-04 11:43 . 2010-06-29 19:06 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-04-29 20:46 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:43 . 2011-01-15 22:38 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-04-11 23:02 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-04-29 20:46 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-04-29 20:46 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-04-29 20:46 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-04-29 20:46 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-04-29 20:46 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-17 05:43 . 2011-05-18 10:16 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-02 05:56 . 2011-07-13 13:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-16 11:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-16 11:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2010-04-29 20:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-13 13:42 . 2011-05-13 13:42 302448 ----a-w- c:\windows\WLXPGSS.SCR
2011-05-04 02:51 . 2011-06-16 11:32 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-16 11:32 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-16 11:32 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-16 11:31 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-16 11:31 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-16 11:31 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-16 11:31 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-16 11:31 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-16 11:32 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 05:32 . 2011-06-16 11:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:44 . 2011-06-16 11:32 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 20:18 . 2011-05-25 06:08 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 20:18 . 2011-06-16 11:31 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 20:14 . 2011-06-16 11:31 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 19:31 . 2011-06-16 11:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-22 19:31 . 2011-06-16 11:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-22 18:49 . 2011-06-16 11:31 482816 ----a-w- c:\windows\system32\html.iec
2011-04-22 18:23 . 2011-06-16 11:31 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-01-29 10:57 . 2011-01-29 10:57 706084 ----a-w- c:\program files (x86)\unins000.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-18_20.25.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-07-18 21:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-18 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-18 20:25 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-18 21:43 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-18 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-18 21:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-29 20:42 . 2011-07-18 20:26 46690 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-04-29 20:42 . 2011-07-18 16:42 46690 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-18 20:26 43016 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-18 13:18 43016 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-29 20:35 . 2011-07-18 20:26 19292 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3905075324-2828060491-1913704057-1001_UserData.bin
- 2010-04-29 20:36 . 2011-07-18 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-29 20:36 . 2011-07-18 21:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-29 20:36 . 2011-07-18 21:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-29 20:36 . 2011-07-18 20:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-29 20:36 . 2011-07-18 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-29 20:36 . 2011-07-18 21:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-29 20:36 . 2011-07-18 21:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-29 20:36 . 2011-07-18 20:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-29 20:36 . 2011-07-18 20:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-29 20:36 . 2011-07-18 21:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-18 21:42 . 2011-07-18 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-18 20:24 . 2011-07-18 20:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-18 21:42 . 2011-07-18 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-18 20:24 . 2011-07-18 20:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-07-18 20:23 264584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-18 21:41 264584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-02 21:41 . 2011-07-18 21:41 3007320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3905075324-2828060491-1913704057-1001-12288.dat
- 2009-07-14 02:34 . 2011-07-18 10:32 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-07-18 20:38 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 pr2agmlb;Armed Assault Drivers Auto Removal (pr2agmlb);c:\windows\system32\pr2agmlb.exe svc [x]
R3 ALSysIO;ALSysIO;c:\users\TATNEK~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TCCrystalCpuInfo;TCCrystalCpuInfo;c:\users\TATNEK~1\AppData\Local\Temp\TCCpuInfo64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\FILPEK~1\AppData\Local\Temp\00149E3.tmp [x]
R3 X6va003;X6va003;c:\users\FILPEK~1\AppData\Local\Temp\003E57F.tmp [x]
S0 pe3agmlb;Armed Assault Environment Driver (pe3agmlb);c:\windows\system32\drivers\pe3agmlb.sys [x]
S0 ps6agmlb;Armed Assault Synchronization Driver (ps6agmlb);c:\windows\system32\drivers\ps6agmlb.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page = hxxp://www.bigseekpro.com/hypercam/{A5D2D9E1-8 ... 9228F32C77}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cnb.cz\abok
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Tatínek\AppData\Roaming\Mozilla\Firefox\Profiles\wydnga5w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va001]
"ImagePath"="\??\c:\users\FILPEK~1\AppData\Local\Temp\00149E3.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va003]
"ImagePath"="\??\c:\users\FILPEK~1\AppData\Local\Temp\003E57F.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3905075324-2828060491-1913704057-1001\Software\SecuROM\License information*]
"datasecu"=hex:0a,80,6e,8e,cc,45,a3,d6,9c,52,5a,08,84,49,cf,fc,f4,5c,17,fb,1b,
6e,e8,57,12,74,d2,ee,f8,2d,d2,b0,02,8d,3f,00,9d,48,19,27,f3,65,96,2e,7e,42,\
"rkeysecu"=hex:94,b2,f6,3f,56,ab,91,20,e2,bc,77,60,8d,bd,b5,29
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
.
**************************************************************************
.
Celkový čas: 2011-07-19 00:01:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-18 22:01
ComboFix2.txt 2011-07-18 20:46
.
Před spuštěním: Volných bajtů: 247 870 115 840
Po spuštění: Volných bajtů: 247 562 719 232
.
- - End Of File - - F1E6C7E810251828E0CCD3B20D0D07C4

CF to nesmazal. Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=11&t=19832 tímto skriptem:

Files to delete:
c:\users\FILPEK~1\AppData\Local\Temp\00149E3.tmp
c:\users\FILPEK~1\AppData\Local\Temp\003E57F.tmp

Drivers to delete::
X6va001
X6va003

Mazání provedeno.

Rád bych viděl log z posledního skenu CF.

Dobrý večer, po delší odmlce se vracím a protože děti instalovali odinstalovávali nějaké programy, tak dám radši od znovu log z RSITu.
Jinak po tom minulém laborování se mi Avasat nespoustěl hned po startu (neměl jsem ho dole v systémové liště). Pokud jsem ho spustil zástupcem na ploše, tak rezidentní ochrana v systémové liště naskočila.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tatínek at 2011-08-16 19:31:50
Microsoft Windows 7 Ultimate
System drive C: has 217 GB (46%) free of 477 GB
Total RAM: 3070 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:31:59, on 16.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Tatínek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{A5D ... 9228F32C77}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Armed Assault Drivers Auto Removal (pr2agmlb) (pr2agmlb) - Unknown owner - C:\Windows\system32\pr2agmlb.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6605 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1008
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskhost.exe USER
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3372.5861c20.2055803617 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.5.0" -omnijar C:\Program Files (x86)\Mozilla Firefox\omni.jar 3372 \\.\pipe\gecko-crash-server-pipe.3372 plugin
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Tatínek\Downloads\RSITx64.exe"
"C:\Windows\system32\wuauclt.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Tatínek\AppData\Roaming\Mozilla\Firefox\Profiles\wydnga5w.default

prefs.js - "browser.startup.homepage" - "about:home"
prefs.js - "extensions.enabledItems" - "{a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, adonis.cuhk@gmail.com:1.5, LogMeInClient@logmein.com:1.0.0.608, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFFICE.DLL
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
SearchTheWeb.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Tatínek\AppData\Roaming\Mozilla\Firefox\Profiles\wydnga5w.default\extensions\
LogMeInClient@logmein.com

C:\Users\Tatínek\AppData\Roaming\Mozilla\Firefox\Profiles\wydnga5w.default\searchplugins\
SearchTheWeb.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2011-08-06 1242448]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-08-16 19:17:41 ----SD---- C:\32788R22FWJFW
2011-08-10 21:25:52 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-10 21:25:52 ----A---- C:\Windows\system32\xmllite.dll
2011-08-10 21:25:17 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-10 21:25:17 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-10 21:25:17 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-10 21:25:17 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-10 21:25:17 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-10 21:25:17 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-10 21:25:17 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-10 21:25:17 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-10 21:25:17 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-10 21:25:12 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 21:25:09 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-10 21:25:02 ----A---- C:\Windows\system32\kernel32.dll
2011-08-10 21:25:02 ----A---- C:\Windows\system32\conhost.exe
2011-08-10 21:25:00 ----A---- C:\Windows\system32\wow64.dll
2011-08-10 21:25:00 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 21:25:00 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-10 21:24:59 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-10 21:24:59 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-10 21:24:58 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-10 21:24:58 ----A---- C:\Windows\system32\wow64win.dll
2011-08-10 21:24:58 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-10 21:24:56 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-10 21:24:56 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-10 21:24:56 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-10 21:24:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 21:24:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 21:24:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 21:24:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 21:24:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 21:24:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 21:24:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 21:24:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 21:24:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 21:24:55 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 21:24:55 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 21:24:54 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 21:24:53 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 21:24:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 21:24:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 21:24:52 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 21:24:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 21:24:52 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-10 21:24:52 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-10 21:24:45 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 21:24:42 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 21:24:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-10 21:24:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-10 21:24:41 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 21:24:39 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-10 21:24:39 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 21:24:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-10 21:24:38 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 21:24:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-10 21:24:37 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-08-10 21:24:37 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-10 21:24:37 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-08-10 21:24:37 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 21:24:37 ----A---- C:\Windows\system32\iedkcs32.dll
2011-08-10 21:24:36 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-10 21:24:36 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-08-10 21:24:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-10 21:24:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-10 21:24:36 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-08-10 21:24:36 ----A---- C:\Windows\system32\url.dll
2011-08-10 21:24:36 ----A---- C:\Windows\system32\mstime.dll
2011-08-10 21:24:36 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 21:24:36 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-08-10 21:24:36 ----A---- C:\Windows\system32\licmgr10.dll
2011-08-10 21:24:36 ----A---- C:\Windows\system32\ieui.dll
2011-08-10 21:24:36 ----A---- C:\Windows\system32\iepeers.dll
2011-08-10 21:24:35 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-08-10 21:24:35 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-08-10 21:24:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-10 21:24:35 ----A---- C:\Windows\system32\msfeedssync.exe
2011-08-10 21:24:35 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-10 21:24:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 21:24:31 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-10 21:24:30 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-08 17:12:05 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2011-08-06 11:55:31 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2011-08-06 11:55:31 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2011-08-06 11:55:31 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-08-06 11:55:31 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-08-06 11:55:30 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2011-08-06 11:55:30 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2011-08-06 11:55:30 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-08-06 11:55:30 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-08-06 11:55:29 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2011-08-06 11:55:29 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2011-08-06 11:55:29 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2011-08-06 11:55:29 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2011-08-06 11:55:29 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-08-06 11:55:29 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-08-06 11:55:29 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-08-06 11:55:29 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-08-06 11:55:28 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-08-06 11:55:28 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-08-06 11:55:28 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-08-06 11:55:28 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-08-06 11:55:28 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-08-06 11:55:28 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-08-06 11:55:27 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-08-06 11:55:27 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-07-29 23:55:46 ----A---- C:\Windows\system32\rtvcvfw32.dll
2011-07-29 23:55:40 ----D---- C:\Program Files (x86)\MSI Afterburner
2011-07-27 17:29:29 ----D---- C:\Program Files (x86)\SEGA
2011-07-26 15:04:23 ----D---- C:\Program Files (x86)\Monte Cristo
2011-07-24 20:40:41 ----A---- C:\Windows\SYSWOW64\drivers\hnkrepno.sys
2011-07-24 20:40:41 ----A---- C:\Windows\SYSWOW64\bzsfbzdn.txt
2011-07-20 18:29:53 ----D---- C:\Users\Tatínek\AppData\Roaming\Download Manager
2011-07-19 07:40:23 ----SHD---- C:\$RECYCLE.BIN
2011-07-19 00:01:31 ----A---- C:\ComboFix.txt
2011-07-18 23:41:27 ----D---- C:\Windows\temp
2011-07-18 23:29:27 ----A---- C:\Windows\NIRCMD.exe
2011-07-18 22:08:15 ----A---- C:\Windows\zip.exe
2011-07-18 22:08:15 ----A---- C:\Windows\SWSC.exe
2011-07-18 22:08:15 ----A---- C:\Windows\SWREG.exe
2011-07-18 22:08:15 ----A---- C:\Windows\sed.exe
2011-07-18 22:08:15 ----A---- C:\Windows\PEV.exe
2011-07-18 22:08:15 ----A---- C:\Windows\MBR.exe
2011-07-18 22:08:15 ----A---- C:\Windows\grep.exe
2011-07-18 22:07:41 ----D---- C:\Windows\ERDNT
2011-07-18 22:06:38 ----AD---- C:\Qoobox
2011-07-17 22:38:06 ----A---- C:\Windows\SYSWOW64\npptNT2.sys
2011-07-17 22:37:58 ----D---- C:\Program Files\Common Files\INCA Shared

======List of files/folders modified in the last 1 month======

2011-08-16 19:31:57 ----D---- C:\Program Files\trend micro
2011-08-16 19:31:50 ----D---- C:\rsit
2011-08-16 19:29:52 ----D---- C:\Windows\system32\catroot2
2011-08-16 19:26:41 ----D---- C:\Windows\system32\config
2011-08-16 19:14:24 ----D---- C:\Windows\system32\NDF
2011-08-16 19:04:21 ----D---- C:\Windows
2011-08-16 19:02:27 ----D---- C:\Windows\SysWOW64
2011-08-16 19:02:26 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-08-16 18:47:53 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-16 18:43:39 ----D---- C:\Users\Tatínek\AppData\Roaming\Skype
2011-08-16 18:43:39 ----D---- C:\Users\Tatínek\AppData\Roaming\DAEMON Tools Lite
2011-08-16 18:37:52 ----RD---- C:\Program Files (x86)
2011-08-16 18:32:28 ----D---- C:\Program Files (x86)\Steam
2011-08-16 18:32:21 ----D---- C:\Windows\Minidump
2011-08-16 18:32:21 ----D---- C:\Windows\Logs
2011-08-16 18:32:21 ----D---- C:\Windows\debug
2011-08-16 18:19:53 ----D---- C:\Windows\Prefetch
2011-08-16 18:17:39 ----D---- C:\Program Files (x86)\CCleaner
2011-08-16 17:26:55 ----D---- C:\ProgramData
2011-08-16 07:46:12 ----SHD---- C:\System Volume Information
2011-08-13 22:36:57 ----D---- C:\Users\Tatínek\AppData\Roaming\Mumble
2011-08-11 16:14:50 ----D---- C:\Windows\Microsoft.NET
2011-08-11 16:14:48 ----RSD---- C:\Windows\assembly
2011-08-11 08:12:23 ----D---- C:\Windows\winsxs
2011-08-11 08:11:04 ----D---- C:\Windows\system32\drivers
2011-08-11 08:11:04 ----D---- C:\Windows\System32
2011-08-11 08:11:02 ----D---- C:\Windows\SYSWOW64\migration
2011-08-11 08:11:02 ----D---- C:\Windows\AppPatch
2011-08-11 08:11:02 ----D---- C:\Program Files\Internet Explorer
2011-08-11 08:11:02 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-11 08:11:01 ----D---- C:\Windows\system32\migration
2011-08-10 22:50:48 ----D---- C:\Windows\system32\catroot
2011-08-10 22:49:00 ----A---- C:\Windows\system32\MRT.exe
2011-08-10 22:48:24 ----SHD---- C:\Windows\Installer
2011-08-10 22:48:19 ----A---- C:\Windows\win.ini
2011-08-06 17:55:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-30 00:14:46 ----D---- C:\Windows\system32\Tasks
2011-07-27 17:29:29 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-07-27 17:17:28 ----D---- C:\Windows\SYSWOW64\drivers
2011-07-26 16:03:00 ----D---- C:\Program Files (x86)\Electronic Arts
2011-07-18 23:43:42 ----A---- C:\Windows\system.ini
2011-07-18 23:42:57 ----D---- C:\Windows\system32\drivers\etc
2011-07-18 23:35:19 ----D---- C:\Program Files\Common Files
2011-07-18 23:35:19 ----D---- C:\Program Files (x86)\Common Files
2011-07-17 22:37:47 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 pe3agmlb;Armed Assault Environment Driver (pe3agmlb); C:\Windows\system32\drivers\pe3agmlb.sys [2007-06-04 73088]
R0 ps6agmlb;Armed Assault Synchronization Driver (ps6agmlb); C:\Windows\system32\drivers\ps6agmlb.sys [2007-06-04 77704]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-22 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 31064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 600920]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 288088]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 45400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 7883264]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-29 285696]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 25912]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-07-17 82816]
S0 kpdrai;kpdrai; C:\Windows\system32\drivers\hnkrepno.sys []
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys []
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys []
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys []
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys []
S2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-06-14 296448]
S3 aic1ll89;aic1ll89; C:\Windows\system32\drivers\aic1ll89.sys []
S3 ALSysIO;ALSysIO; \??\C:\Users\TATNEK~1\AppData\Local\Temp\ALSysIO64.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 7883264]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dump_wmimmc;dump_wmimmc; \??\c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-10-30 25640]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2005-01-02 4682]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RTCore64;RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo; \??\C:\Users\TATNEK~1\AppData\Local\Temp\TCCpuInfo64.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
S3 X6va001;X6va001; \??\C:\Users\FILPEK~1\AppData\Local\Temp\00149E3.tmp []
S3 X6va003;X6va003; \??\C:\Users\FILPEK~1\AppData\Local\Temp\003E57F.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-29 203264]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-11-20 75136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 pr2agmlb;Armed Assault Drivers Auto Removal (pr2agmlb); C:\Windows\system32\pr2agmlb.exe [2007-06-04 754304]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-06-06 4005936]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-07-21 407336]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1255736]

-----------------EOF-----------------

Vidím tam rootkity. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 11-08-16.02 - Tatínek 16.08.2011 20:14:18.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3070.1967 [GMT 2:00]
Spuštěný z: c:\users\TatÝnek\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-16 do 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-16 18:22 . 2011-08-16 18:22 -------- d-----w- c:\users\Jiříček\AppData\Local\temp
2011-08-16 18:22 . 2011-08-16 18:22 -------- d-----w- c:\users\Filípek\AppData\Local\temp
2011-08-16 18:22 . 2011-08-16 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-16 05:46 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6502C46-8B26-4077-9C99-5DB328071332}\mpengine.dll
2011-08-10 19:24 . 2011-07-16 05:24 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-08-10 13:06 . 2011-08-10 13:06 -------- d-----w- c:\users\Jiříček\AppData\Local\GamersFirst LIVE!
2011-08-08 17:18 . 2011-08-08 17:18 -------- d-----w- c:\users\Filípek\AppData\Local\GamersFirst LIVE!
2011-08-08 17:17 . 2011-08-16 06:10 -------- d-----w- c:\users\Filípek\AppData\Local\PMB Files
2011-08-08 17:17 . 2011-08-08 17:17 -------- d-----w- c:\users\Filípek\AppData\Local\Pando_Temp
2011-08-08 15:12 . 2011-08-08 15:12 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-07-29 21:55 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2011-07-29 21:55 . 2011-08-05 18:39 -------- d-----w- c:\program files (x86)\MSI Afterburner
2011-07-27 15:29 . 2011-07-27 15:29 -------- d-----w- c:\program files (x86)\SEGA
2011-07-26 13:04 . 2011-07-26 13:04 -------- d-----w- c:\program files (x86)\Monte Cristo
2011-07-24 18:40 . 2011-07-24 18:40 61440 ----a-w- c:\windows\SysWow64\drivers\hnkrepno.sys
2011-07-20 16:29 . 2011-07-20 16:29 -------- d-----w- c:\users\Tatínek\AppData\Roaming\Download Manager
2011-07-19 18:47 . 2011-07-19 18:47 65536 ----a-r- c:\users\Filípek\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2011-07-19 18:47 . 2011-07-19 18:47 61440 ----a-r- c:\users\Filípek\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2011-07-19 18:47 . 2011-07-19 18:47 61440 ----a-r- c:\users\Filípek\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2011-07-19 18:47 . 2011-07-19 18:47 57344 ----a-r- c:\users\Filípek\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2011-07-19 06:01 . 2011-06-06 16:36 4005936 ----a-w- c:\windows\SysWow64\GameMon.des
2011-07-17 20:38 . 2005-01-02 03:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-07-17 20:38 . 2003-07-18 12:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-07-17 20:37 . 2011-07-17 20:37 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-07-17 20:37 . 2011-07-17 20:37 -------- d-----w- c:\users\Filˇpek
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 17:02 . 2010-04-29 21:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-08-16 17:02 . 2010-04-29 21:01 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-15 17:08 . 2010-04-29 21:01 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-07-19 18:47 . 2011-07-19 18:47 57344 ----a-r- c:\users\Filípek\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2011-07-19 18:47 . 2011-07-19 18:47 57344 ----a-r- c:\users\Filípek\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2011-07-16 04:32 . 2011-08-10 19:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-10 11:12 . 2011-07-10 11:12 427952 ----a-w- C:\SSTQDefilerNET.zip
2011-07-07 21:05 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-06 17:52 . 2011-07-13 19:02 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-07-13 19:02 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-06-29 19:06 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-04-29 20:46 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:43 . 2011-01-15 22:38 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-04-11 23:02 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-04-29 20:46 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-04-29 20:46 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-04-29 20:46 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-04-29 20:46 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-04-29 20:46 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-17 05:43 . 2011-05-18 10:16 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 02:56 . 2011-07-13 13:50 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2010-04-29 20:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:21 . 2011-06-29 11:00 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-29 11:00 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-29 11:00 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-29 11:00 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-29 11:00 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-01-29 10:57 . 2011-01-29 10:57 706084 ----a-w- c:\program files (x86)\unins000.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-18_20.25.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-06 09:55 . 2010-06-02 02:55 74072 c:\windows\SysWOW64\XAPOFX1_5.dll
+ 2011-08-06 09:55 . 2010-02-04 08:01 74072 c:\windows\SysWOW64\XAPOFX1_4.dll
+ 2011-08-06 09:55 . 2010-02-04 08:01 22360 c:\windows\SysWOW64\X3DAudio1_7.dll
+ 2011-08-10 19:24 . 2011-07-16 04:31 25600 c:\windows\SysWOW64\setup16.exe
- 2011-07-13 13:50 . 2011-06-02 05:56 25600 c:\windows\SysWOW64\setup16.exe
- 2009-07-14 00:12 . 2009-07-14 01:16 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-08-10 19:25 . 2011-06-15 09:04 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-08-10 19:25 . 2011-06-15 09:04 81920 c:\windows\SysWOW64\odbccr32.dll
- 2011-07-13 13:50 . 2011-06-02 05:59 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2011-08-10 19:24 . 2011-07-16 04:36 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2011-06-16 11:31 . 2011-04-22 19:31 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-08-10 19:24 . 2011-06-21 05:35 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-08-10 19:24 . 2011-06-21 05:32 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2011-06-16 11:31 . 2011-04-22 19:30 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2011-06-16 11:31 . 2011-04-22 19:31 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-08-10 19:24 . 2011-06-21 05:35 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-06-16 11:31 . 2011-04-22 19:31 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-08-10 19:24 . 2011-06-21 05:36 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-08-10 19:24 . 2011-06-21 05:35 44544 c:\windows\SysWOW64\licmgr10.dll
- 2011-06-16 11:31 . 2011-04-22 19:31 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-08-10 19:24 . 2011-06-21 05:34 48128 c:\windows\SysWOW64\jsproxy.dll
- 2011-06-16 11:31 . 2011-04-22 19:31 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2004-05-13 11:19 . 2004-05-13 11:19 79488 c:\windows\SysWOW64\drivers\prodrv06.sys
+ 2009-07-14 04:54 . 2011-08-16 18:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-18 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-18 20:25 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-16 18:24 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-18 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-16 18:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-06 09:55 . 2010-06-02 02:55 77656 c:\windows\system32\XAPOFX1_5.dll
+ 2011-08-06 09:55 . 2010-02-04 08:01 78680 c:\windows\system32\XAPOFX1_4.dll
+ 2011-08-06 09:55 . 2010-02-04 08:01 24920 c:\windows\system32\X3DAudio1_7.dll
- 2011-07-13 13:50 . 2011-06-02 06:45 13312 c:\windows\system32\wow64cpu.dll
+ 2011-08-10 19:24 . 2011-07-16 05:26 13312 c:\windows\system32\wow64cpu.dll
+ 2010-04-29 20:42 . 2011-08-16 17:31 49550 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-16 17:31 43190 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-01 05:21 . 2011-08-16 05:42 23380 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3905075324-2828060491-1913704057-1003_UserData.bin
+ 2010-04-29 20:35 . 2011-08-16 17:31 19718 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3905075324-2828060491-1913704057-1001_UserData.bin
+ 2011-08-10 19:24 . 2011-06-21 06:20 97280 c:\windows\system32\mshtmled.dll
- 2011-06-16 11:31 . 2011-04-22 20:14 97280 c:\windows\system32\mshtmled.dll
+ 2011-08-10 19:24 . 2011-06-21 06:17 12288 c:\windows\system32\msfeedssync.exe
- 2011-06-16 11:31 . 2011-04-22 20:09 12288 c:\windows\system32\msfeedssync.exe
+ 2011-08-10 19:24 . 2011-06-21 06:20 82944 c:\windows\system32\msfeedsbs.dll
- 2011-06-16 11:31 . 2011-04-22 20:14 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-08-10 19:24 . 2011-06-21 06:20 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2011-06-16 11:31 . 2011-04-22 20:18 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-08-10 19:24 . 2011-06-21 06:20 57856 c:\windows\system32\licmgr10.dll
- 2011-06-16 11:31 . 2011-04-22 20:14 57856 c:\windows\system32\licmgr10.dll
+ 2011-08-10 19:24 . 2011-06-21 06:19 64512 c:\windows\system32\jsproxy.dll
- 2011-06-16 11:31 . 2011-04-22 20:13 64512 c:\windows\system32\jsproxy.dll
+ 2010-04-29 20:31 . 2011-08-16 16:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-29 20:31 . 2011-07-17 20:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-29 20:31 . 2011-07-17 20:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-29 20:31 . 2011-08-16 16:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-17 20:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-16 16:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-29 20:36 . 2011-08-16 18:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-29 20:36 . 2011-07-18 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2011-07-15 06:16 72760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-08-14 11:01 72760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-04-29 20:36 . 2011-07-18 20:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-29 20:36 . 2011-08-16 18:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-29 20:36 . 2011-08-16 18:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-29 20:36 . 2011-07-18 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-29 20:36 . 2011-07-18 20:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-29 20:36 . 2011-08-16 18:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-29 20:36 . 2011-08-16 18:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-29 20:36 . 2011-07-18 20:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-29 13:20 . 2011-06-29 13:20 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-29 13:20 . 2011-06-29 13:20 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-10 20:45 . 2011-08-10 20:45 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-10 20:44 . 2011-08-10 20:44 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-29 13:20 . 2011-06-29 13:20 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-10 20:44 . 2011-08-10 20:44 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-01-25 17:49 . 2011-08-10 20:48 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2011-01-25 17:49 . 2011-07-13 14:49 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2011-01-25 17:49 . 2011-08-10 20:48 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2011-01-25 17:49 . 2011-07-13 14:49 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2011-01-25 17:49 . 2011-07-13 14:49 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2011-01-25 17:49 . 2011-08-10 20:48 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2011-01-25 17:49 . 2011-08-10 20:48 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2011-01-25 17:49 . 2011-07-13 14:49 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2011-01-25 17:49 . 2011-07-13 14:49 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2011-01-25 17:49 . 2011-08-10 20:48 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2011-01-25 17:49 . 2011-08-10 20:48 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-01-25 17:49 . 2011-07-13 14:49 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-08-11 14:13 . 2011-08-11 14:13 42496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\357c754688a5756ac7fc4fc831ffbf03\System.Windows.Presentation.ni.dll
+ 2011-08-11 14:12 . 2011-08-11 14:12 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\f7738bf2ff3dc492be82f64880dcfc4c\System.Web.ApplicationServices.ni.dll
- 2011-06-29 18:07 . 2011-06-29 18:07 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\32d3441efb46d802cdc65de502f28e3b\System.AddIn.Contract.ni.dll
+ 2011-08-11 14:10 . 2011-08-11 14:10 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\32d3441efb46d802cdc65de502f28e3b\System.AddIn.Contract.ni.dll
- 2011-06-29 17:10 . 2011-06-29 17:10 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\512c12c2af578c00e8655b0ec2a92102\Microsoft.VisualC.ni.dll
+ 2011-08-11 14:06 . 2011-08-11 14:06 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\512c12c2af578c00e8655b0ec2a92102\Microsoft.VisualC.ni.dll
+ 2011-08-11 14:05 . 2011-08-11 14:05 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\4a82ab8680409c1dc5a55e26742e8900\dfsvc.ni.exe
- 2011-06-29 17:09 . 2011-06-29 17:09 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\4a82ab8680409c1dc5a55e26742e8900\dfsvc.ni.exe
- 2011-06-29 17:09 . 2011-06-29 17:09 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\b1136d0eb9ce963a7675b0d6cd7c4c4e\Accessibility.ni.dll
+ 2011-08-11 14:05 . 2011-08-11 14:05 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\b1136d0eb9ce963a7675b0d6cd7c4c4e\Accessibility.ni.dll
- 2011-06-29 18:15 . 2011-06-29 18:15 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4cd8ba75f60cf8dc66767b833520241e\UIAutomationProvider.ni.dll
+ 2011-08-11 11:29 . 2011-08-11 11:29 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4cd8ba75f60cf8dc66767b833520241e\UIAutomationProvider.ni.dll
+ 2011-08-11 14:14 . 2011-08-11 14:14 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\b25f69257705a10c95b7b3189e2fc390\System.Windows.Presentation.ni.dll
+ 2011-08-11 14:14 . 2011-08-11 14:14 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\c43c3b0a5d254895dd63c46bad2f23c0\System.Web.ApplicationServices.ni.dll
+ 2011-08-11 14:14 . 2011-08-11 14:14 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a1fdc3ccb352a4ad6ee0efa0eaee40fb\System.ServiceModel.Channels.ni.dll
+ 2011-08-11 11:29 . 2011-08-11 11:29 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\a1cbada42bb39fc34ee40e9e4afba87e\System.AddIn.Contract.ni.dll
- 2011-06-29 18:15 . 2011-06-29 18:15 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\a1cbada42bb39fc34ee40e9e4afba87e\System.AddIn.Contract.ni.dll
+ 2011-08-11 11:28 . 2011-08-11 11:28 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\2bdbd057211d05a088b7a9004203e58b\Microsoft.VisualC.ni.dll
- 2011-06-29 18:15 . 2011-06-29 18:15 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\2bdbd057211d05a088b7a9004203e58b\Microsoft.VisualC.ni.dll
+ 2011-08-11 11:28 . 2011-08-11 11:28 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\0c39314a7513b436d3aaaeae3b4bd3e7\Accessibility.ni.dll
- 2011-06-29 18:14 . 2011-06-29 18:14 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\0c39314a7513b436d3aaaeae3b4bd3e7\Accessibility.ni.dll
+ 2011-08-11 14:05 . 2011-08-11 14:05 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\944c9dc8fd21a51f368d6c5bae75e13f\System.Windows.Presentation.ni.dll
+ 2011-08-11 14:05 . 2011-08-11 14:05 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c613bae3551f4b186644ac27fa21aa0\System.Web.DynamicData.Design.ni.dll
+ 2011-08-11 14:00 . 2011-08-11 14:00 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\7037f5bfa8f41ad60c9c6df99ad7d3cd\stdole.ni.dll
+ 2011-08-11 14:03 . 2011-08-11 14:03 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\fa32bbf907ae4e463f423da7bd564d58\PresentationFontCache.ni.exe
+ 2011-08-11 06:18 . 2011-08-11 06:18 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\a2e905d32dfe6fffd542c88fc2ced3a7\PresentationCFFRasterizer.ni.dll
+ 2011-08-11 14:03 . 2011-08-11 14:03 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\4a48927338c55384ec3ba7aaad3f6a70\Microsoft.WSMan.Runtime.ni.dll
+ 2011-08-11 14:03 . 2011-08-11 14:03 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\e1c1b4ab295d49b143ccb298abedcefb\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
- 2011-06-29 17:07 . 2011-06-29 17:07 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\e1c1b4ab295d49b143ccb298abedcefb\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-08-11 14:03 . 2011-08-11 14:03 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d16737b6ba495b99e11bfd558a0075c7\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-08-11 14:03 . 2011-08-11 14:03 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\7686187777462acda89d70a138eebd90\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-08-11 14:03 . 2011-08-11 14:03 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\75888105363ea9330b8b6f0dd2f32003\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
- 2011-06-29 17:07 . 2011-06-29 17:07 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\2d00e7010bf9509e1faba8f4ba11eff2\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-08-11 14:03 . 2011-08-11 14:03 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\2d00e7010bf9509e1faba8f4ba11eff2\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-08-11 14:03 . 2011-08-11 14:03 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\245912df0fcaab01c4d25464bfc9a1cb\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-08-10 20:48 . 2011-08-10 20:48 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\462b524ff0c8c0a764db439f7e65cb69\Microsoft.VisualC.ni.dll
- 2011-06-29 16:03 . 2011-06-29 16:03 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\462b524ff0c8c0a764db439f7e65cb69\Microsoft.VisualC.ni.dll
+ 2011-08-11 14:01 . 2011-08-11 14:01 64000 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\8c083ce9e0f2ac76814ae691c573367c\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
- 2011-06-29 17:05 . 2011-06-29 17:05 64000 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\8c083ce9e0f2ac76814ae691c573367c\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
- 2011-06-29 17:05 . 2011-06-29 17:05 66048 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\0a81ac4a919881b7f0468f9611cea7f4\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
+ 2011-08-11 14:01 . 2011-08-11 14:01 66048 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\0a81ac4a919881b7f0468f9611cea7f4\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
+ 2011-08-11 14:00 . 2011-08-11 14:00 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ee8d2c93da3d975230a53e375c1f16b1\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2011-08-11 14:01 . 2011-08-11 14:01 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\39cd4cd856d9bf640d47a52726891def\LoadMxf.ni.exe
- 2011-06-29 17:04 . 2011-06-29 17:04 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\6f48498cd972f0a0736f0830446c5d47\ehiUPnP.ni.dll
+ 2011-08-11 14:00 . 2011-08-11 14:00 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\6f48498cd972f0a0736f0830446c5d47\ehiUPnP.ni.dll
+ 2011-08-11 14:00 . 2011-08-11 14:00 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\443bc33ed93196a0dd0ed91feb2f861b\ehiTVMSMusic.ni.dll
- 2011-06-29 17:03 . 2011-06-29 17:03 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\f920ffd33e54c8c2954b0aa4922e20bb\dfsvc.ni.exe
+ 2011-08-11 13:59 . 2011-08-11 13:59 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\f920ffd33e54c8c2954b0aa4922e20bb\dfsvc.ni.exe
- 2011-06-29 17:02 . 2011-06-29 17:02 33280 c:\windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\c3f6d69bd6661f8f6935b370863f61ce\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2011-08-10 20:48 . 2011-08-10 20:48 33280 c:\windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\c3f6d69bd6661f8f6935b370863f61ce\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2011-08-10 20:48 . 2011-08-10 20:48 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\c2168c88a30bf127c60151d55a5c22be\Accessibility.ni.dll
- 2011-06-29 16:04 . 2011-06-29 16:04 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\c2168c88a30bf127c60151d55a5c22be\Accessibility.ni.dll
- 2011-06-29 16:00 . 2011-06-29 16:00 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\c23f8386031ea70eb7bdb59367fe2f0f\UIAutomationProvider.ni.dll
+ 2011-08-11 06:14 . 2011-08-11 06:14 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\c23f8386031ea70eb7bdb59367fe2f0f\UIAutomationProvider.ni.dll
+ 2011-08-11 11:28 . 2011-08-11 11:28 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\9f75cf0ba85fc0f07265b6a4739145b0\System.Windows.Presentation.ni.dll
+ 2011-08-11 11:27 . 2011-08-11 11:27 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\307dcd6df5b1b2d6138047f9066a9cd7\System.Web.DynamicData.Design.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\4d2110a932ebbda7edbeaf03e5bbdce0\System.ComponentModel.DataAnnotations.ni.dll
- 2011-06-29 18:13 . 2011-06-29 18:13 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\ad0f1ab7ed22fca35ebdc7086df735d8\System.AddIn.Contract.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\ad0f1ab7ed22fca35ebdc7086df735d8\System.AddIn.Contract.ni.dll
+ 2011-08-11 11:23 . 2011-08-11 11:23 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\fbb18c747602614117bae5363e8d76d9\stdole.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\ca08eeec54fe8ed940e27b81293a0079\PresentationFontCache.ni.exe
+ 2011-08-11 06:14 . 2011-08-11 06:14 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8395f4672c4fe938a6db7dfa19dd1bf4\PresentationCFFRasterizer.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\1d312fff41010364fac3b45fcc267c4b\napcrypt.ni.dll
- 2011-06-29 18:13 . 2011-06-29 18:13 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\1d312fff41010364fac3b45fcc267c4b\napcrypt.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\2fa8711fcbe4f277edbbdaf5ef75eae8\Microsoft.WSMan.Runtime.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ecf78a76d679f911e23ebf3ef33f2b5e\Microsoft.Windows.Diagnosis.SDHost.ni.dll
- 2011-06-29 18:13 . 2011-06-29 18:13 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ecf78a76d679f911e23ebf3ef33f2b5e\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d7ee37204954317e04a434f10660270e\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
- 2011-06-29 18:13 . 2011-06-29 18:13 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\8a1d7a90314ab9634f2db1fe388ef86d\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\8a1d7a90314ab9634f2db1fe388ef86d\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\78515d457e19db2b3cf2b593dece6362\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3e9e7a37106f143b6931fab60839392c\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\338d94115e3e841a5bbf05409db54cfa\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-08-11 11:25 . 2011-08-11 11:25 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\12cd3d14ddb9d0785f659434c3ba69d5\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-08-11 11:24 . 2011-08-11 11:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\19abbb37d3d1469e7234fcd4950b7f2a\Microsoft.Vsa.ni.dll
+ 2011-08-11 06:13 . 2011-08-11 06:13 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ea183e8b958908d26680bb6e88d4fbb0\Microsoft.VisualC.ni.dll
- 2011-06-29 15:59 . 2011-06-29 15:59 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ea183e8b958908d26680bb6e88d4fbb0\Microsoft.VisualC.ni.dll
- 2011-06-29 18:12 . 2011-06-29 18:12 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\f7ad8a9d5383476ceb1d1df0f784a5db\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
+ 2011-08-11 11:23 . 2011-08-11 11:23 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\f7ad8a9d5383476ceb1d1df0f784a5db\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
- 2011-06-29 18:12 . 2011-06-29 18:12 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\0fbcc77c438c068b889326c015c0c6f2\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
+ 2011-08-11 11:23 . 2011-08-11 11:23 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\0fbcc77c438c068b889326c015c0c6f2\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
+ 2011-08-11 11:23 . 2011-08-11 11:23 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b20f6742224b9c733f41e2ea1b834fc2\Microsoft.Build.Framework.ni.dll
- 2011-06-29 18:12 . 2011-06-29 18:12 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b20f6742224b9c733f41e2ea1b834fc2\Microsoft.Build.Framework.ni.dll
- 2011-06-29 18:12 . 2011-06-29 18:12 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9d58ae6973a51b87eaf4141686f20fec\Microsoft.Build.Framework.ni.dll
+ 2011-08-11 11:23 . 2011-08-11 11:23 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9d58ae6973a51b87eaf4141686f20fec\Microsoft.Build.Framework.ni.dll
+ 2011-08-11 11:23 . 2011-08-11 11:23 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\8065ab477932e0308175a4ac031456c5\ehiUserXp.ni.dll
- 2011-06-29 18:11 . 2011-06-29 18:11 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\8065ab477932e0308175a4ac031456c5\ehiUserXp.ni.dll
- 2011-06-29 18:11 . 2011-06-29 18:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\1040a6847fcc7f5c3245fe8a68623597\dfsvc.ni.exe
+ 2011-08-11 11:22 . 2011-08-11 11:22 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\1040a6847fcc7f5c3245fe8a68623597\dfsvc.ni.exe
- 2011-06-29 18:11 . 2011-06-29 18:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\3d0ab1d9eb515c0179d3807acbef6483\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2011-08-11 11:21 . 2011-08-11 11:21 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\3d0ab1d9eb515c0179d3807acbef6483\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2011-08-11 06:14 . 2011-08-11 06:14 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5c6e1a094b1e65c69b528151cc19b1ee\Accessibility.ni.dll
- 2011-06-29 16:00 . 2011-06-29 16:00 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5c6e1a094b1e65c69b528151cc19b1ee\Accessibility.ni.dll
+ 2011-08-06 09:54 . 2011-08-06 09:54 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-03-26 18:35 . 2011-03-26 18:35 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-03-26 18:35 . 2011-03-26 18:35 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-08-06 09:54 . 2011-08-06 09:54 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-07-13 13:50 . 2011-06-02 05:54 5120 c:\windows\SysWOW64\wow32.dll
+ 2011-08-10 19:24 . 2011-07-16 04:30 5120 c:\windows\SysWOW64\wow32.dll
- 2011-07-13 13:50 . 2011-06-02 03:50 2048 c:\windows\SysWOW64\user.exe
+ 2011-08-10 19:24 . 2011-07-16 02:26 2048 c:\windows\SysWOW64\user.exe
- 2011-07-13 13:50 . 2011-06-02 03:51 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-08-10 19:24 . 2011-07-16 02:26 7680 c:\windows\SysWOW64\instnm.exe
+ 2003-12-01 15:20 . 2003-12-01 15:20 4832 c:\windows\SysWOW64\drivers\sfhlp01.sys
+ 2003-09-06 12:22 . 2003-09-06 12:22 6944 c:\windows\SysWOW64\drivers\prosync1.sys
- 2011-07-13 13:51 . 2011-06-02 03:45 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 02:21 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 03:45 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 02:21 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 03:45 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 02:21 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 03:45 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 02:21 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2010-05-16 14:20 . 2011-08-16 17:03 8938 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-05-01 06:11 . 2011-08-10 13:08 8558 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3905075324-2828060491-1913704057-1004_UserData.bin
- 2011-07-13 13:51 . 2011-06-02 06:23 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2011-07-13 13:51 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-08-10 19:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
- 2011-07-18 20:24 . 2011-07-18 20:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-16 18:23 . 2011-08-16 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-18 20:24 . 2011-07-18 20:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-16 18:23 . 2011-08-16 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-25 17:49 . 2011-08-10 20:48 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2011-01-25 17:49 . 2011-07-13 14:49 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2011-06-29 18:14 . 2011-06-29 18:14 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\cec5dc6db7419a80bba3f9d73833fb65\dfsvc.ni.exe
+ 2011-08-11 11:28 . 2011-08-11 11:28 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\cec5dc6db7419a80bba3f9d73833fb65\dfsvc.ni.exe
+ 2011-08-10 19:25 . 2011-06-16 04:35 180224 c:\windows\SysWOW64\xmllite.dll
- 2009-07-14 00:20 . 2009-07-14 01:16 180224 c:\windows\SysWOW64\xmllite.dll
+ 2011-08-06 09:55 . 2010-06-02 02:55 527192 c:\windows\SysWOW64\XAudio2_7.dll
+ 2011-08-06 09:55 . 2010-02-04 08:01 528216 c:\windows\SysWOW64\XAudio2_6.dll
+ 2011-08-06 09:55 . 2010-06-02 02:55 239960 c:\windows\SysWOW64\xactengine3_7.dll
+ 2011-08-06 09:55 . 2010-02-04 08:01 238936 c:\windows\SysWOW64\xactengine3_6.dll
+ 2011-08-10 19:24 . 2011-06-21 05:36 981504 c:\windows\SysWOW64\wininet.dll
- 2011-06-16 11:31 . 2011-04-22 19:31 981504 c:\windows\SysWOW64\wininet.dll
+ 2011-08-10 19:24 . 2011-06-21 05:36 132096 c:\windows\SysWOW64\url.dll
+ 2011-08-10 19:25 . 2011-06-15 09:04 163840 c:\windows\SysWOW64\odbctrac.dll
- 2009-07-14 00:11 . 2009-07-14 01:16 163840 c:\windows\SysWOW64\odbctrac.dll
+ 2011-08-10 19:25 . 2011-06-15 09:04 319488 c:\windows\SysWOW64\odbcjt32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 319488 c:\windows\SysWOW64\odbcjt32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2011-08-10 19:25 . 2011-06-15 09:04 122880 c:\windows\SysWOW64\odbccp32.dll
- 2011-06-16 11:31 . 2011-04-22 19:31 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-08-10 19:24 . 2011-06-21 05:35 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-08-10 19:24 . 2011-06-21 05:35 599552 c:\windows\SysWOW64\msfeeds.dll
- 2011-06-16 11:31 . 2011-04-22 19:31 599552 c:\windows\SysWOW64\msfeeds.dll
- 2011-07-13 13:51 . 2011-06-02 05:54 272384 c:\windows\SysWOW64\KernelBase.dll
+ 2011-08-10 19:24 . 2011-07-16 04:30 272384 c:\windows\SysWOW64\KernelBase.dll
- 2011-06-16 11:31 . 2011-04-22 19:31 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-08-10 19:24 . 2011-06-21 05:34 176640 c:\windows\SysWOW64\ieui.dll
- 2011-06-16 11:31 . 2011-04-22 19:31 185856 c:\windows\SysWOW64\iepeers.dll
+ 2011-08-10 19:24 . 2011-06-21 05:34 185856 c:\windows\SysWOW64\iepeers.dll
+ 2011-08-10 19:24 . 2011-06-21 05:34 381440 c:\windows\SysWOW64\iedkcs32.dll
- 2011-06-16 11:31 . 2011-04-22 19:31 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2004-05-13 13:00 . 2004-05-13 13:00 111808 c:\windows\SysWOW64\drivers\prohlp02.sys
+ 2011-08-06 09:55 . 2010-05-26 09:41 248672 c:\windows\SysWOW64\d3dx11_43.dll
+ 2011-08-06 09:55 . 2010-05-26 09:41 470880 c:\windows\SysWOW64\d3dx10_43.dll
+ 2011-08-10 19:25 . 2011-06-16 05:31 199680 c:\windows\system32\xmllite.dll
- 2009-07-14 00:41 . 2009-07-14 01:41 199680 c:\windows\system32\xmllite.dll
+ 2011-08-06 09:55 . 2010-06-02 02:55 518488 c:\windows\system32\XAudio2_7.dll
+ 2011-08-06 09:55 . 2010-02-04 08:01 530776 c:\windows\system32\XAudio2_6.dll
+ 2011-08-06 09:55 . 2010-06-02 02:55 176984 c:\windows\system32\xactengine3_7.dll
+ 2011-08-06 09:55 . 2010-02-04 08:01 176984 c:\windows\system32\xactengine3_6.dll
- 2011-07-13 13:50 . 2011-06-02 06:45 362496 c:\windows\system32\wow64win.dll
+ 2011-08-10 19:24 . 2011-07-16 05:26 362496 c:\windows\system32\wow64win.dll
+ 2011-08-10 19:25 . 2011-07-16 05:26 243200 c:\windows\system32\wow64.dll
- 2011-07-13 13:50 . 2011-06-02 06:45 243200 c:\windows\system32\wow64.dll
- 2011-07-13 13:50 . 2011-06-02 06:44 214528 c:\windows\system32\winsrv.dll
+ 2011-08-10 19:25 . 2011-07-16 05:26 214528 c:\windows\system32\winsrv.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 134144 c:\windows\system32\url.dll
+ 2011-08-10 19:24 . 2011-06-21 06:20 134144 c:\windows\system32\url.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 212992 c:\windows\system32\odbctrac.dll
+ 2011-08-10 19:25 . 2011-06-15 09:58 212992 c:\windows\system32\odbctrac.dll
+ 2011-08-10 19:25 . 2011-06-15 09:58 106496 c:\windows\system32\odbccu32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccu32.dll
+ 2011-08-10 19:25 . 2011-06-15 09:58 106496 c:\windows\system32\odbccr32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccr32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 163840 c:\windows\system32\odbccp32.dll
+ 2011-08-10 19:25 . 2011-06-15 09:58 163840 c:\windows\system32\odbccp32.dll
+ 2011-08-10 19:24 . 2011-06-21 06:20 703488 c:\windows\system32\msfeeds.dll
- 2011-06-16 11:31 . 2011-04-22 20:14 703488 c:\windows\system32\msfeeds.dll
- 2011-07-13 13:51 . 2011-06-02 06:39 422400 c:\windows\system32\KernelBase.dll
+ 2011-08-10 19:25 . 2011-07-16 05:21 422400 c:\windows\system32\KernelBase.dll
- 2011-06-16 11:31 . 2011-04-22 20:13 247808 c:\windows\system32\ieui.dll
+ 2011-08-10 19:24 . 2011-06-21 06:19 247808 c:\windows\system32\ieui.dll
+ 2011-08-10 19:24 . 2011-06-21 06:19 256000 c:\windows\system32\iepeers.dll
- 2011-06-16 11:31 . 2011-04-22 20:13 256000 c:\windows\system32\iepeers.dll
+ 2011-08-10 19:24 . 2011-06-21 06:19 445952 c:\windows\system32\iedkcs32.dll
- 2011-06-16 11:31 . 2011-04-22 20:13 445952 c:\windows\system32\iedkcs32.dll
+ 2011-08-10 19:25 . 2011-07-09 02:44 287744 c:\windows\system32\drivers\mrxsmb10.sys
- 2011-06-16 11:32 . 2011-05-04 02:51 287744 c:\windows\system32\drivers\mrxsmb10.sys
+ 2011-08-06 09:55 . 2010-05-26 09:41 276832 c:\windows\system32\d3dx11_43.dll
+ 2011-08-06 09:55 . 2010-05-26 09:41 511328 c:\windows\system32\d3dx10_43.dll
+ 2011-08-10 19:25 . 2011-07-16 05:17 338432 c:\windows\system32\conhost.exe