Prosím o pomoc s virem

Zpráva

Paolo256 · #1 Příspěvek od **Paolo256** » 02 led 2012 16:07

Dobrý den, při brouzdání se mi do počítače asi dostala nějaká havěť, vypnula mi nod 32, kterému ten den skončila licence, ale tu už mám.
Jakýkoliv program, který chci spustit se ptá, v jakém programu ho chci spustit, prohlížeč je zablokovaný....

Předem děkuju za jakoukoliv pomoc

Logfile of random's system information tool 1.09 (written by random/random)
Run by admin at 2012-01-02 15:51:37
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 158 GB (52%) free of 305 GB
Total RAM: 2030 MB (76% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\f0zs9nkw.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.26, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, engine@conduit.com:3.2.1.3, {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.2.1.3, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Programy\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npdeployJava1.dll
npDivxPlayerPlugin.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nsIDivxPlayerPlugin.xpt
QuickTimePlugin.class
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\f0zs9nkw.default\extensions\
engine@conduit.com
{20a82645-c095-46ed-80e3-08825760534b}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2007-05-10 835584]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2009-04-24 360448]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2219184]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-08-03 13892200]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-07-05 1632360]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"iTunesHelper"=C:\Programy\iTunes\iTunesHelper.exe [2011-12-08 421736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\WINDOWS\FixCamera.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-15 1955208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2011-07-05 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-22 3318784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\games\steam\steam.exe [2011-09-02 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-30 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Games\The Battle for Middle-earth (tm) II\game.dat"="C:\Games\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Games\Steam\SteamApps\paolo312\source sdk base\hl2.exe"="C:\Games\Steam\SteamApps\paolo312\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Games\Command & Conquer Generals Zero Hour\game.dat"="C:\Games\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Games\Command and Conquer Generals\game.dat"="C:\Games\Command and Conquer Generals\game.dat:*:Enabled:game"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Games\Steam\SteamApps\paolo312\half-life 2 deathmatch\hl2.exe"="C:\Games\Steam\SteamApps\paolo312\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Games\Grid\GRID.exe"="C:\Games\Grid\GRID.exe:*:Enabled:GRID Executable"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Creative\Creative Centrale\CTUPnPFn.exe"="C:\Program Files\Creative\Creative Centrale\CTUPnPFn.exe:LocalSubNet:Enabled:Creative Centrale Media Server Component"
"C:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
"C:\Games\Steam\steam.exe"="C:\Games\Steam\steam.exe:*:Enabled:Steam"
"C:\Games\Battlefield 2\BF2.exe"="C:\Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Games\Steam\SteamApps\common\left 4 dead 2 demo\left4dead2.exe"="C:\Games\Steam\SteamApps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Games\Supreme Commander 2\bin\SupremeCommander2.exe"="C:\Games\Supreme Commander 2\bin\SupremeCommander2.exe:*:Enabled:SupremeCommander2"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Games\World_of_Tanks_closed_Beta\WorldOfTanks.exe"="C:\Games\World_of_Tanks_closed_Beta\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Games\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe"="C:\Games\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\Games\The Lord of the Rings Online\lotroclient.exe"="C:\Games\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient"
"C:\Games\The Lord of the Rings Online\TurbineInvoker.exe"="C:\Games\The Lord of the Rings Online\TurbineInvoker.exe:*:Enabled:The Lord of the Rings Online"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Games\Steam\SteamApps\paolo312\team fortress 2\hl2.exe"="C:\Games\Steam\SteamApps\paolo312\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\LOLReplay\LOLReplay.exe"="C:\Program Files\LOLReplay\LOLReplay.exe:*:Enabled:LOL Replay"
"C:\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="C:\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"C:\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
"C:\Documents and Settings\admin\Plocha\RA3\Red Alert 3\Data\ra3_1.0.game"="C:\Documents and Settings\admin\Plocha\RA3\Red Alert 3\Data\ra3_1.0.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Programy\iTunes\iTunes.exe"="C:\Programy\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=DivX.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP62"=vp6vfw.dll
"MSVideo8"=VfWWDM32.dll
"vidc.DIVX"=DivX.dll
"VIDC.FPS1"=frapsvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.HFYU"=huffyuv.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.exe - open - "C:\Documents and Settings\admin\Local Settings\Data aplikací\owb.exe" -a "%1" %*
.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 month======

2012-01-02 15:51:31 ----D---- C:\rsit
2011-12-25 17:17:46 ----A---- C:\WINDOWS\system32\drivers\utiynti5.sys
2011-12-25 17:04:50 ----A---- C:\WINDOWS\ntbtlog.txt
2011-12-25 17:01:51 ----D---- C:\Documents and Settings\admin\Data aplikací\Media Player Classic
2011-12-25 01:15:08 ----A---- C:\WINDOWS\system32\AVEQT.dll
2011-12-25 01:15:05 ----D---- C:\Program Files\Ultra Video Converter
2011-12-25 00:03:29 ----D---- C:\Program Files\iPod
2011-12-25 00:01:21 ----D---- C:\Program Files\Bonjour
2011-12-24 23:39:38 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2011-12-23 12:05:11 ----RA---- C:\WINDOWS\system32\nvhdap32.dll
2011-12-23 12:05:11 ----RA---- C:\WINDOWS\system32\drivers\nvhda32.sys
2011-12-23 12:05:11 ----A---- C:\WINDOWS\system32\nvhdagenco322040.dll
2011-12-23 12:04:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2011-12-23 12:04:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvsvc32.exe
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrszht.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrszhc.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrstr.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsth.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrssv.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrssl.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrssk.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsru.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsptb.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrspt.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrspl.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsno.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsnl.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsko.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsja.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsit.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrshu.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrshe.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsfr.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsfi.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsesm.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrses.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrseng.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsel.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsde.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsda.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrscs.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvrsar.dll
2011-12-23 12:04:26 ----RA---- C:\WINDOWS\system32\nvcolor.exe
2011-12-23 12:04:25 ----RA---- C:\WINDOWS\system32\nvmctray.dll
2011-12-23 12:04:25 ----RA---- C:\WINDOWS\system32\nvcpl.dll
2011-12-23 12:04:23 ----RA---- C:\WINDOWS\system32\nvwddi.dll
2011-12-23 12:04:23 ----RA---- C:\WINDOWS\system32\easyupdatusapiu.dll
2011-12-23 12:04:17 ----RA---- C:\WINDOWS\system32\nvgenco32.dll
2011-12-23 12:04:17 ----RA---- C:\WINDOWS\system32\nvdispco32.dll
2011-12-23 12:02:22 ----A---- C:\WINDOWS\system32\OpenCL.dll
2011-12-23 12:02:18 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2011-12-23 12:02:15 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2011-12-23 12:02:14 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2011-12-23 12:02:13 ----A---- C:\WINDOWS\system32\nvcuda.dll
2011-12-23 12:02:10 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2011-12-23 12:02:09 ----A---- C:\WINDOWS\system32\nvapi.dll
2011-12-14 15:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2639417$
2011-12-14 15:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2011-12-14 15:44:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2011-12-14 15:44:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2011-12-14 15:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2011-12-14 15:43:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2011-12-14 15:43:02 ----A---- C:\WINDOWS\imsins.BAK
2011-12-14 15:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$
2011-12-11 00:34:16 ----D---- C:\Documents and Settings\admin\Data aplikací\Red Alert 3
2011-12-06 17:28:04 ----D---- C:\Gas Powered Games

======List of files/folders modified in the last 1 month======

2012-01-02 15:51:39 ----D---- C:\Program Files\trend micro
2012-01-02 15:51:38 ----D---- C:\WINDOWS\temp
2012-01-02 15:51:32 ----D---- C:\WINDOWS\Prefetch
2011-12-25 20:22:46 ----D---- C:\WINDOWS\system32\drivers
2011-12-25 20:03:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-25 19:44:01 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-25 17:04:50 ----D---- C:\WINDOWS
2011-12-25 17:01:58 ----A---- C:\WINDOWS\NeroDigital.ini
2011-12-25 15:57:02 ----D---- C:\Documents and Settings\admin\Data aplikací\Skype
2011-12-25 12:28:45 ----D---- C:\Documents and Settings\admin\Data aplikací\vlc
2011-12-25 11:31:35 ----D---- C:\Config.Msi
2011-12-25 01:16:02 ----D---- C:\Documents and Settings\admin\Data aplikací\dvdcss
2011-12-25 01:15:08 ----D---- C:\WINDOWS\system32
2011-12-25 01:15:05 ----RD---- C:\Program Files
2011-12-25 00:31:10 ----D---- C:\Documents and Settings\admin\Data aplikací\uTorrent
2011-12-25 00:08:02 ----HD---- C:\WINDOWS\inf
2011-12-25 00:04:38 ----SHD---- C:\WINDOWS\Installer
2011-12-25 00:03:28 ----D---- C:\Program Files\Common Files\Apple
2011-12-25 00:03:26 ----D---- C:\Programy
2011-12-25 00:03:20 ----D---- C:\Program Files\iTunes
2011-12-25 00:02:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-12-25 00:01:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-12-24 23:39:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-24 02:42:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2011-12-23 12:04:56 ----D---- C:\Program Files\NVIDIA Corporation
2011-12-23 12:04:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-12-23 12:04:40 ----D---- C:\Documents and Settings
2011-12-23 12:04:35 ----D---- C:\WINDOWS\Help
2011-12-20 17:09:27 ----D---- C:\IMG
2011-12-20 17:04:00 ----A---- C:\WINDOWS\system.ini
2011-12-20 16:55:51 ----RD---- C:\Program Files\Skype
2011-12-20 16:55:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-12-14 15:48:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-12-14 15:47:58 ----D---- C:\Program Files\Internet Explorer
2011-12-14 15:47:48 ----D---- C:\WINDOWS\ie8updates
2011-12-14 15:47:43 ----HD---- C:\WINDOWS\$hf_mig$
2011-12-14 15:45:34 ----D---- C:\WINDOWS\Debug
2011-12-14 15:45:32 ----A---- C:\WINDOWS\system32\MRT.exe
2011-12-12 00:03:30 ----D---- C:\Program Files\PowerISO
2011-12-11 02:51:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-12-10 23:19:17 ----D---- C:\WINDOWS\system32\DirectX
2011-12-06 20:03:23 ----D---- C:\WINDOWS\Microsoft.NET
2011-12-06 17:37:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Media Center Programs
2011-12-06 17:36:51 ----RSD---- C:\WINDOWS\assembly
2011-12-06 17:35:02 ----D---- C:\l
2011-12-06 17:27:28 ----HD---- C:\Program Files\InstallShield Installation Information
2011-12-06 17:26:33 ----D---- C:\Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-04-03 130936]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-05-10 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-12-21 94872]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-10-26 278728]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-10-26 25416]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-10-23 44416]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-08-03 12542592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2011-05-10 119528]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 ASAPIW2K;ASAPIW2K; \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2009-05-05 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2009-05-05 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2009-05-05 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2009-05-05 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2009-05-05 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\WINDOWS\system32\DRIVERS\netaapl.sys [2009-06-05 17408]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2011-07-13 47360]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2007-03-16 54272]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2009-06-22 10498688]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 UnlockerDriver4;UnlockerDriver4 Driver; \??\C:\Program Files\Unlocker\UnlockerDriver4.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 utiynti5;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utiynti5.sys []
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2007-09-24 223128]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys []
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys []
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys []
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys []
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-26 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2010-01-27 286720]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-08-03 146024]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2011-07-22 370688]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-07-22 602112]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2011-07-22 61440]
S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2011-07-22 339968]
S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
S2 STacSV;Audio Service; C:\WINDOWS\system32\STacSV.exe [2008-04-10 212992]
S3 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-10 79360]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-12-08 821608]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 02 led 2012 16:13

Zdravim a pekny den preji

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Paolo256 · #3 Příspěvek od **Paolo256** » 02 led 2012 16:25

tak tady je ten první(exe helper)

exeHelper by Raktor
Build 20100414
Run at 16:18:26 on 01/02/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

A tady je ten rogue killer.

RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: admin [Admin rights]
Mode: Remove -- Date : 01/02/2012 16:20:23

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 11 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{8CBB9E27-955C-4240-90F8-DDD7EBCCC354} : NameServer (194.228.2.1,194.228.41.113) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{8CBB9E27-955C-4240-90F8-DDD7EBCCC354} : NameServer (212.158.128.2) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{8CBB9E27-955C-4240-90F8-DDD7EBCCC354} : NameServer (194.228.2.1,194.228.41.113) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Documents and Settings\admin\Local Settings\Data aplikací\owb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe")
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Documents and Settings\admin\Local Settings\Data aplikací\owb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\admin\Local Settings\Data aplikací\owb.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files\internet explorer\iexplore.exe")

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 0c42576681ffcd52bdde8019989454e2
[BSP] 0d4882579b72d4e289fd9423107d1b39 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 320068 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] eeec51624b11798a4367a24d04e89bd2
[BSP] 98e88727234fffa42169f61d4248e9c8 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 8064 | Size: 16009 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: admin [Admin rights]
Mode: HOSTSFix -- Date : 01/02/2012 16:20:52

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: admin [Admin rights]
Mode: ProxyFix -- Date : 01/02/2012 16:21:06

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Paolo256 · #4 Příspěvek od **Paolo256** » 02 led 2012 23:16

vše se jeví v pořádku, antivirus už zase pracuje, děkuji mnohokrát

#5 Příspěvek od **vyosek** » 03 led 2012 01:28

No jeste neutikejte, jeste musime leceni dokoncit

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Paolo256 · #6 Příspěvek od **Paolo256** » 03 led 2012 14:32

ComboFix 12-01-03.04 - admin 03.01.2012 14:12:29.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2030.1283 [GMT 1:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\TZLog.log
.
c:\windows\system32\drivers\Serial.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\serial.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-03 do 2012-01-03 )))))))))))))))))))))))))))))))
.
.
2012-01-03 13:21 . 2008-04-14 06:51 64256 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-01-03 13:21 . 2008-04-14 06:51 64256 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-01-02 15:36 . 2012-01-02 15:36 -------- d-----w- c:\program files\ESET
2012-01-02 15:36 . 2012-01-02 15:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-01-02 15:19 . 2012-01-02 15:21 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-01-02 14:51 . 2012-01-02 14:51 -------- d-----w- C:\rsit
2011-12-25 19:23 . 2011-12-25 19:23 -------- d-----w- c:\documents and settings\Administrator.XXX\DoctorWeb
2011-12-25 16:17 . 2011-12-25 16:18 7168 ----a-w- c:\windows\system32\drivers\utiynti5.sys
2011-12-25 16:01 . 2011-12-25 16:01 -------- d-----w- c:\documents and settings\admin\Data aplikací\Media Player Classic
2011-12-25 00:15 . 2006-09-26 12:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2011-12-25 00:15 . 2011-12-25 00:15 -------- d-----w- c:\program files\Ultra Video Converter
2011-12-24 23:03 . 2011-12-24 23:03 -------- d-----w- c:\program files\iPod
2011-12-24 23:01 . 2011-12-24 23:01 -------- d-----w- c:\program files\Bonjour
2011-12-24 22:39 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-12-24 22:39 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-12-23 11:05 . 2011-05-10 09:41 26216 ----a-r- c:\windows\system32\nvhdap32.dll
2011-12-23 11:05 . 2011-05-10 09:41 119528 ----a-r- c:\windows\system32\drivers\nvhda32.sys
2011-12-23 11:05 . 2011-05-10 09:41 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-12-23 11:02 . 2011-08-03 11:49 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-23 11:02 . 2011-08-03 11:49 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-12-23 11:02 . 2011-08-03 11:49 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-23 11:02 . 2011-08-03 11:49 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-23 11:02 . 2011-08-03 11:49 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-23 11:02 . 2011-08-03 11:49 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-23 11:02 . 2011-08-03 11:49 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-12-10 23:34 . 2011-12-10 23:42 -------- d-----w- c:\documents and settings\admin\Data aplikací\Red Alert 3
2011-12-06 16:28 . 2011-12-06 16:37 -------- d-----w- C:\Gas Powered Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2004-08-17 13:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 14:30 . 2011-11-23 14:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:13 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-17 13:49 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2004-08-17 13:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2004-08-17 13:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 16:51 . 2008-07-02 10:52 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-10 16:51 . 2008-07-02 10:52 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-10-10 14:22 . 2007-09-19 23:13 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-11 21:31 . 2011-05-06 17:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-04-24 360448]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\programy\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 11:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 15:18 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2011-07-22 10:13 3318784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-02 12:37 1242448 ----a-w- c:\games\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Games\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Games\\Steam\\SteamApps\\paolo312\\source sdk base\\hl2.exe"=
"c:\\Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Games\\Command and Conquer Generals\\game.dat"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Games\\Grid\\GRID.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Games\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\Steam\\steam.exe"=
"c:\\Games\\Battlefield 2\\BF2.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Games\\Steam\\SteamApps\\common\\left 4 dead 2 demo\\left4dead2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Games\\Supreme Commander 2\\bin\\SupremeCommander2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Games\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Games\\Steam\\SteamApps\\paolo312\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\LOLReplay\\LOLReplay.exe"=
"c:\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Documents and Settings\\admin\\Plocha\\RA3\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Programy\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"26000:TCP"= 26000:TCP:Call of Duty 2
"29999:TCP"= 29999:TCP:Call of Duty 2(2)
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"9000:UDP"= 9000:UDP:LOTRO
"2900:UDP"= 2900:UDP:Lotro2
"6950:TCP"= 6950:TCP:League of Legends Launcher
"6950:UDP"= 6950:UDP:League of Legends Launcher
"6916:TCP"= 6916:TCP:League of Legends Launcher
"6916:UDP"= 6916:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"6979:TCP"= 6979:TCP:League of Legends Launcher
"6979:UDP"= 6979:UDP:League of Legends Launcher
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23.7.2009 21:27 130936]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 14:04 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 12:47 103112]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [21.7.2011 19:13 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [15.8.2011 16:18 1361288]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.8.2008 12:41 12856]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [23.12.2011 12:04 2255464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [23.12.2011 12:05 119528]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [23.7.2009 21:27 339968]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10.10.2011 17:51 79360]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [1.7.2009 22:07 17408]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13.7.2011 10:42 47360]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 13:37 26624]
S3 UnlockerDriver4;UnlockerDriver4 Driver;\??\c:\program files\Unlocker\UnlockerDriver4.sys --> c:\program files\Unlocker\UnlockerDriver4.sys [?]
S3 utiynti5;AVZ Kernel Driver;c:\windows\system32\drivers\utiynti5.sys [25.12.2011 17:17 7168]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [24.9.2007 18:36 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.9.2007 18:30 691696]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WUAUSERV
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34]
.
.
------- Doplňkový sken -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: Interfaces\{8CBB9E27-955C-4240-90F8-DDD7EBCCC354}: NameServer = 194.228.2.1,194.228.41.113
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\f0zs9nkw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-FixCamera - c:\windows\FixCamera.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-03 14:23
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3162161101-2018322775-2885428501-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,cc,49,8b,21,68,72,20,a6,53,f7,d6,08,c6,6c,b6,92,25,87,f6,1e,fc,15,
a9,cc,e3,56,eb,ca,4f,c1,25,08,fd,04,92,e8,f3,ea,f8,ed,12,d0,f3,db,21,a6,3f,\
"??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa
.
[HKEY_USERS\S-1-5-21-3162161101-2018322775-2885428501-1003\Software\SecuROM\License information*]
"datasecu"=hex:8d,df,9d,e6,73,7e,46,cf,06,bc,1d,d0,bc,d7,4e,03,6b,e4,83,a5,59,
79,9f,22,cd,48,c6,5a,fe,96,7f,05,61,bd,f9,75,fa,9d,53,db,7a,b5,ce,3f,27,5e,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1012)
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3000)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\RunDLL32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2012-01-03 14:29:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-03 13:29
.
Před spuštěním: Volných bajtů: 166 016 442 368
Po spuštění: Volných bajtů: 166 183 489 536
.
- - End Of File - - 75820F4A736373A8DE9C632CC36AD48A

#7 Příspěvek od **vyosek** » 04 led 2012 01:46

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\system32\drivers\utiynti5.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

File::
c:\windows\Tasks\AppleSoftwareUpdate.job

Driver::
utiynti5

DDS::
uLocal Page = \blank.htm

RegNull::
[HKEY_USERS\S-1-5-21-3162161101-2018322775-2885428501-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-3162161101-2018322775-2885428501-1003\Software\SecuROM\License information*]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Paolo256 · #8 Příspěvek od **Paolo256** » 04 led 2012 15:41

ComboFix 12-01-03.04 - admin 04.01.2012 15:20:17.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2030.1238 [GMT 1:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"
.
file zipped: c:\windows\system32\drivers\utiynti5.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\utiynti5.sys
c:\windows\Tasks\AppleSoftwareUpdate.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_utiynti5
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-04 do 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 12:56 . 2012-01-04 12:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ROCCAT
2012-01-03 16:24 . 2012-01-03 16:24 -------- d-----w- c:\program files\ROCCAT
2012-01-03 13:21 . 2008-04-14 06:51 64256 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-01-03 13:21 . 2008-04-14 06:51 64256 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-01-02 15:36 . 2012-01-02 15:36 -------- d-----w- c:\program files\ESET
2012-01-02 15:36 . 2012-01-02 15:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-01-02 15:19 . 2012-01-02 15:21 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-01-02 14:51 . 2012-01-02 14:51 -------- d-----w- C:\rsit
2011-12-25 19:23 . 2011-12-25 19:23 -------- d-----w- c:\documents and settings\Administrator.XXX\DoctorWeb
2011-12-25 16:01 . 2011-12-25 16:01 -------- d-----w- c:\documents and settings\admin\Data aplikací\Media Player Classic
2011-12-25 00:15 . 2006-09-26 12:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2011-12-25 00:15 . 2011-12-25 00:15 -------- d-----w- c:\program files\Ultra Video Converter
2011-12-24 23:03 . 2011-12-24 23:03 -------- d-----w- c:\program files\iPod
2011-12-24 23:01 . 2011-12-24 23:01 -------- d-----w- c:\program files\Bonjour
2011-12-24 22:39 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-12-24 22:39 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-12-23 11:05 . 2011-05-10 09:41 26216 ----a-r- c:\windows\system32\nvhdap32.dll
2011-12-23 11:05 . 2011-05-10 09:41 119528 ----a-r- c:\windows\system32\drivers\nvhda32.sys
2011-12-23 11:05 . 2011-05-10 09:41 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-12-23 11:02 . 2011-08-03 11:49 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-23 11:02 . 2011-08-03 11:49 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-12-23 11:02 . 2011-08-03 11:49 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-23 11:02 . 2011-08-03 11:49 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-23 11:02 . 2011-08-03 11:49 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-23 11:02 . 2011-08-03 11:49 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-23 11:02 . 2011-08-03 11:49 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-12-10 23:34 . 2011-12-10 23:42 -------- d-----w- c:\documents and settings\admin\Data aplikací\Red Alert 3
2011-12-06 16:28 . 2011-12-06 16:37 -------- d-----w- C:\Gas Powered Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2004-08-17 13:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 14:30 . 2011-11-23 14:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:13 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-17 13:49 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2004-08-17 13:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2004-08-17 13:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 16:51 . 2008-07-02 10:52 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-10 16:51 . 2008-07-02 10:52 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-10-10 14:22 . 2007-09-19 23:13 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-11 21:31 . 2011-05-06 17:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-03_13.23.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-25 14:00 . 2012-01-03 14:55 72418 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2011-12-11 01:51 72418 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2011-12-11 01:51 84268 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2012-01-03 14:55 84268 c:\windows\system32\perfc005.dat
+ 2011-12-25 02:49 . 2011-12-25 02:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2011-07-08 12:00 . 2011-07-08 12:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 10:07 . 2011-12-25 10:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-24 21:55 . 2011-12-24 21:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2011-07-07 10:04 . 2011-07-07 10:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2011-07-07 10:04 . 2011-07-07 10:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-24 21:55 . 2011-12-24 21:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-24 21:55 . 2011-12-24 21:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2011-07-07 10:03 . 2011-07-07 10:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2011-07-07 11:09 . 2011-07-07 11:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-24 22:49 . 2011-12-24 22:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-24 22:49 . 2011-12-24 22:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2011-07-07 11:09 . 2011-07-07 11:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b75c5e5b\System.Drawing.Design.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_439a030c\CustomMarshalers.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-03 14:54 . 2012-01-03 14:54 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-13 16:42 . 2011-10-13 16:42 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 16:48 . 2011-10-13 16:48 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 16:48 . 2011-10-13 16:48 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2001-10-25 14:00 . 2011-12-11 01:51 444160 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2012-01-03 14:55 444160 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-12-11 01:51 441026 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2012-01-03 14:55 441026 c:\windows\system32\perfh005.dat
+ 2011-12-25 02:49 . 2011-12-25 02:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2011-07-07 10:04 . 2011-07-07 10:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-24 21:55 . 2011-12-24 21:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2011-07-07 10:01 . 2011-07-07 10:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-24 21:53 . 2011-12-24 21:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-24 22:49 . 2011-12-24 22:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2011-07-07 11:09 . 2011-07-07 11:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 04:40 . 2011-12-25 04:40 819200 c:\windows\Installer\2a1390.msp
+ 2012-01-03 14:53 . 2012-01-03 14:53 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0a44e76a\System.Drawing.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_342c14d9\System.Drawing.Design.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e1f36c35\CustomMarshalers.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
+ 2012-01-03 15:08 . 2012-01-03 15:08 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2012-01-03 15:08 . 2012-01-03 15:08 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-01-03 15:08 . 2012-01-03 15:08 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
+ 2012-01-03 14:54 . 2012-01-03 14:54 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-03 14:54 . 2012-01-03 14:54 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-25 10:07 . 2011-12-25 10:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 10:06 . 2011-12-25 10:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2011-07-08 11:59 . 2011-07-08 11:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 10:06 . 2011-12-25 10:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-24 21:54 . 2011-12-24 21:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2011-07-07 10:02 . 2011-07-07 10:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-24 21:53 . 2011-12-24 21:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2011-07-07 10:02 . 2011-07-07 10:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2011-07-08 11:59 . 2011-07-08 11:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-25 10:06 . 2011-12-25 10:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-26 08:59 . 2011-12-26 08:59 4368896 c:\windows\Installer\2a13b2.msp
+ 2012-01-03 14:53 . 2012-01-03 14:53 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fc885a1b\System.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f1300349\System.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a24c1d6a\System.Xml.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3feb153c\System.Xml.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_896b3983\System.Windows.Forms.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_31394f3f\System.Windows.Forms.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_34dbd568\System.Drawing.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_eeeef734\System.Design.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_63023082\System.Design.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f5efa024\mscorlib.dll
+ 2012-01-03 14:54 . 2012-01-03 14:54 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8bd0ae5f\mscorlib.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 7982592 c:\windows\assembly\NativeImages_v2.0.50727_32\vjslib\e209e1f002a2cb4adcf9168cf3d4d8bf\vjslib.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-01-03 15:09 . 2012-01-03 15:09 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-01-03 15:08 . 2012-01-03 15:08 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-01-03 15:08 . 2012-01-03 15:08 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-01-03 15:08 . 2012-01-03 15:08 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-06 22:08 . 2010-10-06 22:08 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-03 14:52 . 2012-01-03 14:52 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-03 14:54 . 2012-01-03 14:54 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-03 14:54 . 2012-01-03 14:54 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 16:48 . 2011-10-13 16:48 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-03 14:55 . 2012-01-03 14:55 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 16:42 . 2011-10-13 16:42 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-03 14:53 . 2012-01-03 14:53 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-26 16:02 . 2011-12-26 16:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2011-12-26 08:02 . 2011-12-26 08:02 19677184 c:\windows\Installer\2a13a9.msp
+ 2012-01-03 14:55 . 2012-01-03 14:55 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-01-03 15:08 . 2012-01-03 15:08 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-01-03 14:55 . 2012-01-03 14:56 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-04-24 360448]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\programy\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Games\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Games\\Steam\\SteamApps\\paolo312\\source sdk base\\hl2.exe"=
"c:\\Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Games\\Command and Conquer Generals\\game.dat"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Games\\Grid\\GRID.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Games\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\Steam\\steam.exe"=
"c:\\Games\\Battlefield 2\\BF2.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Games\\Steam\\SteamApps\\common\\left 4 dead 2 demo\\left4dead2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Games\\Supreme Commander 2\\bin\\SupremeCommander2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Games\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Games\\Steam\\SteamApps\\paolo312\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\LOLReplay\\LOLReplay.exe"=
"c:\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Documents and Settings\\admin\\Plocha\\RA3\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Programy\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"26000:TCP"= 26000:TCP:Call of Duty 2
"29999:TCP"= 29999:TCP:Call of Duty 2(2)
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"9000:UDP"= 9000:UDP:LOTRO
"2900:UDP"= 2900:UDP:Lotro2
"6950:TCP"= 6950:TCP:League of Legends Launcher
"6950:UDP"= 6950:UDP:League of Legends Launcher
"6916:TCP"= 6916:TCP:League of Legends Launcher
"6916:UDP"= 6916:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"6979:TCP"= 6979:TCP:League of Legends Launcher
"6979:UDP"= 6979:UDP:League of Legends Launcher
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23.7.2009 21:27 130936]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 14:04 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 12:47 103112]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [21.7.2011 19:13 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [15.8.2011 16:18 1361288]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.8.2008 12:41 12856]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [23.12.2011 12:04 2255464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [23.12.2011 12:05 119528]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [23.7.2009 21:27 339968]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10.10.2011 17:51 79360]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [1.7.2009 22:07 17408]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13.7.2011 10:42 47360]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 13:37 26624]
S3 UnlockerDriver4;UnlockerDriver4 Driver;\??\c:\program files\Unlocker\UnlockerDriver4.sys --> c:\program files\Unlocker\UnlockerDriver4.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [24.9.2007 18:36 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.9.2007 18:30 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: Interfaces\{8CBB9E27-955C-4240-90F8-DDD7EBCCC354}: NameServer = 194.228.2.1,194.228.41.113
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\f0zs9nkw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-04 15:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1016)
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1308)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\RunDLL32.exe
c:\program files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2012-01-04 15:36:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-04 14:36
ComboFix2.txt 2012-01-03 13:29
.
Před spuštěním: Volných bajtů: 166 613 278 720
Po spuštění: Volných bajtů: 166 585 323 520
.
- - End Of File - - 15D90D25072978F10E27C305349D36BD
Nahr nˇ probŘhlo ŁspŘçnŘ

#9 Příspěvek od **vyosek** » 04 led 2012 15:54

Jak se chova nas pacient

Paolo256 · #10 Příspěvek od **Paolo256** » 05 led 2012 13:45

vše vypadá v pořádku

#11 Příspěvek od **vyosek** » 05 led 2012 14:42

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A je to

Paolo256 · #12 Příspěvek od **Paolo256** » 11 led 2012 15:21

Děkuji mnohokrát za pomoc, vše vypadá v normálu...

#13 Příspěvek od **vyosek** » 11 led 2012 15:24

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

Paolo256 · #14 Příspěvek od **Paolo256** » 15 led 2012 19:05

chtěl bych se ještě zeptat, dal jsem tomu týden, ale asi to není nějaký výpadek, internet pracuje velmi pomalu a jen občas nabíhají stránky, nevím jestli je to stále ten samý problém nebo mi jen u poskytovatele připojení nefunguje DNS, je možné, že je to stále ten samý problém?

#15 Příspěvek od **vyosek** » 15 led 2012 19:42

Zdravim

Dejte mi sem log z RSIT prosim

VIRY.CZ

Prosím o pomoc s virem

Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem

Re: Prosím o pomoc s virem