Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosim o kontrolu logu z combofix a rsit

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
selick
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 16 úno 2010 10:47

Prosim o kontrolu logu z combofix a rsit

#1 Příspěvek od selick »

Siri se nam ve firme havet prosim okontrolu logu dekuji predem


ComboFix 10-02-12.01 - Pavel 16.02.2010 10:37:51.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.568 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100216-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\8xcrbho6.exe
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\pthreadVC.dll
D:\8xcrbho6.exe

----- BITS: Možné infikované stránky -----

hxxp://cpsrv:8530
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-16 do 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-15 09:15 . 2008-04-13 23:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-02-15 09:15 . 2008-04-13 23:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-02-15 09:15 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-02-15 09:15 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-02-15 09:15 . 2008-04-13 23:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-02-15 09:15 . 2008-04-13 23:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-02-15 09:14 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-02-15 09:14 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-02-15 09:14 . 2008-04-13 23:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-02-15 09:14 . 2008-04-13 23:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-02-15 09:14 . 2008-04-13 23:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-02-15 09:14 . 2008-04-13 23:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-02-15 09:14 . 2008-04-13 23:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-02-15 09:14 . 2008-04-13 23:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-02-15 09:14 . 2008-04-13 23:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-02-15 09:14 . 2008-04-13 23:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-02-15 09:13 . 2008-04-14 07:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-02-15 09:13 . 2008-04-14 07:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-02-15 09:13 . 2008-04-14 07:51 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-02-15 09:13 . 2008-04-14 07:51 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-02-15 09:13 . 2008-04-13 23:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-02-15 09:13 . 2008-04-13 23:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-02-15 09:13 . 2010-02-15 09:13 -------- d-----w- c:\documents and settings\user\LOCALS~1
2010-02-15 09:13 . 2010-02-15 09:13 -------- d-----w- c:\documents and settings\user
2010-02-15 09:10 . 2010-02-15 09:11 -------- d-----w- c:\program files\Common Files\AVerMedia
2010-02-11 08:37 . 2009-12-14 07:10 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-02-11 08:37 . 2009-11-27 17:14 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-02-11 08:37 . 2009-11-27 16:09 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-02-11 08:37 . 2009-11-27 16:09 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-02-11 08:37 . 2009-11-27 16:09 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2010-02-11 08:37 . 2009-12-17 07:42 343552 -c----w- c:\windows\system32\dllcache\mspaint.exe
2010-02-05 17:26 . 2010-02-05 17:26 -------- d-----w- c:\program files\futurebit software
2010-02-05 17:26 . 1998-02-06 21:37 299520 ----a-w- c:\windows\uninst.exe
2010-02-03 10:24 . 2010-02-03 10:25 -------- d-----w- c:\program files\Hamachi
2010-02-02 11:03 . 2010-02-02 12:21 -------- d-----w- c:\program files\Nero
2010-02-02 11:03 . 2010-02-02 12:25 -------- d-----w- c:\program files\Common Files\Nero
2010-01-28 08:51 . 2010-01-28 08:51 -------- d-----w- c:\program files\Zoner
2010-01-26 17:34 . 2010-01-26 17:34 -------- d-----w- c:\program files\Counter-Strike Source
2010-01-20 13:35 . 2010-01-20 13:35 36864 ----a-w- c:\windows\unslive.exe
2010-01-20 13:35 . 2010-01-20 13:40 -------- d-----w- c:\program files\Sclive
2010-01-20 13:35 . 2010-01-20 13:35 -------- d-----w- C:\tape-indices
2010-01-19 15:59 . 2010-01-19 15:59 146 ----a-w- c:\windows\DelMR.bat
2010-01-19 15:15 . 2010-02-15 09:42 -------- d-----w- c:\program files\Google
2010-01-19 15:14 . 2010-01-19 16:00 -------- d-----w- c:\windows\system32\Adobe
2010-01-18 11:08 . 2010-01-18 11:08 -------- d-----w- c:\program files\Miranda IM

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 09:13 . 2009-12-03 18:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-15 09:12 . 2010-02-15 09:10 -------- d-----w- c:\program files\AVerMedia
2010-02-03 10:24 . 2010-01-12 14:42 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-01-26 17:44 . 2009-12-09 11:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 15:59 . 2010-01-04 00:38 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-01-18 11:05 . 2009-12-04 15:53 -------- d-----w- c:\program files\QIP
2010-01-15 18:27 . 2010-01-15 18:27 -------- d-----w- c:\program files\VideoLAN
2010-01-15 12:00 . 2010-01-15 11:54 160564 ----a-w- c:\windows\hppins08.dat
2010-01-15 11:59 . 2010-01-15 11:59 -------- d-----w- c:\program files\Common Files\HP
2010-01-15 11:59 . 2010-01-15 11:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-01-15 11:59 . 2010-01-15 11:59 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-15 11:55 . 2010-01-15 11:55 -------- d-----w- c:\program files\HP
2010-01-15 10:31 . 2010-01-15 10:31 -------- d-----w- c:\program files\Common Files\Zeepe Framework 7
2010-01-15 10:30 . 2010-01-12 10:55 -------- d-----w- c:\program files\Novatel Wireless
2010-01-14 16:02 . 2010-01-14 16:03 390144 ----a-w- c:\windows\system32\CF27615.exe
2010-01-14 16:02 . 2010-01-14 16:02 390144 ----a-w- c:\windows\system32\CF27504.exe
2010-01-14 16:01 . 2010-01-14 16:01 390144 ----a-w- c:\windows\system32\CF27269.exe
2010-01-14 16:00 . 2010-01-14 16:00 390144 ----a-w- c:\windows\system32\CF27096.exe
2010-01-13 18:19 . 2010-01-13 18:19 -------- d-----w- c:\program files\Common Files\ThinkVantage Fingerprint Software
2010-01-13 18:19 . 2009-12-07 16:28 -------- d-----w- c:\program files\RSA SecurID Token Common
2010-01-13 18:19 . 2010-01-13 18:19 -------- d-----w- c:\program files\Common Files\SPBA
2010-01-13 18:19 . 2009-12-07 16:27 -------- d-----w- c:\program files\ThinkVantage Fingerprint Software
2010-01-13 18:13 . 2009-12-07 15:36 -------- d-----w- c:\program files\ThinkPad
2010-01-13 18:12 . 2009-12-03 18:12 -------- d-----w- c:\program files\Lenovo
2010-01-13 18:12 . 2010-01-13 18:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-01-13 18:12 . 2010-01-13 18:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-13 18:11 . 2010-01-13 18:11 -------- d-----w- c:\program files\Synaptics
2010-01-13 14:44 . 2010-01-13 14:44 390144 ----a-w- c:\windows\system32\CF24987.exe
2010-01-13 11:02 . 2006-03-02 12:00 95892 ----a-w- c:\windows\system32\perfc005.dat
2010-01-13 11:02 . 2006-03-02 12:00 475970 ----a-w- c:\windows\system32\perfh005.dat
2010-01-13 10:56 . 2010-01-13 10:56 -------- d-----w- c:\program files\MicroTouch
2010-01-12 15:13 . 2010-01-12 15:13 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-12 11:15 . 2010-01-12 11:15 -------- d-----w- c:\program files\Alwil Software
2010-01-12 09:18 . 2010-01-12 08:45 -------- d-----w- c:\program files\OpenVPN
2010-01-11 09:23 . 2010-01-11 09:23 -------- d-----w- c:\program files\MSXML 4.0
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 10:03 . 2009-12-29 09:27 -------- d-----w- c:\program files\Full Tilt Poker.Net
2009-12-23 08:35 . 2009-12-08 09:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-23 08:33 . 2009-12-23 08:33 -------- d-----w- c:\program files\Adobe Media Player
2009-12-23 08:30 . 2009-12-23 08:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-23 08:25 . 2009-12-23 08:25 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-23 08:19 . 2009-12-23 08:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-23 08:18 . 2009-12-23 08:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2009-12-03 17:45 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 23:48 . 2009-12-11 23:48 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-12-09 12:48 . 2009-12-09 12:48 2617568 ----a-w- C:\TeamViewer_Setup.exe
2009-12-09 10:11 . 2006-03-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 09:07 . 2009-12-08 09:07 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-08 08:37 . 2010-02-15 09:12 437888 ----a-w- c:\windows\system32\drivers\AVerFx2hbtv.sys
2009-12-08 08:29 . 2010-02-15 09:12 81920 ----a-w- c:\windows\system32\TVRate.dll
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 11:35 . 2009-12-03 17:49 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-04 11:35 . 2009-12-03 17:49 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-04 11:33 . 2009-12-03 17:49 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-04 09:46 . 2009-12-04 09:46 1286896 ----a-w- c:\windows\qfe299.tmp
2009-12-03 22:18 . 2009-12-03 22:18 1286896 ----a-w- c:\windows\qfe4.tmp
2009-12-03 17:46 . 2009-12-03 17:46 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-27 17:14 . 2006-03-02 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2010-01-12 11:15 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2010-01-12 11:15 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2010-01-12 11:15 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2010-01-12 11:15 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2010-01-12 11:15 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2010-01-12 11:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-01-14_16.11.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 19:54 . 2009-07-11 19:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2008-01-29 10:32 . 2008-01-29 10:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll
+ 2008-01-29 10:32 . 2008-01-29 10:32 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll
+ 2009-07-12 00:07 . 2009-07-12 00:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 00:19 . 2009-07-12 00:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2008-01-29 10:32 . 2008-01-29 10:32 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2009-07-11 18:41 . 2009-07-11 18:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2007-05-17 07:18 . 2007-05-17 07:18 12288 c:\windows\Twunk_32.dll
+ 2007-05-17 07:18 . 2007-05-17 07:18 12288 c:\windows\Twunk_16.dll
+ 2010-02-05 17:25 . 2010-02-05 17:25 16384 c:\windows\Temp\Perflib_Perfdata_734.dat
+ 2009-11-26 15:11 . 2009-02-25 16:32 64024 c:\windows\system32\spool\drivers\w32x86\3\hppccompio.dll
+ 2009-09-01 23:37 . 2009-11-26 15:09 98304 c:\windows\system32\spool\drivers\w32x86\3\hpmup091.bin
+ 2009-11-26 15:11 . 2009-09-01 23:19 75776 c:\windows\system32\spool\drivers\w32x86\3\hpfxcomw.dll
+ 2009-11-26 15:11 . 2009-02-25 16:32 59928 c:\windows\system32\spool\drivers\w32x86\3\fxcompchannel.dll
+ 2009-11-26 15:11 . 2009-01-20 10:45 20480 c:\windows\system32\spool\drivers\w32x86\3\cioum.dll
+ 2009-12-15 08:19 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
- 2009-12-15 08:19 . 2008-07-08 12:59 18296 c:\windows\system32\spmsg.dll
+ 2010-02-03 10:24 . 2009-09-23 08:41 26176 c:\windows\system32\ReinstallBackups\0018\DriverFiles\hamachi.sys
+ 2007-08-04 09:10 . 2007-08-04 09:10 95600 c:\windows\system32\NeroCo.dll
+ 2009-03-08 03:31 . 2009-12-21 19:08 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 03:31 . 2009-10-29 07:43 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-01-12 07:17 . 2010-01-12 07:17 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2010-01-12 07:17 . 2010-01-12 07:17 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll
+ 2010-01-12 07:17 . 2010-01-12 07:17 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2010-01-12 07:17 . 2010-01-12 07:17 79488 c:\windows\system32\Macromed\Shockwave 10\gtapi.dll
+ 2010-01-12 07:17 . 2010-01-12 07:17 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2010-01-12 07:17 . 2010-01-12 07:17 49152 c:\windows\system32\Macromed\Shockwave 10\BCInstallPinger.dll
+ 2009-12-04 07:21 . 2010-02-05 11:02 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-12-04 07:21 . 2009-12-04 07:21 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2006-03-02 12:00 . 2009-10-29 07:43 25600 c:\windows\system32\jsproxy.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 25600 c:\windows\system32\jsproxy.dll
+ 2006-10-03 09:55 . 2006-10-03 09:55 17408 c:\windows\system32\hpzjfw01.dll
+ 2006-11-08 15:35 . 2006-11-08 15:35 20480 c:\windows\system32\hpzisn12.dll
+ 2006-11-08 15:35 . 2006-11-08 15:35 29696 c:\windows\system32\hpzipt12.dll
+ 2006-11-08 15:35 . 2006-11-08 15:35 33280 c:\windows\system32\HPZipr12.dll
+ 2006-11-08 15:35 . 2006-11-08 15:35 53248 c:\windows\system32\HPZipm12.dll
+ 2006-11-08 15:35 . 2006-11-08 15:35 43520 c:\windows\system32\HPZinw12.dll
+ 2006-11-08 15:35 . 2006-11-08 15:35 49152 c:\windows\system32\HPZidr12.dll
+ 2007-02-02 14:38 . 2007-02-02 14:38 39424 c:\windows\system32\hpbpro.dll
+ 2007-02-02 14:38 . 2007-02-02 14:38 25600 c:\windows\system32\hpboid.dll
+ 2007-02-02 14:38 . 2007-02-02 14:38 24576 c:\windows\system32\hpbmiapi.dll
+ 2010-01-15 11:58 . 2007-07-17 04:29 59928 c:\windows\system32\fxcompchannel.dll
+ 2010-01-15 11:55 . 2007-06-27 00:43 77824 c:\windows\system32\DRVSTORE\hppasc08_45DBC46053CD10D4B3D7048F7233B11E38FB8132\hpst1522.dll
+ 2010-01-15 11:55 . 2007-07-16 21:29 26136 c:\windows\system32\DRVSTORE\hppafx08_26AFE3FFDFC9A1E8BF5C97171C279876CA3A6507\hpfxgen.sys
+ 2010-01-15 11:55 . 2007-07-16 21:29 20504 c:\windows\system32\DRVSTORE\hppafx08_26AFE3FFDFC9A1E8BF5C97171C279876CA3A6507\hpfxfax.sys
+ 2010-01-15 11:55 . 2007-07-16 21:29 31256 c:\windows\system32\DRVSTORE\hppafx08_26AFE3FFDFC9A1E8BF5C97171C279876CA3A6507\hpfx64gen.sys
+ 2010-01-15 11:55 . 2007-07-16 21:29 23064 c:\windows\system32\DRVSTORE\hppafx08_26AFE3FFDFC9A1E8BF5C97171C279876CA3A6507\hpfx64fax.sys
+ 2010-01-15 11:55 . 2007-07-16 21:29 59928 c:\windows\system32\DRVSTORE\hppafx08_26AFE3FFDFC9A1E8BF5C97171C279876CA3A6507\fxfaxchannel.dll
+ 2010-01-15 11:55 . 2007-07-16 21:29 26136 c:\windows\system32\DRVSTORE\hppaew08_EA5CD3858E865F0C729D585AFE5B45746D69AC23\hpfxgen.sys
+ 2010-01-15 11:55 . 2007-07-16 21:29 17432 c:\windows\system32\DRVSTORE\hppaew08_EA5CD3858E865F0C729D585AFE5B45746D69AC23\hpfxbulk.sys
+ 2010-01-15 11:55 . 2007-07-16 21:29 31256 c:\windows\system32\DRVSTORE\hppaew08_EA5CD3858E865F0C729D585AFE5B45746D69AC23\hpfx64gen.sys
+ 2010-01-15 11:55 . 2007-07-16 21:29 20504 c:\windows\system32\DRVSTORE\hppaew08_EA5CD3858E865F0C729D585AFE5B45746D69AC23\hpfx64bulk.sys
+ 2007-02-08 17:02 . 2007-02-08 17:02 18560 c:\windows\system32\drivers\PCASp50.sys
+ 2007-08-08 08:33 . 2007-08-08 08:33 11304 c:\windows\system32\drivers\imagedrv.sys
- 2009-12-07 15:52 . 2009-10-29 07:43 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-12-07 15:52 . 2009-12-21 19:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-03-02 12:00 . 2009-11-27 16:09 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-12-07 15:52 . 2009-12-21 19:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-12-07 15:52 . 2009-10-29 07:43 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 03:33 . 2009-10-29 07:43 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 03:33 . 2009-12-21 19:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-10 14:15 . 2009-11-27 16:09 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:15 . 2009-06-10 14:15 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2010-02-15 09:11 . 2007-02-08 20:09 49152 c:\windows\system32\AVerIO.dll
+ 2003-03-18 18:05 . 2003-03-18 18:05 89088 c:\windows\system32\atl71.dll
+ 2010-01-19 16:00 . 2010-01-19 16:00 78487 c:\windows\system32\Adobe\uninstaller.exe
+ 2009-03-19 15:15 . 2009-03-19 15:15 58736 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-03-19 15:43 . 2009-03-19 15:43 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-03-19 15:15 . 2009-03-19 15:15 52288 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2010-01-18 07:25 . 2010-01-18 07:25 65816 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2010-01-15 11:58 . 2010-01-15 11:58 70144 c:\windows\Installer\bffa0c.msi
+ 2010-01-19 15:15 . 2010-01-19 15:15 24064 c:\windows\Installer\433adee.msi
+ 2010-02-02 11:17 . 2010-02-02 11:17 22016 c:\windows\Installer\1cdfda.msi
+ 2010-02-02 11:17 . 2010-02-02 11:17 28160 c:\windows\Installer\1cdfd4.msi
+ 2010-02-02 11:16 . 2010-02-02 11:16 38400 c:\windows\Installer\1cdfc8.msi
+ 2010-02-02 11:03 . 2010-02-02 11:03 44544 c:\windows\Installer\1cdf67.msi
+ 2010-02-02 10:58 . 2010-02-02 10:58 32256 c:\windows\Installer\1cdf5c.msi
+ 2010-02-15 09:43 . 2010-02-15 09:43 22528 c:\windows\Installer\12724a06.msi
+ 2010-02-11 10:36 . 2010-02-11 10:36 25214 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A70000000000}\SC_Reader.exe
+ 2009-12-04 07:44 . 2010-02-11 13:47 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-12-04 07:44 . 2010-01-13 18:25 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-04 07:44 . 2010-02-11 13:47 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-12-04 07:44 . 2010-01-13 18:25 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-12-04 07:44 . 2010-01-13 18:25 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-12-04 07:44 . 2010-02-11 13:47 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-02 12:26 . 2010-02-02 12:26 25214 c:\windows\Installer\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1029}\ARPPRODUCTICON.exe
+ 2010-01-22 18:36 . 2009-10-29 07:43 12800 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-01-22 18:36 . 2009-10-29 07:43 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-01-22 18:36 . 2009-10-29 07:43 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2010-02-11 08:37 . 2009-11-27 17:14 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2010-02-11 08:37 . 2009-11-27 16:09 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-02-15 09:12 . 2009-12-08 08:29 81920 c:\windows\Driver Cache\AVerMedia\AVerFx2hbtv_2.0.0.126\TVRate.dll
+ 2010-01-15 11:58 . 2006-12-27 16:29 6656 c:\windows\system32\spool\drivers\w32x86\3\hpzbdi.dll
+ 2007-02-02 14:38 . 2007-02-02 14:38 7680 c:\windows\system32\hpbprops.dll
+ 2007-02-02 14:38 . 2007-02-02 14:38 7680 c:\windows\system32\hpboidps.dll
+ 2010-02-15 09:11 . 2005-04-29 02:08 3456 c:\windows\system32\AVerIO.sys
+ 2009-03-19 15:45 . 2009-03-19 15:45 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2010-01-15 10:31 . 2010-01-15 10:31 4846 c:\windows\Installer\{FF1E64D7-700D-4503-972E-50D38B38FA39}\ARPPRODUCTICON.exe
+ 2010-02-15 09:11 . 2010-02-15 09:11 3638 c:\windows\Installer\{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}\ARPPRODUCTICON.exe
+ 2010-02-11 08:37 . 2009-11-27 16:09 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2008-01-29 10:32 . 2008-01-29 10:32 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2008-01-29 10:32 . 2008-01-29 10:32 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2008-01-29 10:32 . 2008-01-29 10:32 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2009-07-12 00:12 . 2009-07-12 00:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 00:09 . 2009-07-12 00:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 00:08 . 2009-07-12 00:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2007-08-04 09:40 . 2007-08-04 09:40 972072 c:\windows\UNRecode.exe
+ 2007-03-21 20:02 . 2007-03-21 20:02 972336 c:\windows\UNNeroVision.exe
+ 2007-02-28 15:41 . 2007-02-28 15:41 972336 c:\windows\UNNeroShowTime.exe
+ 2007-08-03 11:52 . 2007-08-03 11:52 972072 c:\windows\UNNeroMediaHome.exe
+ 2007-03-20 20:22 . 2007-03-20 20:22 972336 c:\windows\UNNeroBackItUp.exe
+ 2006-03-17 14:49 . 2006-03-17 14:49 368640 c:\windows\system32\TwnLib4.dll
+ 2010-02-15 09:11 . 2008-10-08 08:31 290816 c:\windows\system32\sptlib22.dll
+ 2010-02-15 09:11 . 2009-08-18 04:38 598016 c:\windows\system32\sptlib21.dll
+ 2010-02-15 09:11 . 2009-09-05 06:47 135168 c:\windows\system32\sptlib12.dll
+ 2010-02-15 09:11 . 2009-07-03 10:38 294912 c:\windows\system32\sptlib11.dll
+ 2010-02-15 09:11 . 2009-05-26 05:56 249856 c:\windows\system32\sptlib03.dll
+ 2010-02-15 09:11 . 2009-03-24 04:59 225280 c:\windows\system32\sptlib02.dll
+ 2010-02-15 09:11 . 2009-09-04 14:25 311296 c:\windows\system32\sptlib01.dll
+ 2010-01-15 11:58 . 2008-02-01 10:13 241664 c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mc.DLL
+ 2009-12-07 16:04 . 2009-02-25 16:41 761344 c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
- 2009-12-07 16:04 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2009-12-07 16:04 . 2009-02-25 16:41 744960 c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
- 2009-12-07 16:04 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2009-12-07 16:04 . 2009-02-25 16:41 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
- 2009-12-07 16:04 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-11-26 15:11 . 2009-02-25 16:41 207872 c:\windows\system32\spool\drivers\w32x86\3\pclxl.DLL
+ 2010-01-15 11:58 . 2008-02-01 09:30 139264 c:\windows\system32\spool\drivers\w32x86\3\hpzpi5mc.dll
+ 2010-01-15 11:58 . 2008-02-01 10:00 200704 c:\windows\system32\spool\drivers\w32x86\3\hpzpe5mc.DLL
+ 2010-01-15 11:58 . 2008-02-01 09:56 455680 c:\windows\system32\spool\drivers\w32x86\3\hpzev5mc.DLL
+ 2010-01-15 11:58 . 2008-02-01 12:59 250880 c:\windows\system32\spool\drivers\w32x86\3\hpzc35mc.DLL
+ 2010-01-15 11:58 . 2008-02-01 10:13 152064 c:\windows\system32\spool\drivers\w32x86\3\hpzbr5mc.dll
+ 2010-01-15 11:58 . 2007-08-20 14:49 285184 c:\windows\system32\spool\drivers\w32x86\3\HPZBDI32.msi
+ 2009-11-26 15:11 . 2009-09-01 23:05 876544 c:\windows\system32\spool\drivers\w32x86\3\hpmur091.dll
+ 2009-11-26 15:11 . 2009-09-01 23:03 208896 c:\windows\system32\spool\drivers\w32x86\3\hpmpw081.dll
+ 2009-11-26 15:11 . 2009-09-01 23:03 249856 c:\windows\system32\spool\drivers\w32x86\3\hpmpm081.dll
+ 2009-11-26 15:11 . 2009-09-01 23:02 622592 c:\windows\system32\spool\drivers\w32x86\3\hpmdp091.dll
+ 2009-11-26 15:11 . 2009-02-25 19:00 460080 c:\windows\system32\spool\drivers\w32x86\3\HPJobCaps.dll
+ 2009-11-26 15:11 . 2009-08-04 15:18 315392 c:\windows\system32\spool\drivers\w32x86\3\hpfie091.dll
+ 2009-11-26 15:11 . 2009-02-25 18:57 135168 c:\windows\system32\spool\drivers\w32x86\3\hpcsat20.dll
+ 2009-11-26 15:02 . 2009-09-01 23:28 157184 c:\windows\system32\spool\drivers\w32x86\3\hpcpn091.dll
+ 2009-11-26 15:11 . 2009-09-01 23:20 228864 c:\windows\system32\spool\drivers\w32x86\3\hpcpe091.dll
+ 2009-11-26 15:11 . 2009-09-01 23:20 505856 c:\windows\system32\spool\drivers\w32x86\3\hpcev091.DLL
+ 2009-11-26 15:11 . 2009-02-25 19:08 671816 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2009-11-26 15:11 . 2009-09-01 23:21 276480 c:\windows\system32\spool\drivers\w32x86\3\hpcc3091.DLL
+ 2009-11-26 15:11 . 2009-05-14 16:17 311296 c:\windows\system32\spool\drivers\w32x86\3\cioum32.msi
+ 2006-03-02 12:00 . 2009-12-08 09:25 474112 c:\windows\system32\shlwapi.dll
- 2006-03-02 12:00 . 2008-04-14 07:51 474112 c:\windows\system32\shlwapi.dll
- 2006-03-02 12:00 . 2009-10-29 07:43 206848 c:\windows\system32\occache.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 206848 c:\windows\system32\occache.dll
- 2009-03-08 03:32 . 2009-10-29 07:43 594432 c:\windows\system32\msfeeds.dll
+ 2009-03-08 03:32 . 2009-12-21 19:08 594432 c:\windows\system32\msfeeds.dll
+ 2010-01-12 07:17 . 2010-01-12 07:17 136568 c:\windows\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
+ 2010-01-12 07:17 . 2010-01-12 07:17 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll
+ 2010-01-12 07:17 . 2010-01-12 07:17 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2010-01-12 07:17 . 2010-01-12 07:17 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
+ 2010-01-12 07:17 . 2010-01-12 07:17 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll
+ 2010-01-18 06:17 . 2010-01-18 06:17 742912 c:\windows\system32\Macromed\Shockwave 10\gi.dll
+ 2010-01-12 07:17 . 2010-01-12 07:17 471040 c:\windows\system32\Macromed\Shockwave 10\Control.dll
- 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2006-03-17 11:45 . 2006-03-17 11:45 802816 c:\windows\system32\imagXRA7.dll
+ 2006-03-17 11:45 . 2006-03-17 11:45 258048 c:\windows\system32\imagXR7.dll
+ 2006-03-17 11:45 . 2006-03-17 11:45 497296 c:\windows\system32\imagXpr7.dll
- 2006-03-02 12:00 . 2009-10-29 07:43 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 184320 c:\windows\system32\iepeers.dll
- 2006-03-02 12:00 . 2009-10-29 07:43 387584 c:\windows\system32\iedkcs32.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 387584 c:\windows\system32\iedkcs32.dll
+ 2006-03-02 12:00 . 2009-12-21 13:18 173056 c:\windows\system32\ie4uinit.exe
- 2006-03-02 12:00 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
+ 2006-10-03 09:55 . 2006-10-03 09:55 139264 c:\windows\system32\hpzjrd01.dll
+ 2007-04-18 15:31 . 2007-04-18 15:31 387584 c:\windows\system32\hpzjcd01.dll
+ 2010-01-15 11:54 . 2007-06-22 22:08 876544 c:\windows\system32\hpxp1522.dll
+ 2007-12-17 11:59 . 2007-12-17 11:59 245760 c:\windows\system32\HPTcpMUI.dll
+ 2007-12-17 11:57 . 2007-12-17 11:57 200704 c:\windows\system32\HPTcpMon.dll
+ 2007-12-17 11:57 . 2007-12-17 11:57 118784 c:\windows\system32\HPTcpMib.dll
+ 2010-01-15 11:54 . 2008-01-07 02:22 733184 c:\windows\system32\hpptsp03.dll
+ 2010-01-15 11:54 . 2008-01-24 05:58 327680 c:\windows\system32\hppcpr08.dll
+ 2010-01-15 11:54 . 2007-02-08 04:07 450560 c:\windows\system32\hppasc08.dll
+ 2007-04-24 09:33 . 2007-04-24 09:33 114688 c:\windows\system32\hplbdchn.dll
+ 2010-01-15 11:55 . 2007-06-22 22:08 876544 c:\windows\system32\DRVSTORE\hppasc08_45DBC46053CD10D4B3D7048F7233B11E38FB8132\hpxp1522.dll
+ 2010-01-15 11:55 . 2008-01-07 02:22 733184 c:\windows\system32\DRVSTORE\hppasc08_45DBC46053CD10D4B3D7048F7233B11E38FB8132\hpptsp03.dll
+ 2010-01-15 11:55 . 2007-02-08 04:07 450560 c:\windows\system32\DRVSTORE\hppasc08_45DBC46053CD10D4B3D7048F7233B11E38FB8132\hppasc08.dll
+ 2010-01-15 11:55 . 2007-08-31 06:52 234496 c:\windows\system32\DRVSTORE\hppafx08_26AFE3FFDFC9A1E8BF5C97171C279876CA3A6507\hppafx08_x64.dll
+ 2010-01-15 11:55 . 2007-08-31 06:52 188416 c:\windows\system32\DRVSTORE\hppafx08_26AFE3FFDFC9A1E8BF5C97171C279876CA3A6507\hppafx08.dll
+ 2010-01-15 11:55 . 2007-02-08 03:59 234496 c:\windows\system32\DRVSTORE\hppaew08_EA5CD3858E865F0C729D585AFE5B45746D69AC23\hppdew08_x64.dll
+ 2010-01-15 11:55 . 2007-02-08 03:58 188416 c:\windows\system32\DRVSTORE\hppaew08_EA5CD3858E865F0C729D585AFE5B45746D69AC23\hppcew08.dll
+ 2007-08-08 08:33 . 2007-08-08 08:33 132904 c:\windows\system32\drivers\imagesrv.sys
+ 2009-03-08 03:34 . 2009-12-21 19:08 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 03:34 . 2009-10-29 07:43 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-12-03 19:38 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
- 2009-01-07 17:20 . 2009-01-07 17:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-07 17:20 . 2009-12-08 09:25 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-03-08 03:34 . 2009-12-21 19:08 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 03:34 . 2009-10-29 07:43 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-12-07 15:52 . 2009-12-21 19:08 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-12-07 15:52 . 2009-10-29 07:43 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-12-03 19:28 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
- 2009-12-07 15:52 . 2009-10-29 07:43 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-12-07 15:52 . 2009-12-21 19:08 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 03:31 . 2009-12-21 19:08 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 03:31 . 2009-10-29 07:43 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 13:09 . 2009-12-21 19:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 13:09 . 2009-10-29 07:43 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 03:32 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 03:32 . 2009-12-21 13:18 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-02-15 09:11 . 2009-09-04 04:38 102400 c:\windows\system32\CardID.dll
+ 2009-03-19 15:43 . 2009-03-19 15:43 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-03-19 15:55 . 2009-03-19 15:55 460216 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe
+ 2009-03-19 15:46 . 2009-03-19 15:46 442368 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-03-19 15:44 . 2009-03-19 15:44 376832 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-03-19 15:15 . 2009-03-19 15:15 704000 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-03-19 15:45 . 2009-03-19 15:45 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-03-19 15:55 . 2009-03-19 15:55 202168 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-03-19 15:45 . 2009-03-19 15:45 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2010-01-15 11:59 . 2010-01-15 11:59 646656 c:\windows\Installer\bffa28.msi
+ 2010-01-15 11:59 . 2010-01-15 11:59 372224 c:\windows\Installer\bffa1c.msi
+ 2010-01-15 11:59 . 2010-01-15 11:59 811520 c:\windows\Installer\bffa16.msi
+ 2010-01-19 15:13 . 2010-01-19 15:13 836096 c:\windows\Installer\433ade9.msi
+ 2010-02-02 10:58 . 2010-02-02 10:58 424960 c:\windows\Installer\1cdf56.msi
+ 2010-02-02 10:58 . 2010-02-02 10:58 106496 c:\windows\Installer\1cdf50.msi
- 2009-12-04 07:44 . 2010-01-13 18:25 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-12-04 07:44 . 2010-02-11 13:47 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-12-04 07:44 . 2010-02-11 13:47 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2009-12-04 07:44 . 2010-01-13 18:25 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-12-04 07:44 . 2010-02-11 13:47 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2009-12-04 07:44 . 2010-01-13 18:25 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-12-04 07:44 . 2010-02-11 13:47 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2009-12-04 07:44 . 2010-01-13 18:25 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2009-12-04 07:44 . 2010-01-13 18:25 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2009-12-04 07:44 . 2010-02-11 13:47 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-22 18:36 . 2009-10-29 07:43 916480 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-01-22 18:36 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-01-22 18:36 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-01-22 18:36 . 2009-10-29 07:43 206848 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-01-22 18:36 . 2009-10-29 07:43 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-01-22 18:36 . 2009-10-29 07:43 246272 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-01-22 18:36 . 2009-10-29 07:43 184320 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-01-22 18:36 . 2009-10-29 07:43 387584 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-01-22 18:36 . 2009-10-28 14:40 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2009-12-03 19:28 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-02-15 09:12 . 2009-12-22 09:13 458752 c:\windows\Driver Cache\AVerMedia\AVerFx2hbtv_2.0.0.126\RemoveDriver.exe
+ 2010-02-15 09:12 . 2009-12-22 09:11 528384 c:\windows\Driver Cache\AVerMedia\AVerFx2hbtv_2.0.0.126\InstallDriver.exe
+ 2010-02-15 09:12 . 2009-11-25 09:05 263328 c:\windows\Driver Cache\AVerMedia\AVerFx2hbtv_2.0.0.126\AVermedia MCE Encoder x86 V3016 Setup Silent.exe
+ 2010-02-15 09:12 . 2009-12-08 08:37 437888 c:\windows\Driver Cache\AVerMedia\AVerFx2hbtv_2.0.0.126\AVerFx2hbtv.sys
+ 2008-01-29 10:32 . 2008-01-29 10:32 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
+ 2008-01-29 10:32 . 2008-01-29 10:32 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
+ 2009-07-11 19:46 . 2009-07-11 19:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 19:46 . 2009-07-11 19:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
- 2010-01-04 00:38 . 2010-01-04 00:38 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2010-02-02 10:58 . 2010-02-02 10:58 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2010-01-15 11:59 . 2010-01-15 11:59 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 1208832 c:\windows\system32\urlmon.dll
- 2006-03-02 12:00 . 2009-10-29 07:43 1208832 c:\windows\system32\urlmon.dll
+ 2010-01-15 11:58 . 2008-02-01 10:20 3461632 c:\windows\system32\spool\drivers\w32x86\3\hpzur5mc.dll
+ 2010-01-15 11:58 . 2008-02-01 09:54 3380224 c:\windows\system32\spool\drivers\w32x86\3\hpzui5mc.DLL
+ 2010-01-15 11:58 . 2008-02-01 10:27 5734912 c:\windows\system32\spool\drivers\w32x86\3\hpzst5mc.DLL
+ 2010-01-15 11:58 . 2008-02-01 08:53 1012224 c:\windows\system32\spool\drivers\w32x86\3\hpzss5mc.DLL
+ 2010-01-15 11:58 . 2008-02-01 09:30 1568256 c:\windows\system32\spool\drivers\w32x86\3\hpzls5mc.DLL
+ 2010-01-15 11:58 . 2008-02-01 10:13 1526272 c:\windows\system32\spool\drivers\w32x86\3\hpz6r5mc.DLL
+ 2010-01-15 11:58 . 2008-02-01 10:18 2669568 c:\windows\system32\spool\drivers\w32x86\3\hpz3r5mc.dll
+ 2010-01-15 11:58 . 2007-09-14 09:11 1253376 c:\windows\system32\spool\drivers\w32x86\3\HPU5SNPL.DLL
+ 2010-01-15 11:58 . 2007-09-14 09:11 1249280 c:\windows\system32\spool\drivers\w32x86\3\HPU5SNP.DLL
+ 2009-11-26 15:11 . 2009-09-01 23:07 1417216 c:\windows\system32\spool\drivers\w32x86\3\hpmux091.dll
+ 2009-11-26 15:11 . 2009-09-01 23:05 1806336 c:\windows\system32\spool\drivers\w32x86\3\hpmsn091.dll
+ 2009-11-26 15:11 . 2009-09-01 23:03 1253376 c:\windows\system32\spool\drivers\w32x86\3\hpmsl091.dll
+ 2009-11-26 15:11 . 2009-09-01 23:13 3717632 c:\windows\system32\spool\drivers\w32x86\3\hpcur091.dll
+ 2009-11-26 15:11 . 2009-09-01 23:20 3643904 c:\windows\system32\spool\drivers\w32x86\3\hpcui091.DLL
+ 2009-11-26 15:11 . 2009-09-01 23:14 4071424 c:\windows\system32\spool\drivers\w32x86\3\hpcst091.dll
+ 2009-11-26 15:11 . 2009-09-01 23:16 1015808 c:\windows\system32\spool\drivers\w32x86\3\hpcss091.dll
+ 2009-11-26 15:11 . 2009-09-01 23:20 1650176 c:\windows\system32\spool\drivers\w32x86\3\hpcls091.DLL
+ 2009-11-26 15:11 . 2009-09-01 23:20 2212352 c:\windows\system32\spool\drivers\w32x86\3\hpc6r091.dll
+ 2009-09-01 23:37 . 2009-11-26 15:09 3189760 c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.DLL
+ 2006-03-02 12:00 . 2009-12-21 19:08 5942784 c:\windows\system32\mshtml.dll
+ 2010-01-12 07:17 . 2010-01-12 07:17 1975408 c:\windows\system32\Macromed\Shockwave 10\gt.exe
+ 2010-01-12 07:17 . 2010-01-12 07:17 1490944 c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2006-03-17 11:45 . 2006-03-17 11:45 1757184 c:\windows\system32\imagX7.dll
+ 2009-03-08 03:32 . 2009-12-21 19:08 1985536 c:\windows\system32\iertutil.dll
- 2009-03-08 03:32 . 2009-10-29 07:43 1985536 c:\windows\system32\iertutil.dll
+ 2009-12-03 18:14 . 2010-02-16 09:26 2147904 c:\windows\system32\FNTCACHE.DAT
- 2009-03-08 03:34 . 2009-10-29 07:43 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 03:34 . 2009-12-21 19:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-03 19:11 . 2009-11-27 17:14 1294336 c:\windows\system32\dllcache\quartz.dll
+ 2009-12-03 19:33 . 2009-12-09 10:11 2191360 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-12-03 19:33 . 2009-08-04 21:59 2191360 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-12-03 19:33 . 2009-08-04 17:29 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-12-03 19:33 . 2009-12-09 10:11 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-10 18:09 . 2009-08-04 17:29 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-10 18:09 . 2009-12-09 10:11 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-12-03 19:33 . 2009-08-04 17:29 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-12-03 19:33 . 2009-12-09 10:11 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-10-19 23:53 . 2009-12-21 19:08 5942784 c:\windows\system32\dllcache\mshtml.dll
- 2009-12-07 15:52 . 2009-10-29 07:43 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-12-07 15:52 . 2009-12-21 19:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-02-02 10:58 . 2006-03-31 11:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2010-02-02 12:20 . 2005-12-05 17:09 2323664 c:\windows\system32\d3dx9_28.dll
+ 2009-03-19 15:20 . 2009-03-19 15:20 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-03-19 15:15 . 2009-03-19 15:15 1145896 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-03-19 15:24 . 2009-03-19 15:24 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2010-01-15 10:31 . 2010-01-15 10:31 1431040 c:\windows\Installer\725770.msi
+ 2010-02-11 10:36 . 2010-02-11 10:36 2727936 c:\windows\Installer\708dce.msi
+ 2010-02-02 12:25 . 2010-02-02 12:25 7825408 c:\windows\Installer\2fedc5.msi
+ 2010-02-02 11:17 . 2010-02-02 11:17 4096000 c:\windows\Installer\1cdfe0.msi
+ 2010-02-02 11:16 . 2010-02-02 11:16 3592704 c:\windows\Installer\1cdfce.msi
+ 2010-02-02 11:16 . 2010-02-02 11:16 3593728 c:\windows\Installer\1cdfc2.msi
+ 2010-02-02 11:15 . 2010-02-02 11:15 3593216 c:\windows\Installer\1cdfbc.msi
+ 2010-02-02 11:15 . 2010-02-02 11:15 3592192 c:\windows\Installer\1cdfb6.msi
+ 2010-02-02 11:14 . 2010-02-02 11:14 3592192 c:\windows\Installer\1cdfb0.msi
+ 2010-02-02 11:14 . 2010-02-02 11:14 3592192 c:\windows\Installer\1cdfaa.msi
+ 2010-02-02 11:13 . 2010-02-02 11:13 3602432 c:\windows\Installer\1cdfa4.msi
+ 2010-02-02 11:12 . 2010-02-02 11:12 3640320 c:\windows\Installer\1cdf9e.msi
+ 2010-02-02 11:11 . 2010-02-02 11:11 3641344 c:\windows\Installer\1cdf97.msi
+ 2010-02-02 11:11 . 2010-02-02 11:11 3643904 c:\windows\Installer\1cdf91.msi
+ 2010-02-02 11:10 . 2010-02-02 11:10 3676672 c:\windows\Installer\1cdf8b.msi
+ 2010-02-02 11:09 . 2010-02-02 11:09 3768832 c:\windows\Installer\1cdf85.msi
+ 2010-02-02 11:07 . 2010-02-02 11:07 3645440 c:\windows\Installer\1cdf7f.msi
+ 2010-02-02 11:06 . 2010-02-02 11:06 3645440 c:\windows\Installer\1cdf79.msi
+ 2010-02-02 11:05 . 2010-02-02 11:05 3613184 c:\windows\Installer\1cdf73.msi
+ 2010-02-02 11:04 . 2010-02-02 11:04 3666944 c:\windows\Installer\1cdf6d.msi
+ 2010-02-15 09:11 . 2010-02-15 09:11 4624896 c:\windows\Installer\1254fdd6.msi
+ 2010-01-14 20:26 . 2010-01-14 20:26 5027840 c:\windows\Installer\120ea2a.msp
+ 2009-12-04 07:44 . 2010-02-11 13:47 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-12-04 07:44 . 2010-01-13 18:25 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-12-04 07:44 . 2010-02-11 13:47 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2009-12-04 07:44 . 2010-01-13 18:25 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-01-22 18:36 . 2009-10-29 07:43 1208832 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-01-22 18:36 . 2009-10-29 07:43 5940736 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-01-22 18:36 . 2009-10-29 07:43 1985536 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2009-12-03 19:33 . 2009-12-09 10:11 2191360 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-12-03 19:33 . 2009-08-04 21:59 2191360 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-12-03 19:33 . 2009-12-09 10:11 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-12-03 19:33 . 2009-08-04 17:29 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 18:09 . 2009-12-09 10:11 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-10 18:09 . 2009-08-04 17:29 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-12-03 19:33 . 2009-08-04 17:29 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-12-03 19:33 . 2009-12-09 10:11 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-02-15 09:12 . 2009-05-08 02:10 2281187 c:\windows\Driver Cache\AVerMedia\AVerFx2hbtv_2.0.0.126\AVerMedia Media Center Plug-ins_V2.0.7.0_Install.exe
+ 2009-03-08 03:39 . 2009-12-21 19:08 11070464 c:\windows\system32\ieframe.dll
+ 2009-12-07 15:52 . 2009-12-21 19:08 11070464 c:\windows\system32\dllcache\ieframe.dll
+ 2010-01-26 08:23 . 2010-01-26 08:23 15710720 c:\windows\Installer\25272.msp
+ 2010-01-22 18:36 . 2009-10-29 07:43 11069952 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-19 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2008-06-24 49928]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-2-15 155648]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-2-15 651264]
Touch Monitor.lnk - c:\program files\MicroTouch\MT 7\TwMonitor.exe [2010-1-13 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-24 16:31 95496 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Pavel\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12.1.2010 12:15 114768]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12.5.2008 18:04 13480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.1.2010 12:15 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [15.2.2010 10:11 348160]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [24.6.2008 17:07 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [3.12.2009 19:49 62320]
R2 TwDrvService;MT7 Serial Search Service;c:\program files\MicroTouch\MT 7\TwService.exe [13.1.2010 11:56 131072]
R3 TwBus;MicroTouch Serial Bus Enumerator;c:\windows\system32\drivers\TwBus.sys [13.1.2010 11:56 12240]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2009 9:18 691696]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [15.2.2010 10:11 393216]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2010 10:42 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [3.12.2009 19:49 45424]
S2 TwRegSvc;MT7 Registry Service;c:\program files\MicroTouch\MT 7\TwRegSvc.exe [13.1.2010 11:56 32768]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [15.2.2010 10:12 437888]
S3 TwTouch;MicroTouch Touch Screen;c:\windows\system32\drivers\TwTouch.sys [13.1.2010 11:53 84017]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 13:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 09:42]

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 09:42]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: nvEPLMedia - hxxp://192.168.0.100/nvEPLMedia.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Counter-Strike: Source - d:\counter-strike\Counter-Strike Source\Uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 10:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1540)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\vti.dll
c:\windows\system32\MPRAPI.dll

- - - - - - - > 'lsass.exe'(1596)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Celkový čas: 2010-02-16 10:44:43
ComboFix-quarantined-files.txt 2010-02-16 09:44
ComboFix2.txt 2010-01-14 16:13
ComboFix3.txt 2010-01-13 14:59

Před spuštěním: 1 875 615 744
Po spuštění: 4 057 354 240

- - End Of File - - C72EB6C15344E0A6AAD1945BCC007F70
Nahoru
selick
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 16 úno 2010 10:47

Re: Prosim o kontrolu logu z combofix a rsit

#2 Příspěvek od selick »

a jeste log z rsit diky


Logfile of random's system information tool 1.06 (written by random/random)
Run by Pavel at 2010-02-16 12:36:54
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (18%) free of 22 GB
Total RAM: 1014 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:18, on 16.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\MicroTouch\MT 7\TwMonitor.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRAM FILES\MICROTOUCH\MT 7\TwService.exe
C:\PROGRAM FILES\MICROTOUCH\MT 7\TwRegSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT (1).exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Touch Monitor.lnk = C:\Program Files\MicroTouch\MT 7\TwMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: nvEPLMedia - http://192.168.0.100/nvEPLMedia.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cross-point.local
O17 - HKLM\Software\..\Telephony: DomainName = cross-point.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cross-point.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: MT7 Serial Search Service (TwDrvService) - 3M Touch Systems, Inc. - C:\PROGRAM FILES\MICROTOUCH\MT 7\TwService.exe
O23 - Service: MT7 Registry Service (TwRegSvc) - Unknown owner - C:\PROGRAM FILES\MICROTOUCH\MT 7\TwRegSvc.exe

--
End of file - 10336 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-15 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-15 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-15 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2009-03-13 68976]
"LENOVO.TPFNF6R"=C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [2009-08-20 62752]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"PSQLLauncher"=C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2008-06-24 49928]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-14 1541416]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-01-19 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
Touch Monitor.lnk - C:\Program Files\MicroTouch\MT 7\TwMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2008-06-24 95496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Documents and Settings\Pavel\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Pavel\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Documents and Settings\Pavel\Plocha\pavel\Magic.the.Gathering.and.Expansions\magicg\Magic\Manalink.exe"="C:\Documents and Settings\Pavel\Plocha\pavel\Magic.the.Gathering.and.Expansions\magicg\Magic\Manalink.exe:*:Disabled:manalink"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\Documents and Settings\Pavel\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Pavel\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

======List of files/folders created in the last 1 months======

2010-02-16 12:36:57 ----D---- C:\Program Files\trend micro
2010-02-16 12:36:54 ----D---- C:\rsit
2010-02-16 10:44:43 ----A---- C:\ComboFix.txt
2010-02-15 10:13:32 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-02-15 10:13:32 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-02-15 10:13:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVerTV
2010-02-15 10:12:53 ----A---- C:\WINDOWS\system32\TVRate.dll
2010-02-15 10:11:35 ----A---- C:\WINDOWS\system32\CardID.dll
2010-02-15 10:11:35 ----A---- C:\WINDOWS\system32\AVerIO.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib22.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib21.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib12.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib11.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib03.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib02.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib01.dll
2010-02-15 10:10:56 ----D---- C:\Program Files\Common Files\AVerMedia
2010-02-15 10:10:56 ----D---- C:\Program Files\AVerMedia
2010-02-11 14:48:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 14:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 14:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 14:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 14:48:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 14:48:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 14:47:18 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 14:47:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 14:46:48 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-05 18:26:45 ----D---- C:\Program Files\futurebit software
2010-02-05 18:26:39 ----A---- C:\WINDOWS\uninst.exe
2010-02-03 16:32:01 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-03 11:24:52 ----D---- C:\Program Files\Hamachi
2010-02-02 13:20:01 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-02-02 12:23:12 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Nero
2010-02-02 12:03:34 ----D---- C:\Program Files\Nero
2010-02-02 12:03:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-02-02 12:03:08 ----D---- C:\Program Files\Common Files\Nero
2010-02-02 11:58:54 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-01-28 09:51:44 ----D---- C:\Program Files\Zoner
2010-01-26 18:34:07 ----D---- C:\Program Files\Counter-Strike Source
2010-01-26 15:19:50 ----D---- C:\Documents and Settings\Pavel\Data aplikací\uTorrent
2010-01-20 14:35:59 ----A---- C:\WINDOWS\unslive.exe
2010-01-20 14:35:58 ----D---- C:\Program Files\Sclive
2010-01-20 14:35:55 ----D---- C:\tape-indices
2010-01-19 16:59:49 ----A---- C:\WINDOWS\DelMR.bat
2010-01-19 16:55:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2010-01-19 16:55:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-01-19 16:55:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-01-19 16:44:23 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Google
2010-01-19 16:15:06 ----D---- C:\Program Files\Google
2010-01-19 16:15:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-01-19 16:14:53 ----D---- C:\WINDOWS\system32\Adobe
2010-01-18 12:08:54 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Miranda
2010-01-18 12:08:35 ----D---- C:\Program Files\Miranda IM

======List of files/folders modified in the last 1 months======

2010-02-16 12:36:57 ----RD---- C:\Program Files
2010-02-16 12:04:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-16 11:41:42 ----D---- C:\WINDOWS\Temp
2010-02-16 11:40:14 ----SHD---- C:\WINDOWS\CSC
2010-02-16 11:24:42 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Skype
2010-02-16 10:44:45 ----AD---- C:\Qoobox
2010-02-16 10:44:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-16 10:43:05 ----D---- C:\WINDOWS
2010-02-16 10:43:05 ----A---- C:\WINDOWS\system.ini
2010-02-16 10:42:17 ----D---- C:\WINDOWS\system32
2010-02-16 10:41:12 ----D---- C:\WINDOWS\system32\drivers
2010-02-16 10:41:12 ----D---- C:\WINDOWS\AppPatch
2010-02-16 10:41:05 ----D---- C:\Program Files\Common Files
2010-02-16 10:37:02 ----D---- C:\WINDOWS\Prefetch
2010-02-16 10:33:10 ----D---- C:\WINDOWS\security
2010-02-16 08:52:07 ----D---- C:\Documents and Settings\Pavel\Data aplikací\skypePM
2010-02-15 10:43:06 ----SHD---- C:\WINDOWS\Installer
2010-02-15 10:43:01 ----SD---- C:\WINDOWS\Tasks
2010-02-15 10:15:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-15 10:13:28 ----HD---- C:\WINDOWS\inf
2010-02-15 10:13:09 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-15 10:13:04 ----D---- C:\Documents and Settings
2010-02-15 10:12:52 ----D---- C:\WINDOWS\Driver Cache
2010-02-15 10:10:59 ----RSD---- C:\WINDOWS\Fonts
2010-02-11 14:48:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-11 14:48:40 ----A---- C:\WINDOWS\imsins.BAK
2010-02-11 14:47:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-11 11:36:30 ----D---- C:\Documents and Settings\Pavel\Data aplikací\AdobeUM
2010-02-11 11:36:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-11 11:34:18 ----D---- C:\Program Files\Adobe
2010-02-09 23:23:49 ----D---- C:\Documents and Settings\Pavel\Data aplikací\vlc
2010-02-07 16:53:14 ----A---- C:\debug.txt
2010-02-03 11:32:46 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Hamachi
2010-02-03 11:24:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-02 13:20:06 ----D---- C:\WINDOWS\system32\DirectX
2010-02-02 11:58:28 ----D---- C:\WINDOWS\WinSxS
2010-02-02 11:58:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-01 18:37:38 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-28 09:54:47 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Zoner
2010-01-26 18:44:57 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-22 19:36:11 ----D---- C:\Program Files\Internet Explorer
2010-01-22 19:35:59 ----D---- C:\WINDOWS\ie8updates
2010-01-22 19:35:33 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-19 17:01:34 ----D---- C:\WINDOWS\system32\Macromed
2010-01-19 17:00:13 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Teleca
2010-01-19 17:00:06 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-19 16:59:50 ----D---- C:\Program Files\Common Files\Teleca Shared
2010-01-19 16:56:52 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Adobe
2010-01-18 12:05:58 ----D---- C:\Program Files\QIP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2009-08-10 13952]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2003-07-03 11344]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw5x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-09-15 5977216]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-07-14 212656]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-01-30 50576]
R3 TwBus;MicroTouch Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\TwBus.sys [2006-03-22 12240]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys [2009-12-08 437888]
S3 ayer6oed;ayer6oed; C:\WINDOWS\system32\drivers\ayer6oed.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-06-21 45984]
S3 catchme;catchme; \??\C:\DOCUME~1\Pavel\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2007-02-08 18560]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-12-12 25984]
S3 TwTouch;MicroTouch Touch Screen; C:\WINDOWS\system32\DRIVERS\TwTouch.sys [2009-01-09 84017]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2009-09-24 475220]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-09-23 348160]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-04-09 393216]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-09-21 858384]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2003-07-03 57344]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-09-21 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-09-21 954368]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TwDrvService;MT7 Serial Search Service; C:\PROGRAM FILES\MICROTOUCH\MT 7\TwService.exe [2006-10-23 131072]
R2 TwRegSvc;MT7 Registry Service; C:\PROGRAM FILES\MICROTOUCH\MT 7\TwRegSvc.exe [2008-02-20 32768]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-23 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-19 182768]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosim o kontrolu logu z combofix a rsit

#3 Příspěvek od motji »

Dobré ranko :)

:!: Doinstalujte firewall

:arrow: Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
selick
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 16 úno 2010 10:47

Log z AVPtool

#4 Příspěvek od selick »

Dobry den, zde je log

Autoscan: completed 24 minutes ago (events: 26, objects: 612406, time: 03:58:47)
17.2.2010 9:11:36 Task started
17.2.2010 9:43:11 Detected: Trojan-GameThief.Win32.Magania.crwg C:\Qoobox\Quarantine\C\8xcrbho6.exe.vir
17.2.2010 9:43:11 Detected: Trojan-GameThief.Win32.Magania.crwg C:\Qoobox\Quarantine\D\8xcrbho6.exe.vir
17.2.2010 9:43:11 Untreated: Trojan-GameThief.Win32.Magania.crwg C:\Qoobox\Quarantine\C\8xcrbho6.exe.vir Postponed
17.2.2010 9:43:11 Untreated: Trojan-GameThief.Win32.Magania.crwg C:\Qoobox\Quarantine\D\8xcrbho6.exe.vir Postponed
17.2.2010 9:43:12 Detected: Trojan-GameThief.Win32.Magania.crwg C:\Qoobox\Quarantine\D\av2.zip/Qoobox/Quarantine/D/8xcrbho6.exe.vir
17.2.2010 9:43:12 Untreated: Trojan-GameThief.Win32.Magania.crwg C:\Qoobox\Quarantine\D\av2.zip/Qoobox/Quarantine/D/8xcrbho6.exe.vir Postponed
17.2.2010 9:44:44 Detected: Trojan-GameThief.Win32.Magania.crwg C:\System Volume Information\_restore{FB3364AC-1396-4E61-9BCA-CD9AC542A9AB}\RP117\A0029825.exe
17.2.2010 9:44:44 Untreated: Trojan-GameThief.Win32.Magania.crwg C:\System Volume Information\_restore{FB3364AC-1396-4E61-9BCA-CD9AC542A9AB}\RP117\A0029825.exe Postponed
17.2.2010 10:33:42 Detected: Trojan-GameThief.Win32.Magania.crwg D:\System Volume Information\_restore{FB3364AC-1396-4E61-9BCA-CD9AC542A9AB}\RP117\A0029827.exe
17.2.2010 10:33:42 Untreated: Trojan-GameThief.Win32.Magania.crwg D:\System Volume Information\_restore{FB3364AC-1396-4E61-9BCA-CD9AC542A9AB}\RP117\A0029827.exe Postponed
17.2.2010 11:41:39 Detected: Trojan-GameThief.Win32.Magania.crmm F:\e9naq.exe
17.2.2010 11:41:40 Untreated: Trojan-GameThief.Win32.Magania.crmm F:\e9naq.exe Postponed
17.2.2010 11:49:58 Detected: Net-Worm.Win32.Kido.ih F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
17.2.2010 11:49:58 Untreated: Net-Worm.Win32.Kido.ih F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Postponed
17.2.2010 11:55:07 Detected: Trojan-GameThief.Win32.Magania.cbzd F:\System Volume Information\_restore{6334A415-77F9-408E-B818-0BDE2BB802CF}\RP55\A0049818.exe
17.2.2010 11:55:07 Detected: Trojan-GameThief.Win32.Magania.cbzd F:\System Volume Information\_restore{288162FC-4255-4DAF-AC4F-FAAEFD8C00B6}\RP84\A0030229.exe
17.2.2010 11:55:07 Untreated: Trojan-GameThief.Win32.Magania.cbzd F:\System Volume Information\_restore{288162FC-4255-4DAF-AC4F-FAAEFD8C00B6}\RP84\A0030229.exe Postponed
17.2.2010 11:55:07 Untreated: Trojan-GameThief.Win32.Magania.cbzd F:\System Volume Information\_restore{6334A415-77F9-408E-B818-0BDE2BB802CF}\RP55\A0049818.exe Postponed
17.2.2010 11:55:08 Detected: Trojan-GameThief.Win32.Magania.crkx F:\System Volume Information\_restore{65D2B499-00F6-4134-A298-8BE8A58EBB77}\RP38\A0003332.inf
17.2.2010 11:55:08 Untreated: Trojan-GameThief.Win32.Magania.crkx F:\System Volume Information\_restore{65D2B499-00F6-4134-A298-8BE8A58EBB77}\RP38\A0003332.inf Postponed
17.2.2010 12:43:52 Detected: Trojan-GameThief.Win32.Magania.crmm F:\System Volume Information\_restore{FB3364AC-1396-4E61-9BCA-CD9AC542A9AB}\RP118\A0031803.exe
17.2.2010 12:43:52 Untreated: Trojan-GameThief.Win32.Magania.crmm F:\System Volume Information\_restore{FB3364AC-1396-4E61-9BCA-CD9AC542A9AB}\RP118\A0031803.exe Postponed
17.2.2010 12:43:52 Detected: Trojan-GameThief.Win32.Magania.crmm F:\System Volume Information\_restore{FB3364AC-1396-4E61-9BCA-CD9AC542A9AB}\RP118\A0031803.exe
17.2.2010 13:10:22 Deleted: Trojan-GameThief.Win32.Magania.crmm F:\System Volume Information\_restore{FB3364AC-1396-4E61-9BCA-CD9AC542A9AB}\RP118\A0031803.exe
17.2.2010 13:10:23 Task completed
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosim o kontrolu logu z combofix a rsit

#5 Příspěvek od motji »

:arrow: Tento soubor znáte?
c:\windows\DelMR.bat

Co je jednotka D, F?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
selick
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 16 úno 2010 10:47

Re: Prosim o kontrolu logu z combofix a rsit

#6 Příspěvek od selick »

Dobry den,
ten soubor mi nic nerika.
Jednotka D je partion na disku F byl disk externi
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosim o kontrolu logu z combofix a rsit

#7 Příspěvek od motji »

Najděte c:\windows\DelMR.bat
-Klikněte na soubor pravým tl. myši - otevřít jako - otevřít v notepadu - text vložte zde :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
selick
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 16 úno 2010 10:47

Re: Prosim o kontrolu logu z combofix a rsit

#8 Příspěvek od selick »

tak zde je obsah myslim ze je to pozustatek po jednom softiku

rmdir /s /q "C:\Program Files\Intuwave\Shared\mRouterRuntime"
rmdir /q "C:\Program Files\Intuwave\Shared"
rmdir /q "C:\Program Files\Intuwave"
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosim o kontrolu logu z combofix a rsit

#9 Příspěvek od motji »

Takže smažu :)
:arrow: Zapojte do pc všechny usb klíče, flashky...co používáte

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
c:\windows\DelMR.bat
F:\e9naq.exe 

Folder::
C:\recycler
D:\recycler
e:\recycler
f:\recycler
g:\recycler
h:\recycler
I:\recycler
C:\resycled
D:\resycled
e:\resycled
f:\resycled
g:\resycled
h:\resycled
I:\resycled
c:\$recycle.bin
d:\$recycle.bin
e:\$recycle.bin
f:\$recycle.bin
g:\$recycle.bin
h:\$recycle.bin
I:\$recycle.bin

Extra::

DDS::
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


:arrow: Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt


:arrow: můžu vědět, proč jste spouštěl combofix 3x? jednak se má combofix používat, jen pokud to umíte, a když ho použijete vícekrát, zahladíte stopy v registrech. Navíc maže jen co má v databázi, takže pokud do něj neumíte psát skripty, tak je zbytečné ho spouštět vícekrát :roll:
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
selick
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 16 úno 2010 10:47

Re: Prosim o kontrolu logu z combofix a rsit

#10 Příspěvek od selick »

Zde tedy log z combofixu.
Spustel jsem ho drive asi pred mesicem kvuli odstraneni autorun.inf haveti vim ze krapet riskuji ale taky toto docela dobre odstranuje pokud jsem vam timto zkomplikoval praci omlouvam se priste rovnou za odborniky :wink:

ComboFix 10-02-16.03 - Pavel 17.02.2010 16:47:17.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.518 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100217-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\DelMR.bat"
"F:\e9naq.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\recycler
c:\windows\DelMR.bat
D:\recycler
f:\recycler
g:\recycler

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-17 do 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-17 08:10 . 2010-02-17 08:10 -------- d-----w- c:\program files\CleanUp!
2010-02-16 11:36 . 2010-02-16 11:37 -------- d-----w- c:\program files\trend micro
2010-02-16 11:36 . 2010-02-16 11:37 -------- d-----w- C:\rsit
2010-02-15 09:15 . 2008-04-13 23:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-02-15 09:15 . 2008-04-13 23:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-02-15 09:15 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-02-15 09:15 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-02-15 09:15 . 2008-04-13 23:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-02-15 09:15 . 2008-04-13 23:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-02-15 09:14 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-02-15 09:14 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-02-15 09:14 . 2008-04-13 23:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-02-15 09:14 . 2008-04-13 23:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-02-15 09:14 . 2008-04-13 23:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-02-15 09:14 . 2008-04-13 23:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-02-15 09:14 . 2008-04-13 23:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-02-15 09:14 . 2008-04-13 23:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-02-15 09:14 . 2008-04-13 23:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-02-15 09:14 . 2008-04-13 23:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-02-15 09:13 . 2008-04-14 07:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-02-15 09:13 . 2008-04-14 07:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-02-15 09:13 . 2008-04-14 07:51 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-02-15 09:13 . 2008-04-14 07:51 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-02-15 09:13 . 2008-04-13 23:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-02-15 09:13 . 2008-04-13 23:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-02-15 09:13 . 2010-02-15 09:13 -------- d-----w- c:\documents and settings\user\LOCALS~1
2010-02-15 09:13 . 2010-02-15 09:13 -------- d-----w- c:\documents and settings\user
2010-02-15 09:10 . 2010-02-15 09:11 -------- d-----w- c:\program files\Common Files\AVerMedia
2010-02-11 08:37 . 2009-12-14 07:10 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-02-11 08:37 . 2009-11-27 17:14 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-02-11 08:37 . 2009-11-27 16:09 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-02-11 08:37 . 2009-11-27 16:09 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-02-11 08:37 . 2009-11-27 16:09 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2010-02-11 08:37 . 2009-12-17 07:42 343552 -c----w- c:\windows\system32\dllcache\mspaint.exe
2010-02-05 17:26 . 2010-02-05 17:26 -------- d-----w- c:\program files\futurebit software
2010-02-05 17:26 . 1998-02-06 21:37 299520 ----a-w- c:\windows\uninst.exe
2010-02-03 10:24 . 2010-02-03 10:25 -------- d-----w- c:\program files\Hamachi
2010-02-02 11:03 . 2010-02-02 12:21 -------- d-----w- c:\program files\Nero
2010-02-02 11:03 . 2010-02-02 12:25 -------- d-----w- c:\program files\Common Files\Nero
2010-01-28 08:51 . 2010-01-28 08:51 -------- d-----w- c:\program files\Zoner
2010-01-26 17:34 . 2010-01-26 17:34 -------- d-----w- c:\program files\Counter-Strike Source
2010-01-20 13:35 . 2010-01-20 13:35 36864 ----a-w- c:\windows\unslive.exe
2010-01-20 13:35 . 2010-01-20 13:40 -------- d-----w- c:\program files\Sclive
2010-01-20 13:35 . 2010-01-20 13:35 -------- d-----w- C:\tape-indices
2010-01-19 15:15 . 2010-02-15 09:42 -------- d-----w- c:\program files\Google
2010-01-19 15:14 . 2010-01-19 16:00 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 09:13 . 2009-12-03 18:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-15 09:12 . 2010-02-15 09:10 -------- d-----w- c:\program files\AVerMedia
2010-02-03 10:24 . 2010-01-12 14:42 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-01-26 17:44 . 2009-12-09 11:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 15:59 . 2010-01-04 00:38 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-01-18 11:08 . 2010-01-18 11:08 -------- d-----w- c:\program files\Miranda IM
2010-01-18 11:05 . 2009-12-04 15:53 -------- d-----w- c:\program files\QIP
2010-01-15 18:27 . 2010-01-15 18:27 -------- d-----w- c:\program files\VideoLAN
2010-01-15 12:00 . 2010-01-15 11:54 160564 ----a-w- c:\windows\hppins08.dat
2010-01-15 11:59 . 2010-01-15 11:59 -------- d-----w- c:\program files\Common Files\HP
2010-01-15 11:59 . 2010-01-15 11:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-01-15 11:59 . 2010-01-15 11:59 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-15 11:55 . 2010-01-15 11:55 -------- d-----w- c:\program files\HP
2010-01-15 10:31 . 2010-01-15 10:31 -------- d-----w- c:\program files\Common Files\Zeepe Framework 7
2010-01-15 10:30 . 2010-01-12 10:55 -------- d-----w- c:\program files\Novatel Wireless
2010-01-14 16:02 . 2010-01-14 16:03 390144 ----a-w- c:\windows\system32\CF27615.exe
2010-01-14 16:02 . 2010-01-14 16:02 390144 ----a-w- c:\windows\system32\CF27504.exe
2010-01-14 16:01 . 2010-01-14 16:01 390144 ----a-w- c:\windows\system32\CF27269.exe
2010-01-14 16:00 . 2010-01-14 16:00 390144 ----a-w- c:\windows\system32\CF27096.exe
2010-01-13 18:19 . 2010-01-13 18:19 -------- d-----w- c:\program files\Common Files\ThinkVantage Fingerprint Software
2010-01-13 18:19 . 2009-12-07 16:28 -------- d-----w- c:\program files\RSA SecurID Token Common
2010-01-13 18:19 . 2010-01-13 18:19 -------- d-----w- c:\program files\Common Files\SPBA
2010-01-13 18:19 . 2009-12-07 16:27 -------- d-----w- c:\program files\ThinkVantage Fingerprint Software
2010-01-13 18:13 . 2009-12-07 15:36 -------- d-----w- c:\program files\ThinkPad
2010-01-13 18:12 . 2009-12-03 18:12 -------- d-----w- c:\program files\Lenovo
2010-01-13 18:12 . 2010-01-13 18:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-01-13 18:12 . 2010-01-13 18:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-13 18:11 . 2010-01-13 18:11 -------- d-----w- c:\program files\Synaptics
2010-01-13 14:44 . 2010-01-13 14:44 390144 ----a-w- c:\windows\system32\CF24987.exe
2010-01-13 11:02 . 2006-03-02 12:00 95892 ----a-w- c:\windows\system32\perfc005.dat
2010-01-13 11:02 . 2006-03-02 12:00 475970 ----a-w- c:\windows\system32\perfh005.dat
2010-01-13 10:56 . 2010-01-13 10:56 -------- d-----w- c:\program files\MicroTouch
2010-01-12 15:13 . 2010-01-12 15:13 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-12 11:15 . 2010-01-12 11:15 -------- d-----w- c:\program files\Alwil Software
2010-01-12 09:18 . 2010-01-12 08:45 -------- d-----w- c:\program files\OpenVPN
2010-01-11 09:23 . 2010-01-11 09:23 -------- d-----w- c:\program files\MSXML 4.0
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 10:03 . 2009-12-29 09:27 -------- d-----w- c:\program files\Full Tilt Poker.Net
2009-12-23 08:35 . 2009-12-08 09:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-23 08:33 . 2009-12-23 08:33 -------- d-----w- c:\program files\Adobe Media Player
2009-12-23 08:30 . 2009-12-23 08:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-23 08:25 . 2009-12-23 08:25 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-23 08:19 . 2009-12-23 08:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-23 08:18 . 2009-12-23 08:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2009-12-03 17:45 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 23:48 . 2009-12-11 23:48 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-12-09 12:48 . 2009-12-09 12:48 2617568 ----a-w- C:\TeamViewer_Setup.exe
2009-12-09 10:11 . 2006-03-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 09:07 . 2009-12-08 09:07 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-08 08:37 . 2010-02-15 09:12 437888 ----a-w- c:\windows\system32\drivers\AVerFx2hbtv.sys
2009-12-08 08:29 . 2010-02-15 09:12 81920 ----a-w- c:\windows\system32\TVRate.dll
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 11:35 . 2009-12-03 17:49 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-04 11:35 . 2009-12-03 17:49 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-04 11:33 . 2009-12-03 17:49 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-04 09:46 . 2009-12-04 09:46 1286896 ----a-w- c:\windows\qfe299.tmp
2009-12-03 22:18 . 2009-12-03 22:18 1286896 ----a-w- c:\windows\qfe4.tmp
2009-12-03 17:46 . 2009-12-03 17:46 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-27 17:14 . 2006-03-02 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2006-03-02 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2010-01-12 11:15 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2010-01-12 11:15 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2010-01-12 11:15 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2010-01-12 11:15 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2010-01-12 11:15 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2010-01-12 11:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-02-16_09.43.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-17 15:43 . 2010-02-17 15:43 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-19 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2008-06-24 49928]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-2-15 155648]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-2-15 651264]
Touch Monitor.lnk - c:\program files\MicroTouch\MT 7\TwMonitor.exe [2010-1-13 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-24 16:31 95496 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Pavel\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12.1.2010 12:15 114768]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12.5.2008 18:04 13480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.1.2010 12:15 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [15.2.2010 10:11 348160]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [24.6.2008 17:07 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [3.12.2009 19:49 62320]
R2 TwDrvService;MT7 Serial Search Service;c:\program files\MicroTouch\MT 7\TwService.exe [13.1.2010 11:56 131072]
R3 TwBus;MicroTouch Serial Bus Enumerator;c:\windows\system32\drivers\TwBus.sys [13.1.2010 11:56 12240]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2009 9:18 691696]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [15.2.2010 10:11 393216]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2010 10:42 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [3.12.2009 19:49 45424]
S2 TwRegSvc;MT7 Registry Service;c:\program files\MicroTouch\MT 7\TwRegSvc.exe [13.1.2010 11:56 32768]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [15.2.2010 10:12 437888]
S3 TwTouch;MicroTouch Touch Screen;c:\windows\system32\drivers\TwTouch.sys [13.1.2010 11:53 84017]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 13:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 09:42]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 09:42]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: nvEPLMedia - hxxp://192.168.0.100/nvEPLMedia.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 16:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\vti.dll

- - - - - - - > 'lsass.exe'(1584)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Celkový čas: 2010-02-17 16:54:30
ComboFix-quarantined-files.txt 2010-02-17 15:54
ComboFix2.txt 2010-02-16 09:44
ComboFix3.txt 2010-01-14 16:13
ComboFix4.txt 2010-01-13 14:59

Před spuštěním: 3 964 264 448
Po spuštění: 3 926 843 392

- - End Of File - - 990F2C651661E2CB9282CC1A6FA99537
Nahoru
selick
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 16 úno 2010 10:47

Re: Prosim o kontrolu logu z combofix a rsit

#11 Příspěvek od selick »

jen ten usbfix kdyz spustim jenom rychle problikne a neudela nic :-(
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosim o kontrolu logu z combofix a rsit

#12 Příspěvek od motji »

O to nejde, ale combofix by jste jen tak spouštět neměl...pokud tomu nerozumíte, at si nepoškodíte systém :).

Dobře, jak to vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
selick
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 16 úno 2010 10:47

Re: Prosim o kontrolu logu z combofix a rsit

#13 Příspěvek od selick »

Vypada ze vse bezi v poradku dekuji mnohokrat za pomoc je bajecne vedet o lidech kteri vedi co delaji. Diky preji prijemny den.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosim o kontrolu logu z combofix a rsit

#14 Příspěvek od motji »

Ještě mi neutíkejte :) , uklidíme :)

:arrow: Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


:arrow: Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


:arrow: Z mého podpisu stahněte Ccleaner
- ]nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********


:arrow: Při použití combofixu byl vypnut autorun - nefunguje automatické spouštění cd rom a pod. Doporučovala bych nechat vypnuté, ale pokud je chcete zapnout, zde je návod

ObrázekOtevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom] 
"AutoRun"=dword:00000001 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=- 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=- 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=-
-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
-klikněte na uložit,
- pak na soubor standardně 2x klikněte a potvrďte dialogové okno.


***********


:arrow: Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

:arrow: Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?


:arrow: Pokud to máte na síti, měl by jste odvirovat i ostatní počítače, jinak to máte za chvilku zpět. A určitě doinstalujte ten firewall.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
selick
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 16 úno 2010 10:47

Re: Prosim o kontrolu logu z combofix a rsit

#15 Příspěvek od selick »

Tak tedy firewall zapnut cisteni provedeno. Na ostatni pocitace se chystam. zde je log jeste jednou dekuji


Logfile of random's system information tool 1.06 (written by random/random)
Run by Pavel at 2010-02-17 17:34:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (24%) free of 22 GB
Total RAM: 1014 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:53, on 17.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MicroTouch\MT 7\TwMonitor.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRAM FILES\MICROTOUCH\MT 7\TwService.exe
C:\PROGRAM FILES\MICROTOUCH\MT 7\TwRegSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Touch Monitor.lnk = C:\Program Files\MicroTouch\MT 7\TwMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: nvEPLMedia - http://192.168.0.100/nvEPLMedia.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cross-point.local
O17 - HKLM\Software\..\Telephony: DomainName = cross-point.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cross-point.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: MT7 Serial Search Service (TwDrvService) - 3M Touch Systems, Inc. - C:\PROGRAM FILES\MICROTOUCH\MT 7\TwService.exe
O23 - Service: MT7 Registry Service (TwRegSvc) - Unknown owner - C:\PROGRAM FILES\MICROTOUCH\MT 7\TwRegSvc.exe

--
End of file - 10272 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-15 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-15 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-15 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2009-03-13 68976]
"LENOVO.TPFNF6R"=C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [2009-08-20 62752]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"PSQLLauncher"=C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2008-06-24 49928]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-14 1541416]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-01-19 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
Touch Monitor.lnk - C:\Program Files\MicroTouch\MT 7\TwMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2008-06-24 95496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Documents and Settings\Pavel\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Pavel\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Documents and Settings\Pavel\Plocha\pavel\Magic.the.Gathering.and.Expansions\magicg\Magic\Manalink.exe"="C:\Documents and Settings\Pavel\Plocha\pavel\Magic.the.Gathering.and.Expansions\magicg\Magic\Manalink.exe:*:Disabled:manalink"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\Documents and Settings\Pavel\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Pavel\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

======List of files/folders created in the last 1 months======

2010-02-17 17:34:45 ----D---- C:\rsit
2010-02-17 17:34:45 ----D---- C:\Program Files\trend micro
2010-02-17 17:27:02 ----SHD---- C:\RECYCLER
2010-02-17 17:26:20 ----D---- C:\Program Files\CCleaner
2010-02-17 17:25:18 ----A---- C:\SRStatus.txt
2010-02-15 10:13:32 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-02-15 10:13:32 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-02-15 10:13:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVerTV
2010-02-15 10:12:53 ----A---- C:\WINDOWS\system32\TVRate.dll
2010-02-15 10:11:35 ----A---- C:\WINDOWS\system32\CardID.dll
2010-02-15 10:11:35 ----A---- C:\WINDOWS\system32\AVerIO.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib22.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib21.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib12.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib11.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib03.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib02.dll
2010-02-15 10:11:20 ----A---- C:\WINDOWS\system32\sptlib01.dll
2010-02-15 10:10:56 ----D---- C:\Program Files\Common Files\AVerMedia
2010-02-15 10:10:56 ----D---- C:\Program Files\AVerMedia
2010-02-11 14:48:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 14:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 14:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 14:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 14:48:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 14:48:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 14:47:18 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 14:47:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 14:46:48 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-05 18:26:45 ----D---- C:\Program Files\futurebit software
2010-02-05 18:26:39 ----A---- C:\WINDOWS\uninst.exe
2010-02-03 16:32:01 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-03 11:24:52 ----D---- C:\Program Files\Hamachi
2010-02-02 13:20:01 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-02-02 12:23:12 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Nero
2010-02-02 12:03:34 ----D---- C:\Program Files\Nero
2010-02-02 12:03:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-02-02 12:03:08 ----D---- C:\Program Files\Common Files\Nero
2010-02-02 11:58:54 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-01-28 09:51:44 ----D---- C:\Program Files\Zoner
2010-01-26 18:34:07 ----D---- C:\Program Files\Counter-Strike Source
2010-01-26 15:19:50 ----D---- C:\Documents and Settings\Pavel\Data aplikací\uTorrent
2010-01-20 14:35:59 ----A---- C:\WINDOWS\unslive.exe
2010-01-20 14:35:58 ----D---- C:\Program Files\Sclive
2010-01-20 14:35:55 ----D---- C:\tape-indices
2010-01-19 16:55:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2010-01-19 16:55:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-01-19 16:55:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-01-19 16:44:23 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Google
2010-01-19 16:15:06 ----D---- C:\Program Files\Google
2010-01-19 16:15:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-01-19 16:14:53 ----D---- C:\WINDOWS\system32\Adobe
2010-01-18 12:08:54 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Miranda
2010-01-18 12:08:35 ----D---- C:\Program Files\Miranda IM

======List of files/folders modified in the last 1 months======

2010-02-17 17:34:45 ----RD---- C:\Program Files
2010-02-17 17:33:59 ----D---- C:\WINDOWS\Temp
2010-02-17 17:33:21 ----D---- C:\WINDOWS
2010-02-17 17:31:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-17 17:29:56 ----SHD---- C:\WINDOWS\Installer
2010-02-17 17:29:45 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-17 17:29:06 ----D---- C:\WINDOWS\Prefetch
2010-02-17 17:27:03 ----D---- C:\WINDOWS\Debug
2010-02-17 17:25:16 ----D---- C:\WINDOWS\system32
2010-02-17 16:52:42 ----A---- C:\WINDOWS\system.ini
2010-02-17 16:51:03 ----D---- C:\WINDOWS\system32\drivers
2010-02-17 16:51:03 ----D---- C:\WINDOWS\AppPatch
2010-02-17 16:50:59 ----D---- C:\Program Files\Common Files
2010-02-17 16:42:36 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Skype
2010-02-17 16:39:31 ----HD---- C:\WINDOWS\inf
2010-02-17 16:04:33 ----D---- C:\Documents and Settings\Pavel\Data aplikací\skypePM
2010-02-17 14:09:39 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Hamachi
2010-02-17 10:43:36 ----D---- C:\WINDOWS\security
2010-02-17 09:11:05 ----SHD---- C:\System Volume Information
2010-02-16 15:26:24 ----SHD---- C:\WINDOWS\CSC
2010-02-15 10:43:01 ----SD---- C:\WINDOWS\Tasks
2010-02-15 10:15:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-15 10:13:09 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-15 10:13:04 ----D---- C:\Documents and Settings
2010-02-15 10:12:52 ----D---- C:\WINDOWS\Driver Cache
2010-02-15 10:10:59 ----RSD---- C:\WINDOWS\Fonts
2010-02-11 14:48:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-11 14:47:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-11 11:36:30 ----D---- C:\Documents and Settings\Pavel\Data aplikací\AdobeUM
2010-02-11 11:36:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-11 11:34:18 ----D---- C:\Program Files\Adobe
2010-02-09 23:23:49 ----D---- C:\Documents and Settings\Pavel\Data aplikací\vlc
2010-02-07 16:53:14 ----A---- C:\debug.txt
2010-02-03 11:24:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-02 13:20:06 ----D---- C:\WINDOWS\system32\DirectX
2010-02-02 11:58:28 ----D---- C:\WINDOWS\WinSxS
2010-02-02 11:58:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-01 18:37:38 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-28 09:54:47 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Zoner
2010-01-26 18:44:57 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-22 19:36:11 ----D---- C:\Program Files\Internet Explorer
2010-01-22 19:35:59 ----D---- C:\WINDOWS\ie8updates
2010-01-22 19:35:33 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-19 17:01:34 ----D---- C:\WINDOWS\system32\Macromed
2010-01-19 17:00:13 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Teleca
2010-01-19 17:00:06 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-19 16:59:50 ----D---- C:\Program Files\Common Files\Teleca Shared
2010-01-19 16:56:52 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Adobe
2010-01-18 12:05:58 ----D---- C:\Program Files\QIP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2009-08-10 13952]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2003-07-03 11344]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw5x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-09-15 5977216]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-07-14 212656]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-01-30 50576]
R3 TwBus;MicroTouch Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\TwBus.sys [2006-03-22 12240]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a3py4i6c;a3py4i6c; C:\WINDOWS\system32\drivers\a3py4i6c.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys [2009-12-08 437888]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-06-21 45984]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 25280]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2007-02-08 18560]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-12-12 25984]
S3 TwTouch;MicroTouch Touch Screen; C:\WINDOWS\system32\DRIVERS\TwTouch.sys [2009-01-09 84017]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2009-09-24 475220]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-09-23 348160]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-04-09 393216]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-09-21 858384]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2003-07-03 57344]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-09-21 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-09-21 954368]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TwDrvService;MT7 Serial Search Service; C:\PROGRAM FILES\MICROTOUCH\MT 7\TwService.exe [2006-10-23 131072]
R2 TwRegSvc;MT7 Registry Service; C:\PROGRAM FILES\MICROTOUCH\MT 7\TwRegSvc.exe [2008-02-20 32768]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-23 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-19 182768]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“