Antivir (nebo snad vir?)

MaxDamageCZ · Příspěvekod **MaxDamageCZ** » 30 črc 2009 10:28

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2529
Windows 5.1.2600 Service Pack 3

30.7.2009 10:27:43
mbam-log-2009-07-30 (10-27-43).txt

Typ skenu: Rychlý sken
Objektu skenováno: 114752
Uplynulý cas: 6 minute(s), 34 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Reklama

MaxDamageCZ · Příspěvekod **MaxDamageCZ** » 30 črc 2009 10:29

nemám, mám "Make Writeable" červeně

Příspěvekod **jaro3** » 30 črc 2009 10:48

Tak klikni nato červené , poté klikni na Restore MS Hosts File a zavři program , proveď ještě
Kaspersky On-Line Scanner

MaxDamageCZ · Příspěvekod **MaxDamageCZ** » 30 črc 2009 10:58

kaspersky už dělám, i po kliknutí dělá error

MaxDamageCZ · Příspěvekod **MaxDamageCZ** » 30 črc 2009 13:09

Kaspersky hotovo C:\Documents and Settings\Marek\Dokumenty\ICQ\423630366\ReceivedFiles\497904616 Kaťule\WinVNC.rar <html><a href='http://www.viruslist.com/en/find?search_mode=virus&words=not-a-virus:RemoteAdmin.Win32.WinVNC-based.c'>not-a-virus:RemoteAdmin.Win32.WinVNC-based.c</a></html> 2

C:\Documents and Settings\Marek\Dokumenty\ICQ\423630366\ReceivedFiles\497904616 Kaťule\WinVNC.rar <html><a href='http://www.viruslist.com/en/find?search_mode=virus&words=not-a-virus:RemoteAdmin.Win32.WinVNC.4'>not-a-virus:RemoteAdmin.Win32.WinVNC.4</a></html> 2

C:\Documents and Settings\Marek\Plocha\prdelky.exe <html><a href='http://www.viruslist.com/en/find?search_mode=virus&words=Hoax.Win32.BadJoke.Prdelky'>Hoax.Win32.BadJoke.Prdelky</a></html> 1

Příspěvekod **jaro3** » 30 črc 2009 13:46

Najdi a smaž:
C:\Documents and Settings\Marek\Dokumenty\ICQ\423630366\ReceivedFiles\497904616 Kaťule\WinVNC.rar
To je nějaký šmírácký program , instaloval si ho?

C:\Documents and Settings\Marek\Plocha\prdelky.exe
******************************************************************************************************************************************
Stáhni si Registry Search

Rozbal si soubor do složky a potom poklepej na regsearch.exe ke startu programu.
Do volné linky(linek) nad Enter search string case independent zkopíruj a vlož:

Kód: Vybrat vše

F-Secure

A klikni na OK.Otevře se notepad s textem a celý text z něho sem vlož.
******************************************************************************************************************************************
stáhni SuperAntiSpyware
aktualizuj databázi , proveď sken a následně nákazy smaž
******************************************************************************************************************************************
Vypni rez. ochranu u antiviru (NOD32?)
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Budu až večer.

MaxDamageCZ · Příspěvekod **MaxDamageCZ** » 30 črc 2009 13:54

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 30.7.2009 13:51:49 for strings:
; 'f-secure'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\ComponentsRegistered\F-Secure Automatic Update.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\ComponentsToRegister\BWCHelpr-7681197.dll]
"Path"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\Program\\BWCHelpr-7681197.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\ComponentsToRegister\BWDataSetNotifier-7681197.exe]
"Path"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\Program\\BWDataSetNotifier-7681197.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\ComponentsToRegister\BWDataSets-7681197.dll]
"Path"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\Program\\BWDataSets-7681197.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\ComponentsToRegister\bwdlg-7681197.dll]
"Path"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\Program\\bwdlg-7681197.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\ComponentsToRegister\BWfiles-7681197.dll]
"Path"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\Program\\BWfiles-7681197.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\ComponentsToRegister\F-Secure Automatic Update.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\ComponentsToRegister\F-Secure Automatic Update.exe]
"Path"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\Program\\F-Secure Automatic Update.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\ComponentsToRegister\fsbwce.dll]
"Path"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\fsbwce.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\General]
"InstallDir"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\"
"ApplicationName"="F-Secure Automatic Update"
"PublisherName"="F-Secure Automatic Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\Pre6Client]
"SameAppPre6ClientHomeServerAddress"="fsbwserver.f-secure.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\RunnersMapping\backWeb-7681197.exe]
"MappedTo"="F-Secure Automatic Update.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Applications\7681197\RunnersMapping\F-Secure Automatic Update.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\TypeLibs\{12A28E5D-653A-466B-BED5-89F871171AF4}_1.0_0_win32]
"V6.3.2.116-7681197L"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\BWDataSetNotifier.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\TypeLibs\{3AF78A60-6F14-11D1-A884-0000B43699FC}_2.0_0_win32]
"V6.3.2.116-7681197L"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\BWfiles.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\TypeLibs\{53FCF357-5323-11D0-A864-0000B43699FC}_2.11_0_win32]
"V6.3.2.116-7681197L"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\backWeb.tlb"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\TypeLibs\{590DF1E4-C721-11D2-989A-00A0C93BF050}_1.0_0_win32]
"V6.3.2.116-7681197L"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\bwdlg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\TypeLibs\{C1A95B70-E795-11D4-B96F-0010A4FBBFC9}_1.0_0_win32]
"V6.3.2.116-7681197L"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\BWCHelpr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\TypeLibs\{EDABC7FF-7641-4089-80D2-BB9BF2CDDCDC}_1.0_0_win32]
"V6.3.2.116-7681197L"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\BWDataSets.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\BackWeb\BackWeb-Client\Versions\6.3.2.116-7681197L\General]
"InstallDir"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{23814B80-52A2-11d0-BC1A-004095606CB9}]
@="F-Secure"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{23814B80-52A2-11d0-BC1A-004095606CB9}]
@="F-Secure"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{12A28E5D-653A-466B-BED5-89F871171AF4}\1.0\0\win32]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\BWDataSetNotifier.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{12A28E5D-653A-466B-BED5-89F871171AF4}\1.0\HELPDIR]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3AF78A60-6F14-11D1-A884-0000B43699FC}\2.0\0\win32]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\BWfiles.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3AF78A60-6F14-11D1-A884-0000B43699FC}\2.0\HELPDIR]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{53FCF357-5323-11D0-A864-0000B43699FC}\2.b\0\win32]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\backWeb.tlb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{53FCF357-5323-11D0-A864-0000B43699FC}\2.b\HELPDIR]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{590DF1E4-C721-11D2-989A-00A0C93BF050}\1.0\0\win32]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\bwdlg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{590DF1E4-C721-11D2-989A-00A0C93BF050}\1.0\HELPDIR]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C1A95B70-E795-11D4-B96F-0010A4FBBFC9}\1.0\0\win32]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\BWCHelpr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C1A95B70-E795-11D4-B96F-0010A4FBBFC9}\1.0\HELPDIR]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA0AC514-C1AE-11D3-84E7-005004C65534}\1.0\0\win32]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\fsbwce.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA0AC514-C1AE-11D3-84E7-005004C65534}\1.0\HELPDIR]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EDABC7FF-7641-4089-80D2-BB9BF2CDDCDC}\1.0\0\win32]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\BWDataSets.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EDABC7FF-7641-4089-80D2-BB9BF2CDDCDC}\1.0\HELPDIR]
@="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{300DB664-75B5-47c0-8B45-A44ACCF73C00}]
"HotIcon"="C:\\Program Files\\F-Secure\\Anti-Spyware\\ieshieldh.ico"
"Icon"="C:\\Program Files\\F-Secure\\Anti-Spyware\\ieshield.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ExclusionList]
"F-Secure Automatic Update.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BackWeb-7681197 Uninstaller]
"DisplayName"="F-Secure Automatic Update"
"DisplayIcon"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\Program\\F-Secure Automatic Update.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\WINner Tweak Software\Smarty Uninstaller\Installed]
"F-Secure Product 277"="C:\\Program Files\\F-Secure\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\WINner Tweak Software\Smarty Uninstaller\InstalledIcons]
"F-Secure Product 277"="C:\\Program Files\\F-Secure\\FSGUI\\ico_setup.ico"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BACKWEB_PLUG-IN_-_7681197\0000]
"DeviceDesc"="F-Secure Automatic Update"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"Service"="F-Secure Filter"
"DeviceDesc"="F-Secure File System Filter"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_GATEKEEPER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_GATEKEEPER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_GATEKEEPER\0000]
"Service"="F-Secure Gatekeeper"
"DeviceDesc"="F-Secure Gatekeeper"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_GATEKEEPER\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_GATEKEEPER_HANDLER_STARTER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_GATEKEEPER_HANDLER_STARTER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_GATEKEEPER_HANDLER_STARTER\0000]
"Service"="F-Secure Gatekeeper Handler Starter"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_HIPS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_HIPS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_HIPS\0000]
"Service"="F-Secure HIPS"
"DeviceDesc"="F-Secure HIPS Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_HIPS\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"Service"="F-Secure Recognizer"
"DeviceDesc"="F-Secure File System Recognizer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FSFW\0000]
"DeviceDesc"="F-Secure Firewall Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FSMA\0000]
"DeviceDesc"="F-Secure Management Agent"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FSORSPCLIENT\0000]
"DeviceDesc"="F-Secure ORSP Client"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BackWeb Plug-in - 7681197]
; Contents of value:
; C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
"ImagePath"=hex(2):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,\
31,00,5c,00,46,00,2d,00,53,00,65,00,63,00,75,00,72,00,65,00,5c,00,42,00,61,\
00,63,00,6b,00,57,00,65,00,62,00,5c,00,37,00,36,00,38,00,31,00,31,00,39,00,\
37,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,5c,00,53,00,45,00,52,\
00,56,00,49,00,43,00,7e,00,31,00,2e,00,45,00,58,00,45,00,00,00
"DisplayName"="F-Secure Automatic Update"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\BackWeb Plug-in - 7681197]
"EventMessageFile"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\ServiceWrapper.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System]
; Contents of value:
; WZCSVC
; Wudf01000
; WpdUsb
; WPDMTPDriver
; WPDClassInstaller
; Workstation
; WMPNetworkSvc
; WindowsMedia
; Windows Update Agent
; Windows Script Host
; Windows Installer 3.1
; Windows File Protection
; Win32k
; WgaNotify
; WGA
; Wdf01005
; Wdf01000
; W32Time
; Vyměnitelné úložiště
; VolSnap
; viaide
; VgaSave
; USER32
; UPS
; ultra
; udfs
; toside
; TermServSessDir
; TermService
; TermServDevices
; TermDD
; tdi
; TCPMon
; Tcpip
; System Error
; sym_u3
; sym_hi
; symc8xx
; symc810
; StillImage
; SSDPSRV
; Srv
; srservice
; sr
; sptd
; sparrow
; sndblst
; SMSvcHost 3.0.0.0
; Simbad
; SideBySide
; sfloppy
; Setup
; Service Control Manager
; Server
; serial
; scsiport
; Schedule
; Schannel
; SCardSvr
; Save Dump
; SAM
; RSVP
; RemoteAccess
; redbook
; Rdbss
; RasMan
; RasAuto
; ql1280
; ql1240
; ql12160
; ql10wnt
; ql1080
; PSched
; Processor
; PrintFilterPipelineSvc
; Print
; PptpMiniport
; PolicyAgent
; PlugPlayManager
; perc2
; pcmcia
; pciide
; pci
; parvdm
; partmgr
; parport
; OSPFMib
; OSPF
; NVENETFD
; nvata
; nv
; null
; NtServicePack
; ntfs
; npfs
; Nla
; NIC1394
; Netlogon
; NetDDE
; NetBT
; NetBIOS
; NdisWan
; NdisIP
; ndis
; napipsecenf
; napagent
; Mup
; msfs
; MSDTC WS-AT Protocol
; MSDTC Gateway
; msadlib
; MrxSmb
; MRxDAV
; mraid35x
; mouhid
; mouclass
; Modem
; LsaSrv
; LmHosts
; LDMS
; LDM
; lbrtfdc
; Kerberos
; kbdclass
; KB929969
; KB928090-IE7
; isapnp
; irsir
; IPXSAP
; IPXRouterManager
; IPXRIP
; IPXCP
; IPSec
; IPRouterManager
; IPRIP2
; IPNATHLP
; IPMGM
; IPBOOTP
; Internet Explorer 8
; Internet Explorer 7 Disk
; intelide
; ini910u
; IGMPv2
; i8042prt
; i2omp
; i2omgmt
; Http
; hpn
; ftdisk
; fs_rec
; flpydisk
; Fips
; fdc
; fastfat
; F-Secure Gatekeeper
; eventlog
; efs
; dtscsi
; dpti2o
; Dnscache
; Dnsapi
; dmio
; dmboot
; Distributed Link Tracking Client
; disk
; DhcpQec
; Dhcp
; DfsSvc
; DfsDriver
; DCOM
; dac960nt
; dac2w2k
; cryptsvc
; cpqarray
; cmdide
; changer
; cdrom
; Cdm
; cdfs
; cdaudio
; cd20xrnt
; cbidf2k
; Browser
; BITS
; beep
; axsaki
; Atmarpc
; atdisk
; atapi
; AsyncMac
; asc3550
; asc3350p
; asc
; Arp1394
; Application Popup
; amsint
; ami0nt
; aliide
; Alerter
; aic78xx
; aic78u2
; aha154x
; adpu160m
; acpiec
; acpi
; abp480n5
; abiosdsk
; System
;
"Sources"=hex(7):57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,75,00,64,00,\
66,00,30,00,31,00,30,00,30,00,30,00,00,00,57,00,70,00,64,00,55,00,73,00,62,\
00,00,00,57,00,50,00,44,00,4d,00,54,00,50,00,44,00,72,00,69,00,76,00,65,00,\
72,00,00,00,57,00,50,00,44,00,43,00,6c,00,61,00,73,00,73,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,57,00,6f,00,72,00,6b,00,73,00,\
74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,4d,00,50,00,4e,00,65,00,74,\
00,77,00,6f,00,72,00,6b,00,53,00,76,00,63,00,00,00,57,00,69,00,6e,00,64,00,\
6f,00,77,00,73,00,4d,00,65,00,64,00,69,00,61,00,00,00,57,00,69,00,6e,00,64,\
00,6f,00,77,00,73,00,20,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,41,00,\
67,00,65,00,6e,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,\
00,53,00,63,00,72,00,69,00,70,00,74,00,20,00,48,00,6f,00,73,00,74,00,00,00,\
57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,74,00,61,\
00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,31,00,00,00,57,00,69,00,6e,00,\
64,00,6f,00,77,00,73,00,20,00,46,00,69,00,6c,00,65,00,20,00,50,00,72,00,6f,\
00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,33,00,\
32,00,6b,00,00,00,57,00,67,00,61,00,4e,00,6f,00,74,00,69,00,66,00,79,00,00,\
00,57,00,47,00,41,00,00,00,57,00,64,00,66,00,30,00,31,00,30,00,30,00,35,00,\
00,00,57,00,64,00,66,00,30,00,31,00,30,00,30,00,30,00,00,00,57,00,33,00,32,\
00,54,00,69,00,6d,00,65,00,00,00,56,00,79,00,6d,00,1b,01,6e,00,69,00,74,00,\
65,00,6c,00,6e,00,e9,00,20,00,fa,00,6c,00,6f,00,7e,01,69,00,61,01,74,00,1b,\
01,00,00,56,00,6f,00,6c,00,53,00,6e,00,61,00,70,00,00,00,76,00,69,00,61,00,\
69,00,64,00,65,00,00,00,56,00,67,00,61,00,53,00,61,00,76,00,65,00,00,00,55,\
00,53,00,45,00,52,00,33,00,32,00,00,00,55,00,50,00,53,00,00,00,75,00,6c,00,\
74,00,72,00,61,00,00,00,75,00,64,00,66,00,73,00,00,00,74,00,6f,00,73,00,69,\
00,64,00,65,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,53,00,\
65,00,73,00,73,00,44,00,69,00,72,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,\
72,00,76,00,44,00,65,00,76,00,69,00,63,00,65,00,73,00,00,00,54,00,65,00,72,\
00,6d,00,44,00,44,00,00,00,74,00,64,00,69,00,00,00,54,00,43,00,50,00,4d,00,\
6f,00,6e,00,00,00,54,00,63,00,70,00,69,00,70,00,00,00,53,00,79,00,73,00,74,\
00,65,00,6d,00,20,00,45,00,72,00,72,00,6f,00,72,00,00,00,73,00,79,00,6d,00,\
5f,00,75,00,33,00,00,00,73,00,79,00,6d,00,5f,00,68,00,69,00,00,00,73,00,79,\
00,6d,00,63,00,38,00,78,00,78,00,00,00,73,00,79,00,6d,00,63,00,38,00,31,00,\
30,00,00,00,53,00,74,00,69,00,6c,00,6c,00,49,00,6d,00,61,00,67,00,65,00,00,\
00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,53,00,72,00,76,00,00,00,\
73,00,72,00,73,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,73,00,72,00,00,\
00,73,00,70,00,74,00,64,00,00,00,73,00,70,00,61,00,72,00,72,00,6f,00,77,00,\
00,00,73,00,6e,00,64,00,62,00,6c,00,73,00,74,00,00,00,53,00,4d,00,53,00,76,\
00,63,00,48,00,6f,00,73,00,74,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,00,\
30,00,00,00,53,00,69,00,6d,00,62,00,61,00,64,00,00,00,53,00,69,00,64,00,65,\
00,42,00,79,00,53,00,69,00,64,00,65,00,00,00,73,00,66,00,6c,00,6f,00,70,00,\
70,00,79,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,20,00,\
4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,00,65,00,72,00,76,00,65,\
00,72,00,00,00,73,00,65,00,72,00,69,00,61,00,6c,00,00,00,73,00,63,00,73,00,\
69,00,70,00,6f,00,72,00,74,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,\
00,65,00,00,00,53,00,63,00,68,00,61,00,6e,00,6e,00,65,00,6c,00,00,00,53,00,\
43,00,61,00,72,00,64,00,53,00,76,00,72,00,00,00,53,00,61,00,76,00,65,00,20,\
00,44,00,75,00,6d,00,70,00,00,00,53,00,41,00,4d,00,00,00,52,00,53,00,56,00,\
50,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,\
00,73,00,00,00,72,00,65,00,64,00,62,00,6f,00,6f,00,6b,00,00,00,52,00,64,00,\
62,00,73,00,73,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,52,00,61,\
00,73,00,41,00,75,00,74,00,6f,00,00,00,71,00,6c,00,31,00,32,00,38,00,30,00,\
00,00,71,00,6c,00,31,00,32,00,34,00,30,00,00,00,71,00,6c,00,31,00,32,00,31,\
00,36,00,30,00,00,00,71,00,6c,00,31,00,30,00,77,00,6e,00,74,00,00,00,71,00,\
6c,00,31,00,30,00,38,00,30,00,00,00,50,00,53,00,63,00,68,00,65,00,64,00,00,\
00,50,00,72,00,6f,00,63,00,65,00,73,00,73,00,6f,00,72,00,00,00,50,00,72,00,\
69,00,6e,00,74,00,46,00,69,00,6c,00,74,00,65,00,72,00,50,00,69,00,70,00,65,\
00,6c,00,69,00,6e,00,65,00,53,00,76,00,63,00,00,00,50,00,72,00,69,00,6e,00,\
74,00,00,00,50,00,70,00,74,00,70,00,4d,00,69,00,6e,00,69,00,70,00,6f,00,72,\
00,74,00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,41,00,67,00,65,00,6e,00,\
74,00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,4d,00,61,00,6e,\
00,61,00,67,00,65,00,72,00,00,00,70,00,65,00,72,00,63,00,32,00,00,00,70,00,\
63,00,6d,00,63,00,69,00,61,00,00,00,70,00,63,00,69,00,69,00,64,00,65,00,00,\
00,70,00,63,00,69,00,00,00,70,00,61,00,72,00,76,00,64,00,6d,00,00,00,70,00,\
61,00,72,00,74,00,6d,00,67,00,72,00,00,00,70,00,61,00,72,00,70,00,6f,00,72,\
00,74,00,00,00,4f,00,53,00,50,00,46,00,4d,00,69,00,62,00,00,00,4f,00,53,00,\
50,00,46,00,00,00,4e,00,56,00,45,00,4e,00,45,00,54,00,46,00,44,00,00,00,6e,\
00,76,00,61,00,74,00,61,00,00,00,6e,00,76,00,00,00,6e,00,75,00,6c,00,6c,00,\
00,00,4e,00,74,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,61,00,63,\
00,6b,00,00,00,6e,00,74,00,66,00,73,00,00,00,6e,00,70,00,66,00,73,00,00,00,\
4e,00,6c,00,61,00,00,00,4e,00,49,00,43,00,31,00,33,00,39,00,34,00,00,00,4e,\
00,65,00,74,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,\
44,00,45,00,00,00,4e,00,65,00,74,00,42,00,54,00,00,00,4e,00,65,00,74,00,42,\
00,49,00,4f,00,53,00,00,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,00,00,\
4e,00,64,00,69,00,73,00,49,00,50,00,00,00,6e,00,64,00,69,00,73,00,00,00,6e,\
00,61,00,70,00,69,00,70,00,73,00,65,00,63,00,65,00,6e,00,66,00,00,00,6e,00,\
61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,4d,00,75,00,70,00,00,00,6d,\
00,73,00,66,00,73,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,57,00,53,00,\
2d,00,41,00,54,00,20,00,50,00,72,00,6f,00,74,00,6f,00,63,00,6f,00,6c,00,00,\
00,4d,00,53,00,44,00,54,00,43,00,20,00,47,00,61,00,74,00,65,00,77,00,61,00,\
79,00,00,00,6d,00,73,00,61,00,64,00,6c,00,69,00,62,00,00,00,4d,00,72,00,78,\
00,53,00,6d,00,62,00,00,00,4d,00,52,00,78,00,44,00,41,00,56,00,00,00,6d,00,\
72,00,61,00,69,00,64,00,33,00,35,00,78,00,00,00,6d,00,6f,00,75,00,68,00,69,\
00,64,00,00,00,6d,00,6f,00,75,00,63,00,6c,00,61,00,73,00,73,00,00,00,4d,00,\
6f,00,64,00,65,00,6d,00,00,00,4c,00,73,00,61,00,53,00,72,00,76,00,00,00,4c,\
00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,4c,00,44,00,4d,00,53,00,00,00,\
4c,00,44,00,4d,00,00,00,6c,00,62,00,72,00,74,00,66,00,64,00,63,00,00,00,4b,\
00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,00,6b,00,62,00,64,00,63,00,\
6c,00,61,00,73,00,73,00,00,00,4b,00,42,00,39,00,32,00,39,00,39,00,36,00,39,\
00,00,00,4b,00,42,00,39,00,32,00,38,00,30,00,39,00,30,00,2d,00,49,00,45,00,\
37,00,00,00,69,00,73,00,61,00,70,00,6e,00,70,00,00,00,69,00,72,00,73,00,69,\
00,72,00,00,00,49,00,50,00,58,00,53,00,41,00,50,00,00,00,49,00,50,00,58,00,\
52,00,6f,00,75,00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,\
00,00,00,49,00,50,00,58,00,52,00,49,00,50,00,00,00,49,00,50,00,58,00,43,00,\
50,00,00,00,49,00,50,00,53,00,65,00,63,00,00,00,49,00,50,00,52,00,6f,00,75,\
00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,49,00,\
50,00,52,00,49,00,50,00,32,00,00,00,49,00,50,00,4e,00,41,00,54,00,48,00,4c,\
00,50,00,00,00,49,00,50,00,4d,00,47,00,4d,00,00,00,49,00,50,00,42,00,4f,00,\
4f,00,54,00,50,00,00,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,\
00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,20,00,38,00,00,00,49,00,\
6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,\
00,72,00,65,00,72,00,20,00,37,00,20,00,44,00,69,00,73,00,6b,00,00,00,69,00,\
6e,00,74,00,65,00,6c,00,69,00,64,00,65,00,00,00,69,00,6e,00,69,00,39,00,31,\
00,30,00,75,00,00,00,49,00,47,00,4d,00,50,00,76,00,32,00,00,00,69,00,38,00,\
30,00,34,00,32,00,70,00,72,00,74,00,00,00,69,00,32,00,6f,00,6d,00,70,00,00,\
00,69,00,32,00,6f,00,6d,00,67,00,6d,00,74,00,00,00,48,00,74,00,74,00,70,00,\
00,00,68,00,70,00,6e,00,00,00,66,00,74,00,64,00,69,00,73,00,6b,00,00,00,66,\
00,73,00,5f,00,72,00,65,00,63,00,00,00,66,00,6c,00,70,00,79,00,64,00,69,00,\
73,00,6b,00,00,00,46,00,69,00,70,00,73,00,00,00,66,00,64,00,63,00,00,00,66,\
00,61,00,73,00,74,00,66,00,61,00,74,00,00,00,46,00,2d,00,53,00,65,00,63,00,\
75,00,72,00,65,00,20,00,47,00,61,00,74,00,65,00,6b,00,65,00,65,00,70,00,65,\
00,72,00,00,00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,65,00,\
66,00,73,00,00,00,64,00,74,00,73,00,63,00,73,00,69,00,00,00,64,00,70,00,74,\
00,69,00,32,00,6f,00,00,00,44,00,6e,00,73,00,63,00,61,00,63,00,68,00,65,00,\
00,00,44,00,6e,00,73,00,61,00,70,00,69,00,00,00,64,00,6d,00,69,00,6f,00,00,\
00,64,00,6d,00,62,00,6f,00,6f,00,74,00,00,00,44,00,69,00,73,00,74,00,72,00,\
69,00,62,00,75,00,74,00,65,00,64,00,20,00,4c,00,69,00,6e,00,6b,00,20,00,54,\
00,72,00,61,00,63,00,6b,00,69,00,6e,00,67,00,20,00,43,00,6c,00,69,00,65,00,\
6e,00,74,00,00,00,64,00,69,00,73,00,6b,00,00,00,44,00,68,00,63,00,70,00,51,\
00,65,00,63,00,00,00,44,00,68,00,63,00,70,00,00,00,44,00,66,00,73,00,53,00,\
76,00,63,00,00,00,44,00,66,00,73,00,44,00,72,00,69,00,76,00,65,00,72,00,00,\
00,44,00,43,00,4f,00,4d,00,00,00,64,00,61,00,63,00,39,00,36,00,30,00,6e,00,\
74,00,00,00,64,00,61,00,63,00,32,00,77,00,32,00,6b,00,00,00,63,00,72,00,79,\
00,70,00,74,00,73,00,76,00,63,00,00,00,63,00,70,00,71,00,61,00,72,00,72,00,\
61,00,79,00,00,00,63,00,6d,00,64,00,69,00,64,00,65,00,00,00,63,00,68,00,61,\
00,6e,00,67,00,65,00,72,00,00,00,63,00,64,00,72,00,6f,00,6d,00,00,00,43,00,\
64,00,6d,00,00,00,63,00,64,00,66,00,73,00,00,00,63,00,64,00,61,00,75,00,64,\
00,69,00,6f,00,00,00,63,00,64,00,32,00,30,00,78,00,72,00,6e,00,74,00,00,00,\
63,00,62,00,69,00,64,00,66,00,32,00,6b,00,00,00,42,00,72,00,6f,00,77,00,73,\
00,65,00,72,00,00,00,42,00,49,00,54,00,53,00,00,00,62,00,65,00,65,00,70,00,\
00,00,61,00,78,00,73,00,61,00,6b,00,69,00,00,00,41,00,74,00,6d,00,61,00,72,\
00,70,00,63,00,00,00,61,00,74,00,64,00,69,00,73,00,6b,00,00,00,61,00,74,00,\
61,00,70,00,69,00,00,00,41,00,73,00,79,00,6e,00,63,00,4d,00,61,00,63,00,00,\
00,61,00,73,00,63,00,33,00,35,00,35,00,30,00,00,00,61,00,73,00,63,00,33,00,\
33,00,35,00,30,00,70,00,00,00,61,00,73,00,63,00,00,00,41,00,72,00,70,00,31,\
00,33,00,39,00,34,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,\
69,00,6f,00,6e,00,20,00,50,00,6f,00,70,00,75,00,70,00,00,00,61,00,6d,00,73,\
00,69,00,6e,00,74,00,00,00,61,00,6d,00,69,00,30,00,6e,00,74,00,00,00,61,00,\
6c,00,69,00,69,00,64,00,65,00,00,00,41,00,6c,00,65,00,72,00,74,00,65,00,72,\
00,00,00,61,00,69,00,63,00,37,00,38,00,78,00,78,00,00,00,61,00,69,00,63,00,\
37,00,38,00,75,00,32,00,00,00,61,00,68,00,61,00,31,00,35,00,34,00,78,00,00,\
00,61,00,64,00,70,00,75,00,31,00,36,00,30,00,6d,00,00,00,61,00,63,00,70,00,\
69,00,65,00,63,00,00,00,61,00,63,00,70,00,69,00,00,00,61,00,62,00,70,00,34,\
00,38,00,30,00,6e,00,35,00,00,00,61,00,62,00,69,00,6f,00,73,00,64,00,73,00,\
6b,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\F-Secure Gatekeeper]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\F-Secure Gatekeeper]
; Contents of value:
; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,2d,00,53,00,65,00,\
63,00,75,00,72,00,65,00,5c,00,41,00,6e,00,74,00,69,00,2d,00,56,00,69,00,72,\
00,75,00,73,00,5c,00,6d,00,69,00,6e,00,69,00,66,00,69,00,6c,00,74,00,65,00,\
72,00,5c,00,66,00,73,00,67,00,6b,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe:*:Enabled:F-Secure Automatic Update"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_BACKWEB_PLUG-IN_-_7681197\0000]
"DeviceDesc"="F-Secure Automatic Update"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_FILTER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_FILTER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"Service"="F-Secure Filter"
"DeviceDesc"="F-Secure File System Filter"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_GATEKEEPER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_GATEKEEPER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_GATEKEEPER\0000]
"Service"="F-Secure Gatekeeper"
"DeviceDesc"="F-Secure Gatekeeper"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_GATEKEEPER\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_GATEKEEPER_HANDLER_STARTER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_GATEKEEPER_HANDLER_STARTER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_GATEKEEPER_HANDLER_STARTER\0000]
"Service"="F-Secure Gatekeeper Handler Starter"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_HIPS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_HIPS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_HIPS\0000]
"Service"="F-Secure HIPS"
"DeviceDesc"="F-Secure HIPS Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_HIPS\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_RECOGNIZER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"Service"="F-Secure Recognizer"
"DeviceDesc"="F-Secure File System Recognizer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_FSFW\0000]
"DeviceDesc"="F-Secure Firewall Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_FSMA\0000]
"DeviceDesc"="F-Secure Management Agent"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_FSORSPCLIENT\0000]
"DeviceDesc"="F-Secure ORSP Client"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BackWeb Plug-in - 7681197]
; Contents of value:
; C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
"ImagePath"=hex(2):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,\
31,00,5c,00,46,00,2d,00,53,00,65,00,63,00,75,00,72,00,65,00,5c,00,42,00,61,\
00,63,00,6b,00,57,00,65,00,62,00,5c,00,37,00,36,00,38,00,31,00,31,00,39,00,\
37,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,5c,00,53,00,45,00,52,\
00,56,00,49,00,43,00,7e,00,31,00,2e,00,45,00,58,00,45,00,00,00
"DisplayName"="F-Secure Automatic Update"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\BackWeb Plug-in - 7681197]
"EventMessageFile"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\ServiceWrapper.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System]
; Contents of value:
; WZCSVC
; Wudf01000
; WpdUsb
; WPDMTPDriver
; WPDClassInstaller
; Workstation
; WMPNetworkSvc
; WindowsMedia
; Windows Update Agent
; Windows Script Host
; Windows Installer 3.1
; Windows File Protection
; Win32k
; WgaNotify
; WGA
; Wdf01005
; Wdf01000
; W32Time
; Vyměnitelné úložiště
; VolSnap
; viaide
; VgaSave
; USER32
; UPS
; ultra
; udfs
; toside
; TermServSessDir
; TermService
; TermServDevices
; TermDD
; tdi
; TCPMon
; Tcpip
; System Error
; sym_u3
; sym_hi
; symc8xx
; symc810
; StillImage
; SSDPSRV
; Srv
; srservice
; sr
; sptd
; sparrow
; sndblst
; SMSvcHost 3.0.0.0
; Simbad
; SideBySide
; sfloppy
; Setup
; Service Control Manager
; Server
; serial
; scsiport
; Schedule
; Schannel
; SCardSvr
; Save Dump
; SAM
; RSVP
; RemoteAccess
; redbook
; Rdbss
; RasMan
; RasAuto
; ql1280
; ql1240
; ql12160
; ql10wnt
; ql1080
; PSched
; Processor
; PrintFilterPipelineSvc
; Print
; PptpMiniport
; PolicyAgent
; PlugPlayManager
; perc2
; pcmcia
; pciide
; pci
; parvdm
; partmgr
; parport
; OSPFMib
; OSPF
; NVENETFD
; nvata
; nv
; null
; NtServicePack
; ntfs
; npfs
; Nla
; NIC1394
; Netlogon
; NetDDE
; NetBT
; NetBIOS
; NdisWan
; NdisIP
; ndis
; napipsecenf
; napagent
; Mup
; msfs
; MSDTC WS-AT Protocol
; MSDTC Gateway
; msadlib
; MrxSmb
; MRxDAV
; mraid35x
; mouhid
; mouclass
; Modem
; LsaSrv
; LmHosts
; LDMS
; LDM
; lbrtfdc
; Kerberos
; kbdclass
; KB929969
; KB928090-IE7
; isapnp
; irsir
; IPXSAP
; IPXRouterManager
; IPXRIP
; IPXCP
; IPSec
; IPRouterManager
; IPRIP2
; IPNATHLP
; IPMGM
; IPBOOTP
; Internet Explorer 8
; Internet Explorer 7 Disk
; intelide
; ini910u
; IGMPv2
; i8042prt
; i2omp
; i2omgmt
; Http
; hpn
; ftdisk
; fs_rec
; flpydisk
; Fips
; fdc
; fastfat
; F-Secure Gatekeeper
; eventlog
; efs
; dtscsi
; dpti2o
; Dnscache
; Dnsapi
; dmio
; dmboot
; Distributed Link Tracking Client
; disk
; DhcpQec
; Dhcp
; DfsSvc
; DfsDriver
; DCOM
; dac960nt
; dac2w2k
; cryptsvc
; cpqarray
; cmdide
; changer
; cdrom
; Cdm
; cdfs
; cdaudio
; cd20xrnt
; cbidf2k
; Browser
; BITS
; beep
; axsaki
; Atmarpc
; atdisk
; atapi
; AsyncMac
; asc3550
; asc3350p
; asc
; Arp1394
; Application Popup
; amsint
; ami0nt
; aliide
; Alerter
; aic78xx
; aic78u2
; aha154x
; adpu160m
; acpiec
; acpi
; abp480n5
; abiosdsk
; System
;
"Sources"=hex(7):57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,75,00,64,00,\
66,00,30,00,31,00,30,00,30,00,30,00,00,00,57,00,70,00,64,00,55,00,73,00,62,\
00,00,00,57,00,50,00,44,00,4d,00,54,00,50,00,44,00,72,00,69,00,76,00,65,00,\
72,00,00,00,57,00,50,00,44,00,43,00,6c,00,61,00,73,00,73,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,57,00,6f,00,72,00,6b,00,73,00,\
74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,4d,00,50,00,4e,00,65,00,74,\
00,77,00,6f,00,72,00,6b,00,53,00,76,00,63,00,00,00,57,00,69,00,6e,00,64,00,\
6f,00,77,00,73,00,4d,00,65,00,64,00,69,00,61,00,00,00,57,00,69,00,6e,00,64,\
00,6f,00,77,00,73,00,20,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,41,00,\
67,00,65,00,6e,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,\
00,53,00,63,00,72,00,69,00,70,00,74,00,20,00,48,00,6f,00,73,00,74,00,00,00,\
57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,74,00,61,\
00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,31,00,00,00,57,00,69,00,6e,00,\
64,00,6f,00,77,00,73,00,20,00,46,00,69,00,6c,00,65,00,20,00,50,00,72,00,6f,\
00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,33,00,\
32,00,6b,00,00,00,57,00,67,00,61,00,4e,00,6f,00,74,00,69,00,66,00,79,00,00,\
00,57,00,47,00,41,00,00,00,57,00,64,00,66,00,30,00,31,00,30,00,30,00,35,00,\
00,00,57,00,64,00,66,00,30,00,31,00,30,00,30,00,30,00,00,00,57,00,33,00,32,\
00,54,00,69,00,6d,00,65,00,00,00,56,00,79,00,6d,00,1b,01,6e,00,69,00,74,00,\
65,00,6c,00,6e,00,e9,00,20,00,fa,00,6c,00,6f,00,7e,01,69,00,61,01,74,00,1b,\
01,00,00,56,00,6f,00,6c,00,53,00,6e,00,61,00,70,00,00,00,76,00,69,00,61,00,\
69,00,64,00,65,00,00,00,56,00,67,00,61,00,53,00,61,00,76,00,65,00,00,00,55,\
00,53,00,45,00,52,00,33,00,32,00,00,00,55,00,50,00,53,00,00,00,75,00,6c,00,\
74,00,72,00,61,00,00,00,75,00,64,00,66,00,73,00,00,00,74,00,6f,00,73,00,69,\
00,64,00,65,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,53,00,\
65,00,73,00,73,00,44,00,69,00,72,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,\
72,00,76,00,44,00,65,00,76,00,69,00,63,00,65,00,73,00,00,00,54,00,65,00,72,\
00,6d,00,44,00,44,00,00,00,74,00,64,00,69,00,00,00,54,00,43,00,50,00,4d,00,\
6f,00,6e,00,00,00,54,00,63,00,70,00,69,00,70,00,00,00,53,00,79,00,73,00,74,\
00,65,00,6d,00,20,00,45,00,72,00,72,00,6f,00,72,00,00,00,73,00,79,00,6d,00,\
5f,00,75,00,33,00,00,00,73,00,79,00,6d,00,5f,00,68,00,69,00,00,00,73,00,79,\
00,6d,00,63,00,38,00,78,00,78,00,00,00,73,00,79,00,6d,00,63,00,38,00,31,00,\
30,00,00,00,53,00,74,00,69,00,6c,00,6c,00,49,00,6d,00,61,00,67,00,65,00,00,\
00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,53,00,72,00,76,00,00,00,\
73,00,72,00,73,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,73,00,72,00,00,\
00,73,00,70,00,74,00,64,00,00,00,73,00,70,00,61,00,72,00,72,00,6f,00,77,00,\
00,00,73,00,6e,00,64,00,62,00,6c,00,73,00,74,00,00,00,53,00,4d,00,53,00,76,\
00,63,00,48,00,6f,00,73,00,74,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,00,\
30,00,00,00,53,00,69,00,6d,00,62,00,61,00,64,00,00,00,53,00,69,00,64,00,65,\
00,42,00,79,00,53,00,69,00,64,00,65,00,00,00,73,00,66,00,6c,00,6f,00,70,00,\
70,00,79,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,20,00,\
4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,00,65,00,72,00,76,00,65,\
00,72,00,00,00,73,00,65,00,72,00,69,00,61,00,6c,00,00,00,73,00,63,00,73,00,\
69,00,70,00,6f,00,72,00,74,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,\
00,65,00,00,00,53,00,63,00,68,00,61,00,6e,00,6e,00,65,00,6c,00,00,00,53,00,\
43,00,61,00,72,00,64,00,53,00,76,00,72,00,00,00,53,00,61,00,76,00,65,00,20,\
00,44,00,75,00,6d,00,70,00,00,00,53,00,41,00,4d,00,00,00,52,00,53,00,56,00,\
50,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,\
00,73,00,00,00,72,00,65,00,64,00,62,00,6f,00,6f,00,6b,00,00,00,52,00,64,00,\
62,00,73,00,73,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,52,00,61,\
00,73,00,41,00,75,00,74,00,6f,00,00,00,71,00,6c,00,31,00,32,00,38,00,30,00,\
00,00,71,00,6c,00,31,00,32,00,34,00,30,00,00,00,71,00,6c,00,31,00,32,00,31,\
00,36,00,30,00,00,00,71,00,6c,00,31,00,30,00,77,00,6e,00,74,00,00,00,71,00,\
6c,00,31,00,30,00,38,00,30,00,00,00,50,00,53,00,63,00,68,00,65,00,64,00,00,\
00,50,00,72,00,6f,00,63,00,65,00,73,00,73,00,6f,00,72,00,00,00,50,00,72,00,\
69,00,6e,00,74,00,46,00,69,00,6c,00,74,00,65,00,72,00,50,00,69,00,70,00,65,\
00,6c,00,69,00,6e,00,65,00,53,00,76,00,63,00,00,00,50,00,72,00,69,00,6e,00,\
74,00,00,00,50,00,70,00,74,00,70,00,4d,00,69,00,6e,00,69,00,70,00,6f,00,72,\
00,74,00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,41,00,67,00,65,00,6e,00,\
74,00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,4d,00,61,00,6e,\
00,61,00,67,00,65,00,72,00,00,00,70,00,65,00,72,00,63,00,32,00,00,00,70,00,\
63,00,6d,00,63,00,69,00,61,00,00,00,70,00,63,00,69,00,69,00,64,00,65,00,00,\
00,70,00,63,00,69,00,00,00,70,00,61,00,72,00,76,00,64,00,6d,00,00,00,70,00,\
61,00,72,00,74,00,6d,00,67,00,72,00,00,00,70,00,61,00,72,00,70,00,6f,00,72,\
00,74,00,00,00,4f,00,53,00,50,00,46,00,4d,00,69,00,62,00,00,00,4f,00,53,00,\
50,00,46,00,00,00,4e,00,56,00,45,00,4e,00,45,00,54,00,46,00,44,00,00,00,6e,\
00,76,00,61,00,74,00,61,00,00,00,6e,00,76,00,00,00,6e,00,75,00,6c,00,6c,00,\
00,00,4e,00,74,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,61,00,63,\
00,6b,00,00,00,6e,00,74,00,66,00,73,00,00,00,6e,00,70,00,66,00,73,00,00,00,\
4e,00,6c,00,61,00,00,00,4e,00,49,00,43,00,31,00,33,00,39,00,34,00,00,00,4e,\
00,65,00,74,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,\
44,00,45,00,00,00,4e,00,65,00,74,00,42,00,54,00,00,00,4e,00,65,00,74,00,42,\
00,49,00,4f,00,53,00,00,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,00,00,\
4e,00,64,00,69,00,73,00,49,00,50,00,00,00,6e,00,64,00,69,00,73,00,00,00,6e,\
00,61,00,70,00,69,00,70,00,73,00,65,00,63,00,65,00,6e,00,66,00,00,00,6e,00,\
61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,4d,00,75,00,70,00,00,00,6d,\
00,73,00,66,00,73,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,57,00,53,00,\
2d,00,41,00,54,00,20,00,50,00,72,00,6f,00,74,00,6f,00,63,00,6f,00,6c,00,00,\
00,4d,00,53,00,44,00,54,00,43,00,20,00,47,00,61,00,74,00,65,00,77,00,61,00,\
79,00,00,00,6d,00,73,00,61,00,64,00,6c,00,69,00,62,00,00,00,4d,00,72,00,78,\
00,53,00,6d,00,62,00,00,00,4d,00,52,00,78,00,44,00,41,00,56,00,00,00,6d,00,\
72,00,61,00,69,00,64,00,33,00,35,00,78,00,00,00,6d,00,6f,00,75,00,68,00,69,\
00,64,00,00,00,6d,00,6f,00,75,00,63,00,6c,00,61,00,73,00,73,00,00,00,4d,00,\
6f,00,64,00,65,00,6d,00,00,00,4c,00,73,00,61,00,53,00,72,00,76,00,00,00,4c,\
00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,4c,00,44,00,4d,00,53,00,00,00,\
4c,00,44,00,4d,00,00,00,6c,00,62,00,72,00,74,00,66,00,64,00,63,00,00,00,4b,\
00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,00,6b,00,62,00,64,00,63,00,\
6c,00,61,00,73,00,73,00,00,00,4b,00,42,00,39,00,32,00,39,00,39,00,36,00,39,\
00,00,00,4b,00,42,00,39,00,32,00,38,00,30,00,39,00,30,00,2d,00,49,00,45,00,\
37,00,00,00,69,00,73,00,61,00,70,00,6e,00,70,00,00,00,69,00,72,00,73,00,69,\
00,72,00,00,00,49,00,50,00,58,00,53,00,41,00,50,00,00,00,49,00,50,00,58,00,\
52,00,6f,00,75,00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,\
00,00,00,49,00,50,00,58,00,52,00,49,00,50,00,00,00,49,00,50,00,58,00,43,00,\
50,00,00,00,49,00,50,00,53,00,65,00,63,00,00,00,49,00,50,00,52,00,6f,00,75,\
00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,49,00,\
50,00,52,00,49,00,50,00,32,00,00,00,49,00,50,00,4e,00,41,00,54,00,48,00,4c,\
00,50,00,00,00,49,00,50,00,4d,00,47,00,4d,00,00,00,49,00,50,00,42,00,4f,00,\
4f,00,54,00,50,00,00,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,\
00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,20,00,38,00,00,00,49,00,\
6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,\
00,72,00,65,00,72,00,20,00,37,00,20,00,44,00,69,00,73,00,6b,00,00,00,69,00,\
6e,00,74,00,65,00,6c,00,69,00,64,00,65,00,00,00,69,00,6e,00,69,00,39,00,31,\
00,30,00,75,00,00,00,49,00,47,00,4d,00,50,00,76,00,32,00,00,00,69,00,38,00,\
30,00,34,00,32,00,70,00,72,00,74,00,00,00,69,00,32,00,6f,00,6d,00,70,00,00,\
00,69,00,32,00,6f,00,6d,00,67,00,6d,00,74,00,00,00,48,00,74,00,74,00,70,00,\
00,00,68,00,70,00,6e,00,00,00,66,00,74,00,64,00,69,00,73,00,6b,00,00,00,66,\
00,73,00,5f,00,72,00,65,00,63,00,00,00,66,00,6c,00,70,00,79,00,64,00,69,00,\
73,00,6b,00,00,00,46,00,69,00,70,00,73,00,00,00,66,00,64,00,63,00,00,00,66,\
00,61,00,73,00,74,00,66,00,61,00,74,00,00,00,46,00,2d,00,53,00,65,00,63,00,\
75,00,72,00,65,00,20,00,47,00,61,00,74,00,65,00,6b,00,65,00,65,00,70,00,65,\
00,72,00,00,00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,65,00,\
66,00,73,00,00,00,64,00,74,00,73,00,63,00,73,00,69,00,00,00,64,00,70,00,74,\
00,69,00,32,00,6f,00,00,00,44,00,6e,00,73,00,63,00,61,00,63,00,68,00,65,00,\
00,00,44,00,6e,00,73,00,61,00,70,00,69,00,00,00,64,00,6d,00,69,00,6f,00,00,\
00,64,00,6d,00,62,00,6f,00,6f,00,74,00,00,00,44,00,69,00,73,00,74,00,72,00,\
69,00,62,00,75,00,74,00,65,00,64,00,20,00,4c,00,69,00,6e,00,6b,00,20,00,54,\
00,72,00,61,00,63,00,6b,00,69,00,6e,00,67,00,20,00,43,00,6c,00,69,00,65,00,\
6e,00,74,00,00,00,64,00,69,00,73,00,6b,00,00,00,44,00,68,00,63,00,70,00,51,\
00,65,00,63,00,00,00,44,00,68,00,63,00,70,00,00,00,44,00,66,00,73,00,53,00,\
76,00,63,00,00,00,44,00,66,00,73,00,44,00,72,00,69,00,76,00,65,00,72,00,00,\
00,44,00,43,00,4f,00,4d,00,00,00,64,00,61,00,63,00,39,00,36,00,30,00,6e,00,\
74,00,00,00,64,00,61,00,63,00,32,00,77,00,32,00,6b,00,00,00,63,00,72,00,79,\
00,70,00,74,00,73,00,76,00,63,00,00,00,63,00,70,00,71,00,61,00,72,00,72,00,\
61,00,79,00,00,00,63,00,6d,00,64,00,69,00,64,00,65,00,00,00,63,00,68,00,61,\
00,6e,00,67,00,65,00,72,00,00,00,63,00,64,00,72,00,6f,00,6d,00,00,00,43,00,\
64,00,6d,00,00,00,63,00,64,00,66,00,73,00,00,00,63,00,64,00,61,00,75,00,64,\
00,69,00,6f,00,00,00,63,00,64,00,32,00,30,00,78,00,72,00,6e,00,74,00,00,00,\
63,00,62,00,69,00,64,00,66,00,32,00,6b,00,00,00,42,00,72,00,6f,00,77,00,73,\
00,65,00,72,00,00,00,42,00,49,00,54,00,53,00,00,00,62,00,65,00,65,00,70,00,\
00,00,61,00,78,00,73,00,61,00,6b,00,69,00,00,00,41,00,74,00,6d,00,61,00,72,\
00,70,00,63,00,00,00,61,00,74,00,64,00,69,00,73,00,6b,00,00,00,61,00,74,00,\
61,00,70,00,69,00,00,00,41,00,73,00,79,00,6e,00,63,00,4d,00,61,00,63,00,00,\
00,61,00,73,00,63,00,33,00,35,00,35,00,30,00,00,00,61,00,73,00,63,00,33,00,\
33,00,35,00,30,00,70,00,00,00,61,00,73,00,63,00,00,00,41,00,72,00,70,00,31,\
00,33,00,39,00,34,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,\
69,00,6f,00,6e,00,20,00,50,00,6f,00,70,00,75,00,70,00,00,00,61,00,6d,00,73,\
00,69,00,6e,00,74,00,00,00,61,00,6d,00,69,00,30,00,6e,00,74,00,00,00,61,00,\
6c,00,69,00,69,00,64,00,65,00,00,00,41,00,6c,00,65,00,72,00,74,00,65,00,72,\
00,00,00,61,00,69,00,63,00,37,00,38,00,78,00,78,00,00,00,61,00,69,00,63,00,\
37,00,38,00,75,00,32,00,00,00,61,00,68,00,61,00,31,00,35,00,34,00,78,00,00,\
00,61,00,64,00,70,00,75,00,31,00,36,00,30,00,6d,00,00,00,61,00,63,00,70,00,\
69,00,65,00,63,00,00,00,61,00,63,00,70,00,69,00,00,00,61,00,62,00,70,00,34,\
00,38,00,30,00,6e,00,35,00,00,00,61,00,62,00,69,00,6f,00,73,00,64,00,73,00,\
6b,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\F-Secure Gatekeeper]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\F-Secure Gatekeeper]
; Contents of value:
; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,2d,00,53,00,65,00,\
63,00,75,00,72,00,65,00,5c,00,41,00,6e,00,74,00,69,00,2d,00,56,00,69,00,72,\
00,75,00,73,00,5c,00,6d,00,69,00,6e,00,69,00,66,00,69,00,6c,00,74,00,65,00,\
72,00,5c,00,66,00,73,00,67,00,6b,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe:*:Enabled:F-Secure Automatic Update"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BACKWEB_PLUG-IN_-_7681197\0000]
"DeviceDesc"="F-Secure Automatic Update"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"Service"="F-Secure Filter"
"DeviceDesc"="F-Secure File System Filter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_GATEKEEPER]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_GATEKEEPER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_GATEKEEPER\0000]
"Service"="F-Secure Gatekeeper"
"DeviceDesc"="F-Secure Gatekeeper"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_GATEKEEPER\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_GATEKEEPER_HANDLER_STARTER]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_GATEKEEPER_HANDLER_STARTER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_GATEKEEPER_HANDLER_STARTER\0000]
"Service"="F-Secure Gatekeeper Handler Starter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_HIPS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_HIPS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_HIPS\0000]
"Service"="F-Secure HIPS"
"DeviceDesc"="F-Secure HIPS Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_HIPS\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"Service"="F-Secure Recognizer"
"DeviceDesc"="F-Secure File System Recognizer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FSFW\0000]
"DeviceDesc"="F-Secure Firewall Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FSMA\0000]
"DeviceDesc"="F-Secure Management Agent"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FSORSPCLIENT\0000]
"DeviceDesc"="F-Secure ORSP Client"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackWeb Plug-in - 7681197]
; Contents of value:
; C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
"ImagePath"=hex(2):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,\
31,00,5c,00,46,00,2d,00,53,00,65,00,63,00,75,00,72,00,65,00,5c,00,42,00,61,\
00,63,00,6b,00,57,00,65,00,62,00,5c,00,37,00,36,00,38,00,31,00,31,00,39,00,\
37,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,5c,00,53,00,45,00,52,\
00,56,00,49,00,43,00,7e,00,31,00,2e,00,45,00,58,00,45,00,00,00
"DisplayName"="F-Secure Automatic Update"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\BackWeb Plug-in - 7681197]
"EventMessageFile"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\ServiceWrapper.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System]
;

MaxDamageCZ · Příspěvekod **MaxDamageCZ** » 30 črc 2009 13:55

DRUHÁ ČÁST:

Contents of value:
; WZCSVC
; Wudf01000
; WpdUsb
; WPDMTPDriver
; WPDClassInstaller
; Workstation
; WMPNetworkSvc
; WindowsMedia
; Windows Update Agent
; Windows Script Host
; Windows Installer 3.1
; Windows File Protection
; Win32k
; WgaNotify
; WGA
; Wdf01005
; Wdf01000
; W32Time
; Vyměnitelné úložiště
; VolSnap
; viaide
; VgaSave
; USER32
; UPS
; ultra
; udfs
; toside
; TermServSessDir
; TermService
; TermServDevices
; TermDD
; tdi
; TCPMon
; Tcpip
; System Error
; sym_u3
; sym_hi
; symc8xx
; symc810
; StillImage
; SSDPSRV
; Srv
; srservice
; sr
; sptd
; sparrow
; sndblst
; SMSvcHost 3.0.0.0
; Simbad
; SideBySide
; sfloppy
; Setup
; Service Control Manager
; Server
; serial
; scsiport
; Schedule
; Schannel
; SCardSvr
; Save Dump
; SAM
; RSVP
; RemoteAccess
; redbook
; Rdbss
; RasMan
; RasAuto
; ql1280
; ql1240
; ql12160
; ql10wnt
; ql1080
; PSched
; Processor
; PrintFilterPipelineSvc
; Print
; PptpMiniport
; PolicyAgent
; PlugPlayManager
; perc2
; pcmcia
; pciide
; pci
; parvdm
; partmgr
; parport
; OSPFMib
; OSPF
; NVENETFD
; nvata
; nv
; null
; NtServicePack
; ntfs
; npfs
; Nla
; NIC1394
; Netlogon
; NetDDE
; NetBT
; NetBIOS
; NdisWan
; NdisIP
; ndis
; napipsecenf
; napagent
; Mup
; msfs
; MSDTC WS-AT Protocol
; MSDTC Gateway
; msadlib
; MrxSmb
; MRxDAV
; mraid35x
; mouhid
; mouclass
; Modem
; LsaSrv
; LmHosts
; LDMS
; LDM
; lbrtfdc
; Kerberos
; kbdclass
; KB929969
; KB928090-IE7
; isapnp
; irsir
; IPXSAP
; IPXRouterManager
; IPXRIP
; IPXCP
; IPSec
; IPRouterManager
; IPRIP2
; IPNATHLP
; IPMGM
; IPBOOTP
; Internet Explorer 8
; Internet Explorer 7 Disk
; intelide
; ini910u
; IGMPv2
; i8042prt
; i2omp
; i2omgmt
; Http
; hpn
; ftdisk
; fs_rec
; flpydisk
; Fips
; fdc
; fastfat
; F-Secure Gatekeeper
; eventlog
; efs
; dtscsi
; dpti2o
; Dnscache
; Dnsapi
; dmio
; dmboot
; Distributed Link Tracking Client
; disk
; DhcpQec
; Dhcp
; DfsSvc
; DfsDriver
; DCOM
; dac960nt
; dac2w2k
; cryptsvc
; cpqarray
; cmdide
; changer
; cdrom
; Cdm
; cdfs
; cdaudio
; cd20xrnt
; cbidf2k
; Browser
; BITS
; beep
; axsaki
; Atmarpc
; atdisk
; atapi
; AsyncMac
; asc3550
; asc3350p
; asc
; Arp1394
; Application Popup
; amsint
; ami0nt
; aliide
; Alerter
; aic78xx
; aic78u2
; aha154x
; adpu160m
; acpiec
; acpi
; abp480n5
; abiosdsk
; System
;
"Sources"=hex(7):57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,75,00,64,00,\
66,00,30,00,31,00,30,00,30,00,30,00,00,00,57,00,70,00,64,00,55,00,73,00,62,\
00,00,00,57,00,50,00,44,00,4d,00,54,00,50,00,44,00,72,00,69,00,76,00,65,00,\
72,00,00,00,57,00,50,00,44,00,43,00,6c,00,61,00,73,00,73,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,57,00,6f,00,72,00,6b,00,73,00,\
74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,4d,00,50,00,4e,00,65,00,74,\
00,77,00,6f,00,72,00,6b,00,53,00,76,00,63,00,00,00,57,00,69,00,6e,00,64,00,\
6f,00,77,00,73,00,4d,00,65,00,64,00,69,00,61,00,00,00,57,00,69,00,6e,00,64,\
00,6f,00,77,00,73,00,20,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,41,00,\
67,00,65,00,6e,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,\
00,53,00,63,00,72,00,69,00,70,00,74,00,20,00,48,00,6f,00,73,00,74,00,00,00,\
57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,74,00,61,\
00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,31,00,00,00,57,00,69,00,6e,00,\
64,00,6f,00,77,00,73,00,20,00,46,00,69,00,6c,00,65,00,20,00,50,00,72,00,6f,\
00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,33,00,\
32,00,6b,00,00,00,57,00,67,00,61,00,4e,00,6f,00,74,00,69,00,66,00,79,00,00,\
00,57,00,47,00,41,00,00,00,57,00,64,00,66,00,30,00,31,00,30,00,30,00,35,00,\
00,00,57,00,64,00,66,00,30,00,31,00,30,00,30,00,30,00,00,00,57,00,33,00,32,\
00,54,00,69,00,6d,00,65,00,00,00,56,00,79,00,6d,00,1b,01,6e,00,69,00,74,00,\
65,00,6c,00,6e,00,e9,00,20,00,fa,00,6c,00,6f,00,7e,01,69,00,61,01,74,00,1b,\
01,00,00,56,00,6f,00,6c,00,53,00,6e,00,61,00,70,00,00,00,76,00,69,00,61,00,\
69,00,64,00,65,00,00,00,56,00,67,00,61,00,53,00,61,00,76,00,65,00,00,00,55,\
00,53,00,45,00,52,00,33,00,32,00,00,00,55,00,50,00,53,00,00,00,75,00,6c,00,\
74,00,72,00,61,00,00,00,75,00,64,00,66,00,73,00,00,00,74,00,6f,00,73,00,69,\
00,64,00,65,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,53,00,\
65,00,73,00,73,00,44,00,69,00,72,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,\
72,00,76,00,44,00,65,00,76,00,69,00,63,00,65,00,73,00,00,00,54,00,65,00,72,\
00,6d,00,44,00,44,00,00,00,74,00,64,00,69,00,00,00,54,00,43,00,50,00,4d,00,\
6f,00,6e,00,00,00,54,00,63,00,70,00,69,00,70,00,00,00,53,00,79,00,73,00,74,\
00,65,00,6d,00,20,00,45,00,72,00,72,00,6f,00,72,00,00,00,73,00,79,00,6d,00,\
5f,00,75,00,33,00,00,00,73,00,79,00,6d,00,5f,00,68,00,69,00,00,00,73,00,79,\
00,6d,00,63,00,38,00,78,00,78,00,00,00,73,00,79,00,6d,00,63,00,38,00,31,00,\
30,00,00,00,53,00,74,00,69,00,6c,00,6c,00,49,00,6d,00,61,00,67,00,65,00,00,\
00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,53,00,72,00,76,00,00,00,\
73,00,72,00,73,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,73,00,72,00,00,\
00,73,00,70,00,74,00,64,00,00,00,73,00,70,00,61,00,72,00,72,00,6f,00,77,00,\
00,00,73,00,6e,00,64,00,62,00,6c,00,73,00,74,00,00,00,53,00,4d,00,53,00,76,\
00,63,00,48,00,6f,00,73,00,74,00,20,00,33,00,2e,00,30,00,2e,00,30,00,2e,00,\
30,00,00,00,53,00,69,00,6d,00,62,00,61,00,64,00,00,00,53,00,69,00,64,00,65,\
00,42,00,79,00,53,00,69,00,64,00,65,00,00,00,73,00,66,00,6c,00,6f,00,70,00,\
70,00,79,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,20,00,\
4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,00,65,00,72,00,76,00,65,\
00,72,00,00,00,73,00,65,00,72,00,69,00,61,00,6c,00,00,00,73,00,63,00,73,00,\
69,00,70,00,6f,00,72,00,74,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,\
00,65,00,00,00,53,00,63,00,68,00,61,00,6e,00,6e,00,65,00,6c,00,00,00,53,00,\
43,00,61,00,72,00,64,00,53,00,76,00,72,00,00,00,53,00,61,00,76,00,65,00,20,\
00,44,00,75,00,6d,00,70,00,00,00,53,00,41,00,4d,00,00,00,52,00,53,00,56,00,\
50,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,\
00,73,00,00,00,72,00,65,00,64,00,62,00,6f,00,6f,00,6b,00,00,00,52,00,64,00,\
62,00,73,00,73,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,52,00,61,\
00,73,00,41,00,75,00,74,00,6f,00,00,00,71,00,6c,00,31,00,32,00,38,00,30,00,\
00,00,71,00,6c,00,31,00,32,00,34,00,30,00,00,00,71,00,6c,00,31,00,32,00,31,\
00,36,00,30,00,00,00,71,00,6c,00,31,00,30,00,77,00,6e,00,74,00,00,00,71,00,\
6c,00,31,00,30,00,38,00,30,00,00,00,50,00,53,00,63,00,68,00,65,00,64,00,00,\
00,50,00,72,00,6f,00,63,00,65,00,73,00,73,00,6f,00,72,00,00,00,50,00,72,00,\
69,00,6e,00,74,00,46,00,69,00,6c,00,74,00,65,00,72,00,50,00,69,00,70,00,65,\
00,6c,00,69,00,6e,00,65,00,53,00,76,00,63,00,00,00,50,00,72,00,69,00,6e,00,\
74,00,00,00,50,00,70,00,74,00,70,00,4d,00,69,00,6e,00,69,00,70,00,6f,00,72,\
00,74,00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,41,00,67,00,65,00,6e,00,\
74,00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,4d,00,61,00,6e,\
00,61,00,67,00,65,00,72,00,00,00,70,00,65,00,72,00,63,00,32,00,00,00,70,00,\
63,00,6d,00,63,00,69,00,61,00,00,00,70,00,63,00,69,00,69,00,64,00,65,00,00,\
00,70,00,63,00,69,00,00,00,70,00,61,00,72,00,76,00,64,00,6d,00,00,00,70,00,\
61,00,72,00,74,00,6d,00,67,00,72,00,00,00,70,00,61,00,72,00,70,00,6f,00,72,\
00,74,00,00,00,4f,00,53,00,50,00,46,00,4d,00,69,00,62,00,00,00,4f,00,53,00,\
50,00,46,00,00,00,4e,00,56,00,45,00,4e,00,45,00,54,00,46,00,44,00,00,00,6e,\
00,76,00,61,00,74,00,61,00,00,00,6e,00,76,00,00,00,6e,00,75,00,6c,00,6c,00,\
00,00,4e,00,74,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,61,00,63,\
00,6b,00,00,00,6e,00,74,00,66,00,73,00,00,00,6e,00,70,00,66,00,73,00,00,00,\
4e,00,6c,00,61,00,00,00,4e,00,49,00,43,00,31,00,33,00,39,00,34,00,00,00,4e,\
00,65,00,74,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,\
44,00,45,00,00,00,4e,00,65,00,74,00,42,00,54,00,00,00,4e,00,65,00,74,00,42,\
00,49,00,4f,00,53,00,00,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,00,00,\
4e,00,64,00,69,00,73,00,49,00,50,00,00,00,6e,00,64,00,69,00,73,00,00,00,6e,\
00,61,00,70,00,69,00,70,00,73,00,65,00,63,00,65,00,6e,00,66,00,00,00,6e,00,\
61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,4d,00,75,00,70,00,00,00,6d,\
00,73,00,66,00,73,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,57,00,53,00,\
2d,00,41,00,54,00,20,00,50,00,72,00,6f,00,74,00,6f,00,63,00,6f,00,6c,00,00,\
00,4d,00,53,00,44,00,54,00,43,00,20,00,47,00,61,00,74,00,65,00,77,00,61,00,\
79,00,00,00,6d,00,73,00,61,00,64,00,6c,00,69,00,62,00,00,00,4d,00,72,00,78,\
00,53,00,6d,00,62,00,00,00,4d,00,52,00,78,00,44,00,41,00,56,00,00,00,6d,00,\
72,00,61,00,69,00,64,00,33,00,35,00,78,00,00,00,6d,00,6f,00,75,00,68,00,69,\
00,64,00,00,00,6d,00,6f,00,75,00,63,00,6c,00,61,00,73,00,73,00,00,00,4d,00,\
6f,00,64,00,65,00,6d,00,00,00,4c,00,73,00,61,00,53,00,72,00,76,00,00,00,4c,\
00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,4c,00,44,00,4d,00,53,00,00,00,\
4c,00,44,00,4d,00,00,00,6c,00,62,00,72,00,74,00,66,00,64,00,63,00,00,00,4b,\
00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,00,6b,00,62,00,64,00,63,00,\
6c,00,61,00,73,00,73,00,00,00,4b,00,42,00,39,00,32,00,39,00,39,00,36,00,39,\
00,00,00,4b,00,42,00,39,00,32,00,38,00,30,00,39,00,30,00,2d,00,49,00,45,00,\
37,00,00,00,69,00,73,00,61,00,70,00,6e,00,70,00,00,00,69,00,72,00,73,00,69,\
00,72,00,00,00,49,00,50,00,58,00,53,00,41,00,50,00,00,00,49,00,50,00,58,00,\
52,00,6f,00,75,00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,\
00,00,00,49,00,50,00,58,00,52,00,49,00,50,00,00,00,49,00,50,00,58,00,43,00,\
50,00,00,00,49,00,50,00,53,00,65,00,63,00,00,00,49,00,50,00,52,00,6f,00,75,\
00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,49,00,\
50,00,52,00,49,00,50,00,32,00,00,00,49,00,50,00,4e,00,41,00,54,00,48,00,4c,\
00,50,00,00,00,49,00,50,00,4d,00,47,00,4d,00,00,00,49,00,50,00,42,00,4f,00,\
4f,00,54,00,50,00,00,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,\
00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,20,00,38,00,00,00,49,00,\
6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,\
00,72,00,65,00,72,00,20,00,37,00,20,00,44,00,69,00,73,00,6b,00,00,00,69,00,\
6e,00,74,00,65,00,6c,00,69,00,64,00,65,00,00,00,69,00,6e,00,69,00,39,00,31,\
00,30,00,75,00,00,00,49,00,47,00,4d,00,50,00,76,00,32,00,00,00,69,00,38,00,\
30,00,34,00,32,00,70,00,72,00,74,00,00,00,69,00,32,00,6f,00,6d,00,70,00,00,\
00,69,00,32,00,6f,00,6d,00,67,00,6d,00,74,00,00,00,48,00,74,00,74,00,70,00,\
00,00,68,00,70,00,6e,00,00,00,66,00,74,00,64,00,69,00,73,00,6b,00,00,00,66,\
00,73,00,5f,00,72,00,65,00,63,00,00,00,66,00,6c,00,70,00,79,00,64,00,69,00,\
73,00,6b,00,00,00,46,00,69,00,70,00,73,00,00,00,66,00,64,00,63,00,00,00,66,\
00,61,00,73,00,74,00,66,00,61,00,74,00,00,00,46,00,2d,00,53,00,65,00,63,00,\
75,00,72,00,65,00,20,00,47,00,61,00,74,00,65,00,6b,00,65,00,65,00,70,00,65,\
00,72,00,00,00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,65,00,\
66,00,73,00,00,00,64,00,74,00,73,00,63,00,73,00,69,00,00,00,64,00,70,00,74,\
00,69,00,32,00,6f,00,00,00,44,00,6e,00,73,00,63,00,61,00,63,00,68,00,65,00,\
00,00,44,00,6e,00,73,00,61,00,70,00,69,00,00,00,64,00,6d,00,69,00,6f,00,00,\
00,64,00,6d,00,62,00,6f,00,6f,00,74,00,00,00,44,00,69,00,73,00,74,00,72,00,\
69,00,62,00,75,00,74,00,65,00,64,00,20,00,4c,00,69,00,6e,00,6b,00,20,00,54,\
00,72,00,61,00,63,00,6b,00,69,00,6e,00,67,00,20,00,43,00,6c,00,69,00,65,00,\
6e,00,74,00,00,00,64,00,69,00,73,00,6b,00,00,00,44,00,68,00,63,00,70,00,51,\
00,65,00,63,00,00,00,44,00,68,00,63,00,70,00,00,00,44,00,66,00,73,00,53,00,\
76,00,63,00,00,00,44,00,66,00,73,00,44,00,72,00,69,00,76,00,65,00,72,00,00,\
00,44,00,43,00,4f,00,4d,00,00,00,64,00,61,00,63,00,39,00,36,00,30,00,6e,00,\
74,00,00,00,64,00,61,00,63,00,32,00,77,00,32,00,6b,00,00,00,63,00,72,00,79,\
00,70,00,74,00,73,00,76,00,63,00,00,00,63,00,70,00,71,00,61,00,72,00,72,00,\
61,00,79,00,00,00,63,00,6d,00,64,00,69,00,64,00,65,00,00,00,63,00,68,00,61,\
00,6e,00,67,00,65,00,72,00,00,00,63,00,64,00,72,00,6f,00,6d,00,00,00,43,00,\
64,00,6d,00,00,00,63,00,64,00,66,00,73,00,00,00,63,00,64,00,61,00,75,00,64,\
00,69,00,6f,00,00,00,63,00,64,00,32,00,30,00,78,00,72,00,6e,00,74,00,00,00,\
63,00,62,00,69,00,64,00,66,00,32,00,6b,00,00,00,42,00,72,00,6f,00,77,00,73,\
00,65,00,72,00,00,00,42,00,49,00,54,00,53,00,00,00,62,00,65,00,65,00,70,00,\
00,00,61,00,78,00,73,00,61,00,6b,00,69,00,00,00,41,00,74,00,6d,00,61,00,72,\
00,70,00,63,00,00,00,61,00,74,00,64,00,69,00,73,00,6b,00,00,00,61,00,74,00,\
61,00,70,00,69,00,00,00,41,00,73,00,79,00,6e,00,63,00,4d,00,61,00,63,00,00,\
00,61,00,73,00,63,00,33,00,35,00,35,00,30,00,00,00,61,00,73,00,63,00,33,00,\
33,00,35,00,30,00,70,00,00,00,61,00,73,00,63,00,00,00,41,00,72,00,70,00,31,\
00,33,00,39,00,34,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,\
69,00,6f,00,6e,00,20,00,50,00,6f,00,70,00,75,00,70,00,00,00,61,00,6d,00,73,\
00,69,00,6e,00,74,00,00,00,61,00,6d,00,69,00,30,00,6e,00,74,00,00,00,61,00,\
6c,00,69,00,69,00,64,00,65,00,00,00,41,00,6c,00,65,00,72,00,74,00,65,00,72,\
00,00,00,61,00,69,00,63,00,37,00,38,00,78,00,78,00,00,00,61,00,69,00,63,00,\
37,00,38,00,75,00,32,00,00,00,61,00,68,00,61,00,31,00,35,00,34,00,78,00,00,\
00,61,00,64,00,70,00,75,00,31,00,36,00,30,00,6d,00,00,00,61,00,63,00,70,00,\
69,00,65,00,63,00,00,00,61,00,63,00,70,00,69,00,00,00,61,00,62,00,70,00,34,\
00,38,00,30,00,6e,00,35,00,00,00,61,00,62,00,69,00,6f,00,73,00,64,00,73,00,\
6b,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\F-Secure Gatekeeper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\F-Secure Gatekeeper]
; Contents of value:
; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,2d,00,53,00,65,00,\
63,00,75,00,72,00,65,00,5c,00,41,00,6e,00,74,00,69,00,2d,00,56,00,69,00,72,\
00,75,00,73,00,5c,00,6d,00,69,00,6e,00,69,00,66,00,69,00,6c,00,74,00,65,00,\
72,00,5c,00,66,00,73,00,67,00,6b,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe:*:Enabled:F-Secure Automatic Update"

[HKEY_USERS\S-1-5-21-1409082233-220523388-1801674531-1004\Software\Microsoft\Windows Desktop Search\DB]
; Contents of value:
; Adware
; Toolbar
; Firefox
; F-Secure
; F-secure
;
"SearchStrings"=hex(7):41,00,64,00,77,00,61,00,72,00,65,00,00,00,54,00,6f,00,\
6f,00,6c,00,62,00,61,00,72,00,00,00,46,00,69,00,72,00,65,00,66,00,6f,00,78,\
00,00,00,46,00,2d,00,53,00,65,00,63,00,75,00,72,00,65,00,00,00,46,00,2d,00,\
73,00,65,00,63,00,75,00,72,00,65,00,00,00,00,00

[HKEY_USERS\S-1-5-21-1409082233-220523388-1801674531-1004\Software\Netscape\Netscape Navigator\User Trusted External Applications]
"C:\\PROGRA~1\\F-Secure\\BackWeb\\7681197\\632~1.116\\Program\\REGISTER.EXE"="Yes"
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\PrvCnt.exe"="Yes"

[HKEY_USERS\S-1-5-21-1409082233-220523388-1801674531-1004\Software\Netscape\Netscape Navigator\Viewers]
"application/x-iad"="C:\\PROGRA~1\\F-Secure\\BackWeb\\7681197\\632~1.116\\Program\\REGISTER.EXE"
"application/x-bwpreview"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\6.3.2.116-7681197L\\Program\\PrvCnt.exe"

; End Of The Log...

MaxDamageCZ · Příspěvekod **MaxDamageCZ** » 30 črc 2009 16:59

ComboFix 09-07-29.04 - Marek 30.07.2009 16:42.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.548 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sfcfiles.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-28 do 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 11:56 . 2009-07-30 11:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-29 21:09 . 2009-07-29 21:10 -------- dc----w- C:\HostsXpert 4.2 - Hosts File Manager
2009-07-29 09:39 . 2009-07-29 09:39 -------- d-----w- c:\program files\ESET
2009-07-28 19:19 . 2009-07-28 19:19 -------- dcs---w- C:\VerTerm
2009-07-28 17:50 . 2009-07-28 17:50 -------- d-----w- c:\program files\PetrLite
2009-07-28 16:14 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 16:14 . 2009-07-30 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 16:14 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 15:52 . 2009-07-28 15:52 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-07-28 15:36 . 2009-07-28 15:36 -------- d-----w- c:\program files\CCleaner
2009-07-28 15:30 . 2009-07-28 15:30 118842 ------r- c:\windows\bwUnin-6.3.2.116-7681197L.exe
2009-07-28 15:16 . 2009-07-28 15:25 -------- d-----w- c:\program files\RegCleaner
2009-07-28 14:03 . 2009-07-28 14:03 -------- d-----w- c:\program files\McAfee UnInstaller 6.5 Demo English
2009-07-28 13:58 . 2007-08-15 11:09 159744 ----a-w- c:\windows\system32\wt_menu.dll
2009-07-28 13:58 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-07-28 13:58 . 1999-02-09 19:40 188928 ----a-w- c:\windows\system32\vbuzip10.DLL
2009-07-28 13:58 . 2009-07-28 13:59 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2009-07-28 13:57 . 2009-07-28 13:57 -------- d-----w- c:\program files\VS Revo Group
2009-07-28 08:44 . 2009-07-30 08:15 -------- d-----w- c:\program files\Trend Micro
2009-07-27 15:13 . 2009-07-27 15:14 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-27 14:14 . 2009-07-27 14:14 -------- d-----w- c:\program files\XnView
2009-07-27 14:00 . 2009-07-27 14:00 -------- d-----w- c:\program files\RealWorld Cursor Editor
2009-07-27 13:56 . 2009-07-27 13:56 -------- d-----w- c:\program files\ImageForge3
2009-07-27 13:50 . 2009-07-27 13:50 -------- d-----w- c:\program files\HTML editor Yugie-shareware
2009-07-27 10:24 . 2009-07-27 10:24 -------- d-----w- c:\program files\BlueVoda Website Builder
2009-07-21 09:24 . 2009-07-21 09:24 -------- d-----w- c:\program files\Audacity
2009-07-21 09:21 . 2009-07-21 09:22 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-07-16 17:15 . 2009-07-16 17:18 -------- d-----w- c:\program files\Castle Strike

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 11:55 . 2008-06-02 12:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-28 14:43 . 2004-08-18 12:00 98248 ----a-w- c:\windows\system32\perfc005.dat
2009-07-28 14:43 . 2004-08-18 12:00 475242 ----a-w- c:\windows\system32\perfh005.dat
2009-07-27 15:41 . 2006-07-04 06:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 15:10 . 2006-07-05 17:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-26 15:54 . 2006-09-18 08:29 -------- d-----w- c:\program files\Illusion Softworks
2009-07-20 12:45 . 2006-07-05 17:36 -------- d-----w- c:\program files\GameSpy Arcade
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 11:44 . 2009-06-30 11:44 -------- d-----w- c:\program files\MumboJumbo
2009-06-29 10:33 . 2009-05-06 17:54 -------- d-----w- c:\program files\Stykz
2009-06-29 06:30 . 2009-06-13 15:47 -------- d-----w- c:\program files\World of Warcraft
2009-06-28 18:06 . 2007-05-18 18:18 -------- d-----w- c:\program files\Take2
2009-06-20 11:45 . 2006-09-09 18:52 -------- d-----w- c:\program files\Google
2009-06-16 14:40 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 11:50 . 2009-06-14 11:50 -------- d-----w- c:\program files\Zeallsoft
2009-06-14 11:29 . 2009-06-14 11:06 -------- d-----w- c:\program files\Active GIF Creator 2.23
2009-06-12 16:16 . 2007-12-25 16:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-11 18:08 . 2008-08-02 17:50 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-03 19:11 . 2004-08-18 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-12 13:12 . 2006-07-04 06:30 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:33 . 2004-08-18 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2004-08-23 21:38 . 2004-08-23 21:38 3371 ----a-w- c:\program files\!!!readme.txt
2004-08-23 19:08 . 2004-08-23 19:08 83968 -c--a-w- c:\program files\NB_NB_2_12_37.xls
2009-06-21 17:55 . 2009-06-21 17:55 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2004-08-18 12:00 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-18 12:00 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\dllcache\cache\user32.dll

[-] 2004-08-18 12:00 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2004-09-29 18:47 657920 3D987C084927B0659B7C67B15E1D9C6B c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-01-27 17:13 658944 D776B63CBF7B14EE250A2ACDDF54FC1F c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2005-05-02 20:58 659968 DA1E104C7BF89D1FC5CDD8A0E7E568F2 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:48 658944 C66FBBA2EEFED620444723952555063A c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-09-02 23:55 661504 5E7263B2EE473B8EDBAB9A7D578018F0 c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:11 660480 821C54493C4D59CFAB7B063B6BA852A0 c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:39 662528 FEA61DB28F80AA80550031772B8A9317 c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 04:01 664576 E0777FA738FC2FB56D00D795ECD49E26 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:27 664576 249006609C731D37878898D3441B19A2 c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:26 665600 B12340414F3F9E9AD2FC44F270E7F20D c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:38 665600 98E41746DCC233D9B9DB86B8D925E6C9 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:35 665600 6F6877035D64FA0177A9FAA33442C163 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 666112 614D523873176FD5E044DF4692A42B28 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2007-03-07 17:40 823296 26385A8FEF4BFB1FE968D91A2E64363A c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 08:33 823808 54788092197F979ED036CC5A30F167A5 c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 14:14 824320 A374CF2EE24EA633D6243ED4460D6AC1 c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 09:50 825344 DA2FA7DBCA39C906354BCD7F53D8E796 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:41 825344 3C48D8EFA3FFA68F7AEAAAFFAB6B9CB3 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 01:59 825344 32CC73F851F377B035A5B8216CAC63CE c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 12:35 827392 46A1A52EB6C86344C6EBF65B17404C90 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 04:21 827392 03727BB0DE4D4902F951D3BD7D0AC4FE c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 15:41 827904 57BE3F6CA8282AC863C16862C1B65964 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:12 827904 A74381B8D7024B2D8BB5691A93F825B8 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 19:49 827904 A72D6CC0F715D415003478294C4ECB2A c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:48 827904 A039CE5F34BF98760F877B29E5A1D4CD c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:16 828416 3D7B87D8102C41BABBE5922B5275AA7C c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-05-13 05:09 915456 0C20BF283DE5BA50060240383B8AA41C c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 17:02 915456 0B1AA91DFEDB1298FF7D93EBA45F8DB5 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2004-08-18 12:00 657408 50D263E3454E8357D13BB598129185AD c:\windows\$NtUninstallKB834707$\wininet.dll
[-] 2004-09-29 18:49 657920 11B543D22F1E59F12C4BA48E60C447F9 c:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2005-03-10 08:06 657920 EFFD6E417816BDB0016E519140212C11 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-01-27 17:14 657920 1A57E580E6B21D6ABB3DEBFA7F65409D c:\windows\$NtUninstallKB890923$\wininet.dll
[-] 2005-07-03 02:16 659456 F0F4157A9EBB77A1D754DD50C4C06995 c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-05-02 20:57 658944 BF88433A5B5C55928600AC429476C43A c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-09-02 23:55 659456 3C4DE7D7B08D3ADFF3AA4C6BEAFC7590 c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-10-21 03:41 659456 B95FADCF8A69CB24B7F0F452F1B2BD7B c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:35 659456 F7ED312DB6E36132E271272D17D972CF c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:25 659456 AC5D4F94CA5C7AF79266855E953C5049 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:16 659968 EC4A8AEE77A4E4919AD1B8049FD93302 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:40 659968 2E6563415AA101DA735498C788DEC0C0 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:19 659968 20BC7682E65644E445A00B75F74FE7E6 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 13:58 659968 B2B67A6182C0E17E6A21619BF7F1AAD8 c:\windows\ie7\wininet.dll
[-] 2006-11-07 19:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2007-01-12 07:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2007-03-07 17:42 822784 F2C6FAB63EF6C45CA34D7F8DFC967622 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-04-25 07:43 822784 72423FA15617A2D6C4A6CEE1E978F380 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-06-27 14:10 823808 AD8142C3A9383F48545B7DBC1280CF28 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 10:02 824832 050FE6EE7604DF5D5101AC2618D73D65 c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:50 824832 C543CC3D7A05FB0D23107C89115811A0 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:14 824832 E9B04B01D5A1ECC47B2E4364D171CF23 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 13:02 826368 4B0D8A282E0BEF3E52B8B6449D8473DD c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 B2F04AA876DC2E15B59B509DE727F415 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:42 826368 01EF5E10F55A5AE4D49C93C25879921E c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 08:27 826368 0930F57122FF74739E3684D0016877F1 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:33 826368 84801E4617B5AFB065DD58438850587D c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 23:03 826368 793DA751C812EFC3C6786BBD3B8489A8 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:14 826368 BA2611F55D9AE29554008ADBC49D7664 c:\windows\ie8\wininet.dll
[-] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-05-13 05:05 915456 9122013C5668D967C4AE7F52252898DE c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2008-04-14 03:22 667136 3FE5E65A7ED9EC98AEE9167CA07812D3 c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-07-03 16:59 915456 FCD887F2BA15CD8D95F8D70766D42739 c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3GDR\wininet.dll
[-] 2009-07-03 17:02 915456 0B1AA91DFEDB1298FF7D93EBA45F8DB5 c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3QFE\wininet.dll
[-] 2006-06-23 11:16 659968 EC4A8AEE77A4E4919AD1B8049FD93302 c:\windows\SoftwareDistribution\Download\de2191b3a819eb982752efb6e73c92d3\sp2gdr\wininet.dll
[-] 2006-06-23 11:26 665600 B12340414F3F9E9AD2FC44F270E7F20D c:\windows\SoftwareDistribution\Download\de2191b3a819eb982752efb6e73c92d3\sp2qfe\wininet.dll
[-] 2009-07-03 16:59 915456 FCD887F2BA15CD8D95F8D70766D42739 c:\windows\system32\wininet.dll
[-] 2009-07-03 16:59 915456 FCD887F2BA15CD8D95F8D70766D42739 c:\windows\system32\dllcache\wininet.dll
[-] 2009-05-13 05:05 915456 9122013C5668D967C4AE7F52252898DE c:\windows\system32\dllcache\cache\wininet.dll

[-] 2005-03-14 01:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-18 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-03-14 00:55 359808 0E66B538096A6529D1AC66E78EB0D5C8 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\cache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-18 12:00 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\dllcache\cache\winlogon.exe

[-] 2004-08-18 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2004-08-18 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 08:14 2059008 9355304DD565E23F8EE294720B2C03E5 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 18:47 2061568 C709E82BC1566DACB28173C64E370E49 c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:09 2061568 A873FF1754E2A81CB1A34588CAB363D6 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:19 2068352 FF8A3F180A224AA27EBAB937CA027F4D c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 17:26 2068224 5495B7902AE2EEE3A98D889E9A679724 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 16:05 2059776 C80BCA19AA7D4DC37857E9F8250756DA c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-18 12:00 2059008 E86DD06F2B8F919DDF23F78A3BF2AA23 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:08 2059008 E32780E8939338B80EDFF39E2314C223 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 18:24 2059776 345A522BF2AB35E7060997E510F561AF c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-08-14 13:26 2068224 09CD607918C3F5600D8A111155F62CA6 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 02:36 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:36 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2005-03-02 18:14 2181632 7FABE135EAC02A4BC8094B831ADC0CC3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 18:47 2184192 1414C27CCDB54974C1C51D4236FC6FF1 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:09 2184320 D40B4F66D877802EC5E655B91B5490FA c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-10 17:18 2191360 97480EBFE1D4B547657BAD75AAAB1325 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 17:26 2191360 2BCBCE27A946C057051A85CB032F49FF c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:05 2182528 C09CA7FAFFC40BBFACEEB9F0F429F673 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-18 12:00 2183168 12C80E46DCEC9B82473D1B1B9DA1F16B c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:09 2181504 B0DAE70164CC79D1289EF3530A3646F1 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 18:24 2182528 57423A0AEEBA3AA16712BCA2FFF027B7 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-08-14 13:26 2191360 91F18AB1E9ACBF6E27A5545A8F57C89B c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 02:37 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:37 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\cache\ntoskrnl.exe

[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-18 12:00 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\$NtUninstallKB884883$\explorer.exe
[-] 2004-10-13 20:39 1032192 109B86EDAE49DCA28D9434E0FDD37579 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\system32\dllcache\cache\explorer.exe

[-] 2009-02-09 11:18 111104 3D107D45CCFDB266E91D84B52CD7F430 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-18 12:00 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\cache\services.exe

[-] 2004-08-18 12:00 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\dllcache\cache\lsass.exe

[-] 2004-08-18 12:00 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-18 12:00 57856 21B6FAA88044A41640E03EBB68BE93E8 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\dllcache\cache\spoolsv.exe

[-] 2004-08-18 12:00 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\dllcache\cache\userinit.exe

[-] 2004-08-18 12:00 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2006-07-05 10:58 983552 A0B58CBB3ADCD79F1414A8E62D2F719F c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:11 984576 2B33979FDE5D1B9293ADB025F323B0D9 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:54 983040 C23A84D7AB99678B2F1A52080280E4ED c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-18 12:00 982016 98DA079F61265BC26D4587E280B79F30 c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:57 982528 72FB9AA607A21FD2485286C478FB9B01 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\cache\kernel32.dll

[-] 2004-08-18 12:00 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\dllcache\cache\powrprof.dll

[-] 2004-08-18 12:00 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\dllcache\cache\imm32.dll

[-] 2004-08-18 12:00 24576 6F877BF8DC01A550CD666F3BEDB2213C c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\dllcache\cache\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-18 12:00 806912 B44F68274AB7B8A54E9AD74AFF0EFAAC c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\system32\comres.dll
[-] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\system32\dllcache\cache\comres.dll

[-] 2004-08-18 12:00 22016 BFE8DC7AAE7CB1C86243D77B340DC304 c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2008-04-14 03:21 22016 C66BA7BD13C8FB8BEC4863B88641C763 c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 03:21 22016 C66BA7BD13C8FB8BEC4863B88641C763 c:\windows\system32\lpk.dll
[-] 2008-04-14 03:21 22016 C66BA7BD13C8FB8BEC4863B88641C763 c:\windows\system32\dllcache\cache\lpk.dll

[-] 2004-08-18 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2004-08-18 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\cache\beep.sys
[-] 2004-08-18 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2004-08-18 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2004-08-18 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\cache\null.sys
[-] 2004-08-18 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 20:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\dllcache\cache\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys

[-] 2006-11-01 19:19 927504 6C44E5766939B7552BFF75B2B6FF1161 c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-18 12:00 924432 A9D81C87BEF253D4CE3A5F8CEE2526C4 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2008-04-14 03:21 927504 7C3351F60B759D5D917E68342AE3307C c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 03:21 927504 7C3351F60B759D5D917E68342AE3307C c:\windows\system32\mfc40u.dll
[-] 2008-04-14 03:21 927504 7C3351F60B759D5D917E68342AE3307C c:\windows\system32\dllcache\cache\mfc40u.dll

[-] 2005-01-14 05:08 395776 EB83A54CC8C1F0DF70EA67199747BCA0 c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2005-04-28 19:36 396288 5DE239E9CC9DB7430233EA7BE10EAD32 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:31 398336 46C3197AAC32EBA82453ACDD84114DC2 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2009-02-09 10:59 401408 C0BD34A62508BA68F146E22CE45919F9 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2005-07-26 04:42 397824 DBDE980506B54AE928D151D12419B425 c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2004-08-18 12:00 395776 C72C15EE57E248C66E57C76CAB086CF2 c:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2005-01-14 08:57 395776 F6A9A9EF24527C69DDAA576D965EBC39 c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-04-28 19:32 395776 676E6C3C8F3B4F8B64BE33FD20ADFCE2 c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2008-04-14 03:21 399360 C868F3AE15CF71A93F2AA3A32856D839 c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 03:21 399360 C868F3AE15CF71A93F2AA3A32856D839 c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2009-02-09 10:56 401408 BE27674D1CBC3214AEC84B4336A38BBF c:\windows\system32\rpcss.dll
[-] 2009-02-09 10:56 401408 BE27674D1CBC3214AEC84B4336A38BBF c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 10:56 401408 BE27674D1CBC3214AEC84B4336A38BBF c:\windows\system32\dllcache\cache\rpcss.dll

[-] 2004-08-18 12:00 33792 8B2FCBD881879B55BE40B41F12FFC431 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2008-04-14 03:21 33792 221CD1C815B8A6B79389C3F5D1018DE8 c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 03:21 33792 221CD1C815B8A6B79389C3F5D1018DE8 c:\windows\system32\msgsvc.dll
[-] 2008-04-14 03:21 33792 221CD1C815B8A6B79389C3F5D1018DE8 c:\windows\system32\dllcache\cache\msgsvc.dll

[-] 2006-08-25 15:51 617472 E26B26189B786E6B092F002041D5A1E2 c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-18 12:00 611328 876C658C44F2BF4AF050E5534A9F066F c:\windows\$NtUninstallKB884883$\comctl32.dll
[-] 2004-10-13 20:40 617472 761A6E19FF2635CC4CE2D00EA3B2BC21 c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\system32\comctl32.dll
[-] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\system32\dllcache\cache\comctl32.dll
[-] 2004-08-18 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-18 12:00 1050624 F76B3003366A205E05AFC0D034C7D3E9 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2004-10-13 20:40 1053696 3325C40CDC0C81C29895E06C1738ED24 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2527_x-ww_aa415c8a\comctl32.dll
[-] 2006-08-25 15:51 1054208 6CB1BAC5FA7E692B63C3D5AAA348E76A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2008-04-14 03:07 1054208 D7B7AE36A2EBA312AC4B53862019B3F5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2004-08-18 12:00 11776 AFDFF022A01F0B11C776F0860C3B282F c:\windows\system32\dllcache\cache\acpiec.sys
[-] 2004-08-18 12:00 11776 AFDFF022A01F0B11C776F0860C3B282F c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-18 12:00 5120 6CC2D21488333133AE0C9F44F6051CB7 c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2008-04-14 03:21 5120 5EE949255BABC0B17C09DDB2E59E3878 c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 03:21 5120 5EE949255BABC0B17C09DDB2E59E3878 c:\windows\system32\sfc.dll
[-] 2008-04-14 03:21 5120 5EE949255BABC0B17C09DDB2E59E3878 c:\windows\system32\dllcache\cache\sfc.dll

[-] 2004-08-18 12:00 407040 2591CADAEF7D2242039255028E577688 c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2008-04-14 03:21 407040 C2ED0E3408F50BBC149D4F0936E67832 c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 03:21 407040 C2ED0E3408F50BBC149D4F0936E67832 c:\windows\system32\netlogon.dll
[-] 2008-04-14 03:21 407040 C2ED0E3408F50BBC149D4F0936E67832 c:\windows\system32\dllcache\cache\netlogon.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-30_13.43.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-30 14:39 . 2009-07-30 14:39 16384 c:\windows\temp\Perflib_Perfdata_168.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Marek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-06-20 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"= c:\program files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe:*:Enabled:F-Secure Automatic Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= c:\windows\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"= c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"= c:\program files\Electronic Arts\Need For Speed III\nfs3.exe:*:Enabled:Need For Speed III for Win32
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"= c:\program files\Sierra\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4
"c:\\WINDOWS\\system32\\dpnsvr.exe"= c:\windows\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"= c:\program files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe:*:Enabled:hd2
"c:\\WINDOWS\\system32\\dplaysvr.exe"= c:\windows\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
"c:\\WINDOWS\\system32\\dpvsetup.exe"= c:\windows\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
"c:\\totalcmd\\TOTALCMD.EXE"= c:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows
"c:\\Sierra\\CoolPool\\coolpool.exe"= c:\sierra\CoolPool\coolpool.exe:*:Disabled:Cool Pool.
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"c:\\Program Files\\Codemasters\\Worms 4 Totalni narez\\Worms 4 Mayhem.exe"= c:\program files\Codemasters\Worms 4 Totalni narez\Worms 4 Mayhem.exe:*:Disabled:Worms 4 Mayhem
"c:\\WINDOWS\\system32\\PnkBstrA.exe"= c:\windows\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"c:\\WINDOWS\\system32\\PnkBstrB.exe"= c:\windows\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= c:\program files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"c:\\Program Files\\Hamachi\\hamachi.exe"= c:\program files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client
"c:\\Program Files\\ICQ6\\ICQ.exe"= c:\program files\ICQ6\ICQ.exe:*:Enabled:ICQ6
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= c:\program files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= c:\program files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= c:\program files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= c:\program files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= c:\program files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= c:\program files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= c:\program files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"= c:\documents and settings\Marek\Local Settings\Data aplikací\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"= c:\program files\Skype\Phone\Skype.exe:*:Enabled:Skype
"c:\\Program Files\\keyclone\\keyclone.exe"= c:\program files\keyclone\keyclone.exe:*:Enabled:keyclone
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= c:\program files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"c:\\Program Files\\World of Warcraft\\Launcher.exe"= c:\program files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"= c:\program files\World of Warcraft\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"= c:\documents and settings\Marek\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"= c:\documents and settings\Marek\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
"c:\\Program Files\\MumboJumbo\\Luxor\\luxor.exe"= c:\program files\MumboJumbo\Luxor\luxor.exe:*:Disabled:Luxor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP"= 2869:TCP:*:Enabled:@xpsp2res.dll,-22008
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"11001:TCP"= 11001:TCP:*:Enabled:H&D2 port 11001
"11001:UDP"= 11001:UDP:*:Enabled:H&D2 port 11001
"3724:TCP"= 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"12001:UDP"= 12001:UDP:*:Enabled:SMART WebServer Handshake Multicast Port
"6112:TCP"= 6112:TCP:*:Enabled:Blizzard Downloader

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.7.2009 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.7.2009 10:53 72944]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [19.4.2007 7:42 759312]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.7.2009 10:53 7408]
S2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE --> c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [?]
S3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys --> c:\windows\system32\DRIVERS\axskbus.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.2.2008 20:49 13352]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys [25.12.2006 22:11 276930]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunch TermService
eapsvcs REG_MULTI_SZ eaphost
dot3svc REG_MULTI_SZ dot3svc
WudfServiceGroup REG_MULTI_SZ WUDFSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
HidServ
LanmanWorkstation
Messenger
Netman
TrkWks
W32Time
WZCSVC
wscsvc
xmlprov
WmdmPmSN
napagent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]

2009-07-30 c:\windows\Tasks\User_Feed_Synchronization-{CB8F93AA-F0A1-41BE-9268-229B640A54CD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\j2ggv3xx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\j2ggv3xx.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 16:53
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2009-07-30 16:57
ComboFix-quarantined-files.txt 2009-07-30 14:57
ComboFix2.txt 2009-07-30 13:49

Před spuštěním: Volných bajtů: 146 322 718 720
Po spuštění: Volných bajtů: 146 316 578 816

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
590 --- E O F --- 2009-07-29 12:00

Příspěvekod **jaro3** » 30 črc 2009 19:46

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe
c:\program files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE


Folder::
c:\program files\F-Secure
c:\\Program Files\\F-Secure

Driver::
BackWeb Plug-in - 7681197;F-Secure Automatic Update
F-Secure Automatic Update
SERVIC~1

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=- 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
******************************************************************************************************************************************
Stáhni si a spusť DDS (by sUBs)
a ulož si ho na plochu.
- spusť ho, objeví se ti okno a tak do něho neklikej a počkej až program proběhne
- po ukončení své činnosti program vytvoří 2 logy a vyhodí ti informativní okno. To zavři přes OK
- vlož sem pak celý obsah logů z DDS

MaxDamageCZ · Příspěvekod **MaxDamageCZ** » 31 črc 2009 11:40

ComboFix 09-07-29.04 - Marek 31.07.2009 11:21.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.640 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marek\Plocha\CFScript.txt

FILE ::
"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"
"c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE"
"c:\program files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe"
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-06-28 do 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-30 11:56 . 2009-07-30 11:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-29 21:09 . 2009-07-29 21:10 -------- dc----w- C:\HostsXpert 4.2 - Hosts File Manager
2009-07-28 19:19 . 2009-07-28 19:19 -------- dcs---w- C:\VerTerm
2009-07-28 17:50 . 2009-07-28 17:50 -------- d-----w- c:\program files\PetrLite
2009-07-28 16:14 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 16:14 . 2009-07-30 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 16:14 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 15:52 . 2009-07-28 15:52 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-07-28 15:36 . 2009-07-28 15:36 -------- d-----w- c:\program files\CCleaner
2009-07-28 15:30 . 2009-07-28 15:30 118842 ------r- c:\windows\bwUnin-6.3.2.116-7681197L.exe
2009-07-28 15:16 . 2009-07-28 15:25 -------- d-----w- c:\program files\RegCleaner
2009-07-28 14:03 . 2009-07-28 14:03 -------- d-----w- c:\program files\McAfee UnInstaller 6.5 Demo English
2009-07-28 13:58 . 2007-08-15 11:09 159744 ----a-w- c:\windows\system32\wt_menu.dll
2009-07-28 13:58 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-07-28 13:58 . 1999-02-09 19:40 188928 ----a-w- c:\windows\system32\vbuzip10.DLL
2009-07-28 13:58 . 2009-07-28 13:59 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2009-07-28 13:57 . 2009-07-28 13:57 -------- d-----w- c:\program files\VS Revo Group
2009-07-28 08:44 . 2009-07-30 08:15 -------- d-----w- c:\program files\Trend Micro
2009-07-27 15:13 . 2009-07-27 15:14 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-27 14:14 . 2009-07-27 14:14 -------- d-----w- c:\program files\XnView
2009-07-27 14:00 . 2009-07-27 14:00 -------- d-----w- c:\program files\RealWorld Cursor Editor
2009-07-27 13:56 . 2009-07-27 13:56 -------- d-----w- c:\program files\ImageForge3
2009-07-27 13:50 . 2009-07-27 13:50 -------- d-----w- c:\program files\HTML editor Yugie-shareware
2009-07-27 10:24 . 2009-07-27 10:24 -------- d-----w- c:\program files\BlueVoda Website Builder
2009-07-21 09:24 . 2009-07-21 09:24 -------- d-----w- c:\program files\Audacity
2009-07-21 09:21 . 2009-07-21 09:22 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-07-16 17:15 . 2009-07-16 17:18 -------- d-----w- c:\program files\Castle Strike

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 11:55 . 2008-06-02 12:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-28 14:43 . 2004-08-18 12:00 98248 ----a-w- c:\windows\system32\perfc005.dat
2009-07-28 14:43 . 2004-08-18 12:00 475242 ----a-w- c:\windows\system32\perfh005.dat
2009-07-27 15:41 . 2006-07-04 06:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 15:10 . 2006-07-05 17:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-26 15:54 . 2006-09-18 08:29 -------- d-----w- c:\program files\Illusion Softworks
2009-07-20 12:45 . 2006-07-05 17:36 -------- d-----w- c:\program files\GameSpy Arcade
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 11:44 . 2009-06-30 11:44 -------- d-----w- c:\program files\MumboJumbo
2009-06-29 10:33 . 2009-05-06 17:54 -------- d-----w- c:\program files\Stykz
2009-06-29 06:30 . 2009-06-13 15:47 -------- d-----w- c:\program files\World of Warcraft
2009-06-28 18:06 . 2007-05-18 18:18 -------- d-----w- c:\program files\Take2
2009-06-20 11:45 . 2006-09-09 18:52 -------- d-----w- c:\program files\Google
2009-06-16 14:40 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 11:50 . 2009-06-14 11:50 -------- d-----w- c:\program files\Zeallsoft
2009-06-14 11:29 . 2009-06-14 11:06 -------- d-----w- c:\program files\Active GIF Creator 2.23
2009-06-12 16:16 . 2007-12-25 16:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-11 18:08 . 2008-08-02 17:50 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-03 19:11 . 2004-08-18 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-12 13:12 . 2006-07-04 06:30 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:33 . 2004-08-18 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2004-08-23 21:38 . 2004-08-23 21:38 3371 ----a-w- c:\program files\!!!readme.txt
2004-08-23 19:08 . 2004-08-23 19:08 83968 -c--a-w- c:\program files\NB_NB_2_12_37.xls
2009-06-21 17:55 . 2009-06-21 17:55 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2004-08-18 12:00 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\svchost.exe
[-] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-18 12:00 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\user32.dll
[-] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\system32\dllcache\cache\user32.dll

[-] 2004-08-18 12:00 82944 382E9B87F1282E697C67AF84E34E35E2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\ws2_32.dll
[-] 2008-04-14 03:22 82432 951D473917C51F21496D914CF6E5DDD1 c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2004-09-29 18:47 657920 3D987C084927B0659B7C67B15E1D9C6B c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-01-27 17:13 658944 D776B63CBF7B14EE250A2ACDDF54FC1F c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2005-05-02 20:58 659968 DA1E104C7BF89D1FC5CDD8A0E7E568F2 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:48 658944 C66FBBA2EEFED620444723952555063A c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-09-02 23:55 661504 5E7263B2EE473B8EDBAB9A7D578018F0 c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:11 660480 821C54493C4D59CFAB7B063B6BA852A0 c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:39 662528 FEA61DB28F80AA80550031772B8A9317 c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 04:01 664576 E0777FA738FC2FB56D00D795ECD49E26 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:27 664576 249006609C731D37878898D3441B19A2 c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:26 665600 B12340414F3F9E9AD2FC44F270E7F20D c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:38 665600 98E41746DCC233D9B9DB86B8D925E6C9 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:35 665600 6F6877035D64FA0177A9FAA33442C163 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 666112 614D523873176FD5E044DF4692A42B28 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2007-03-07 17:40 823296 26385A8FEF4BFB1FE968D91A2E64363A c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 08:33 823808 54788092197F979ED036CC5A30F167A5 c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 14:14 824320 A374CF2EE24EA633D6243ED4460D6AC1 c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 09:50 825344 DA2FA7DBCA39C906354BCD7F53D8E796 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:41 825344 3C48D8EFA3FFA68F7AEAAAFFAB6B9CB3 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 01:59 825344 32CC73F851F377B035A5B8216CAC63CE c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 12:35 827392 46A1A52EB6C86344C6EBF65B17404C90 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 04:21 827392 03727BB0DE4D4902F951D3BD7D0AC4FE c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 15:41 827904 57BE3F6CA8282AC863C16862C1B65964 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:12 827904 A74381B8D7024B2D8BB5691A93F825B8 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 19:49 827904 A72D6CC0F715D415003478294C4ECB2A c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:48 827904 A039CE5F34BF98760F877B29E5A1D4CD c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:16 828416 3D7B87D8102C41BABBE5922B5275AA7C c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-05-13 05:09 915456 0C20BF283DE5BA50060240383B8AA41C c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 17:02 915456 0B1AA91DFEDB1298FF7D93EBA45F8DB5 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2004-08-18 12:00 657408 50D263E3454E8357D13BB598129185AD c:\windows\$NtUninstallKB834707$\wininet.dll
[-] 2004-09-29 18:49 657920 11B543D22F1E59F12C4BA48E60C447F9 c:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2005-03-10 08:06 657920 EFFD6E417816BDB0016E519140212C11 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-01-27 17:14 657920 1A57E580E6B21D6ABB3DEBFA7F65409D c:\windows\$NtUninstallKB890923$\wininet.dll
[-] 2005-07-03 02:16 659456 F0F4157A9EBB77A1D754DD50C4C06995 c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-05-02 20:57 658944 BF88433A5B5C55928600AC429476C43A c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-09-02 23:55 659456 3C4DE7D7B08D3ADFF3AA4C6BEAFC7590 c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-10-21 03:41 659456 B95FADCF8A69CB24B7F0F452F1B2BD7B c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:35 659456 F7ED312DB6E36132E271272D17D972CF c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:25 659456 AC5D4F94CA5C7AF79266855E953C5049 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:16 659968 EC4A8AEE77A4E4919AD1B8049FD93302 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:40 659968 2E6563415AA101DA735498C788DEC0C0 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:19 659968 20BC7682E65644E445A00B75F74FE7E6 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 13:58 659968 B2B67A6182C0E17E6A21619BF7F1AAD8 c:\windows\ie7\wininet.dll
[-] 2006-11-07 19:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2007-01-12 07:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2007-03-07 17:42 822784 F2C6FAB63EF6C45CA34D7F8DFC967622 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-04-25 07:43 822784 72423FA15617A2D6C4A6CEE1E978F380 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-06-27 14:10 823808 AD8142C3A9383F48545B7DBC1280CF28 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 10:02 824832 050FE6EE7604DF5D5101AC2618D73D65 c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:50 824832 C543CC3D7A05FB0D23107C89115811A0 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:14 824832 E9B04B01D5A1ECC47B2E4364D171CF23 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 13:02 826368 4B0D8A282E0BEF3E52B8B6449D8473DD c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 B2F04AA876DC2E15B59B509DE727F415 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:42 826368 01EF5E10F55A5AE4D49C93C25879921E c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 08:27 826368 0930F57122FF74739E3684D0016877F1 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:33 826368 84801E4617B5AFB065DD58438850587D c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 23:03 826368 793DA751C812EFC3C6786BBD3B8489A8 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:14 826368 BA2611F55D9AE29554008ADBC49D7664 c:\windows\ie8\wininet.dll
[-] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-05-13 05:05 915456 9122013C5668D967C4AE7F52252898DE c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2008-04-14 03:22 667136 3FE5E65A7ED9EC98AEE9167CA07812D3 c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-07-03 16:59 915456 FCD887F2BA15CD8D95F8D70766D42739 c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3GDR\wininet.dll
[-] 2009-07-03 17:02 915456 0B1AA91DFEDB1298FF7D93EBA45F8DB5 c:\windows\SoftwareDistribution\Download\18d13bb9bde28e941246ff93fbfd24ab\SP3QFE\wininet.dll
[-] 2006-06-23 11:16 659968 EC4A8AEE77A4E4919AD1B8049FD93302 c:\windows\SoftwareDistribution\Download\de2191b3a819eb982752efb6e73c92d3\sp2gdr\wininet.dll
[-] 2006-06-23 11:26 665600 B12340414F3F9E9AD2FC44F270E7F20D c:\windows\SoftwareDistribution\Download\de2191b3a819eb982752efb6e73c92d3\sp2qfe\wininet.dll
[-] 2009-07-03 16:59 915456 FCD887F2BA15CD8D95F8D70766D42739 c:\windows\system32\wininet.dll
[-] 2009-07-03 16:59 915456 FCD887F2BA15CD8D95F8D70766D42739 c:\windows\system32\dllcache\wininet.dll
[-] 2009-05-13 05:05 915456 9122013C5668D967C4AE7F52252898DE c:\windows\system32\dllcache\cache\wininet.dll

[-] 2005-03-14 01:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-18 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-03-14 00:55 359808 0E66B538096A6529D1AC66E78EB0D5C8 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\cache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-18 12:00 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\winlogon.exe
[-] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\system32\dllcache\cache\winlogon.exe

[-] 2004-08-18 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2004-08-18 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 08:14 2059008 9355304DD565E23F8EE294720B2C03E5 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 18:47 2061568 C709E82BC1566DACB28173C64E370E49 c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:09 2061568 A873FF1754E2A81CB1A34588CAB363D6 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:19 2068352 FF8A3F180A224AA27EBAB937CA027F4D c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 17:26 2068224 5495B7902AE2EEE3A98D889E9A679724 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 16:05 2059776 C80BCA19AA7D4DC37857E9F8250756DA c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-18 12:00 2059008 E86DD06F2B8F919DDF23F78A3BF2AA23 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:08 2059008 E32780E8939338B80EDFF39E2314C223 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 18:24 2059776 345A522BF2AB35E7060997E510F561AF c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-08-14 13:26 2068224 09CD607918C3F5600D8A111155F62CA6 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 02:36 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:36 2067968 4DEE41C45E803DB91A72FD1BA69C05EE c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-10 17:09 2068224 D721665942F74CA7FF4162A0761CBB0A c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2005-03-02 18:14 2181632 7FABE135EAC02A4BC8094B831ADC0CC3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 18:47 2184192 1414C27CCDB54974C1C51D4236FC6FF1 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:09 2184320 D40B4F66D877802EC5E655B91B5490FA c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-10 17:18 2191360 97480EBFE1D4B547657BAD75AAAB1325 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 17:26 2191360 2BCBCE27A946C057051A85CB032F49FF c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:05 2182528 C09CA7FAFFC40BBFACEEB9F0F429F673 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-18 12:00 2183168 12C80E46DCEC9B82473D1B1B9DA1F16B c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:09 2181504 B0DAE70164CC79D1289EF3530A3646F1 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 18:24 2182528 57423A0AEEBA3AA16712BCA2FFF027B7 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-08-14 13:26 2191360 91F18AB1E9ACBF6E27A5545A8F57C89B c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 02:37 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:37 2191104 C1536014AC1CB1D5397E31D9735E6571 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-09 11:26 2191232 F48662F55CD8DDD4DBBBCB69DE197725 c:\windows\system32\dllcache\cache\ntoskrnl.exe

[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-18 12:00 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\$NtUninstallKB884883$\explorer.exe
[-] 2004-10-13 20:39 1032192 109B86EDAE49DCA28D9434E0FDD37579 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\system32\dllcache\cache\explorer.exe

[-] 2009-02-09 11:18 111104 3D107D45CCFDB266E91D84B52CD7F430 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-18 12:00 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 11:25 111104 9EF697AF07BB8DD82C3B02CA953A95B7 c:\windows\system32\dllcache\cache\services.exe

[-] 2004-08-18 12:00 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\lsass.exe
[-] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\system32\dllcache\cache\lsass.exe

[-] 2004-08-18 12:00 15360 A5BAA91475167161DEA02BA3C4CA4F59 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\ctfmon.exe
[-] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-18 12:00 57856 21B6FAA88044A41640E03EBB68BE93E8 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\spoolsv.exe
[-] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\system32\dllcache\cache\spoolsv.exe

[-] 2004-08-18 12:00 24576 836F7960362FF95C5D49E40B891F2CFC c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\userinit.exe
[-] 2008-04-14 03:22 26112 7DC1830F22E7D275B438127B68030239 c:\windows\system32\dllcache\cache\userinit.exe

[-] 2004-08-18 12:00 295936 2F5919F2F6EE7A845893D9C3AA2BC56A c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\termsrv.dll
[-] 2008-04-14 03:22 295936 A75DD6FC3DBEE4FFF5EBC9F2C28BB66E c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2006-07-05 10:58 983552 A0B58CBB3ADCD79F1414A8E62D2F719F c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:11 984576 2B33979FDE5D1B9293ADB025F323B0D9 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 14:03 990208 0D8F61460F84139BBE5E391D8DE18D9A c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:54 983040 C23A84D7AB99678B2F1A52080280E4ED c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-18 12:00 982016 98DA079F61265BC26D4587E280B79F30 c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:57 982528 72FB9AA607A21FD2485286C478FB9B01 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 03:21 988160 FD91CD95A1C663DF54DD371CC8A234DE c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 14:09 988160 545C653E8FE241CA6200798AA94FE5C7 c:\windows\system32\dllcache\cache\kernel32.dll

[-] 2004-08-18 12:00 17408 134B95A1D8FAFD74A68E4B2116DEFA7D c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\powrprof.dll
[-] 2008-04-14 03:21 17408 9FA69781CAA7A1DA981A24F240A61A60 c:\windows\system32\dllcache\cache\powrprof.dll

[-] 2004-08-18 12:00 110080 2413635113361E54B62F0C40E4E4DAE6 c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\imm32.dll
[-] 2008-04-14 03:21 110080 6C60CA8AC7470AC01CFD3D24C7283CD1 c:\windows\system32\dllcache\cache\imm32.dll

[-] 2004-08-18 12:00 24576 6F877BF8DC01A550CD666F3BEDB2213C c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\dllcache\cache\kbdclass.sys
[-] 2008-04-14 02:29 24576 1B6162FE7F66B1A71A4B70F941C4AA9B c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-18 12:00 806912 B44F68274AB7B8A54E9AD74AFF0EFAAC c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\system32\comres.dll
[-] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\system32\dllcache\cache\comres.dll

[-] 2004-08-18 12:00 22016 BFE8DC7AAE7CB1C86243D77B340DC304 c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2008-04-14 03:21 22016 C66BA7BD13C8FB8BEC4863B88641C763 c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 03:21 22016 C66BA7BD13C8FB8BEC4863B88641C763 c:\windows\system32\lpk.dll
[-] 2008-04-14 03:21 22016 C66BA7BD13C8FB8BEC4863B88641C763 c:\windows\system32\dllcache\cache\lpk.dll

[-] 2004-08-18 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2004-08-18 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\cache\beep.sys
[-] 2004-08-18 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2004-08-18 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2004-08-18 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\cache\null.sys
[-] 2004-08-18 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 20:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\dllcache\cache\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys

[-] 2006-11-01 19:19 927504 6C44E5766939B7552BFF75B2B6FF1161 c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-18 12:00 924432 A9D81C87BEF253D4CE3A5F8CEE2526C4 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2008-04-14 03:21 927504 7C3351F60B759D5D917E68342AE3307C c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 03:21 927504 7C3351F60B759D5D917E68342AE3307C c:\windows\system32\mfc40u.dll
[-] 2008-04-14 03:21 927504 7C3351F60B759D5D917E68342AE3307C c:\windows\system32\dllcache\cache\mfc40u.dll

[-] 2005-01-14 05:08 395776 EB83A54CC8C1F0DF70EA67199747BCA0 c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2005-04-28 19:36 396288 5DE239E9CC9DB7430233EA7BE10EAD32 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:31 398336 46C3197AAC32EBA82453ACDD84114DC2 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2009-02-09 10:59 401408 C0BD34A62508BA68F146E22CE45919F9 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2005-07-26 04:42 397824 DBDE980506B54AE928D151D12419B425 c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2004-08-18 12:00 395776 C72C15EE57E248C66E57C76CAB086CF2 c:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2005-01-14 08:57 395776 F6A9A9EF24527C69DDAA576D965EBC39 c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-04-28 19:32 395776 676E6C3C8F3B4F8B64BE33FD20ADFCE2 c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2008-04-14 03:21 399360 C868F3AE15CF71A93F2AA3A32856D839 c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 03:21 399360 C868F3AE15CF71A93F2AA3A32856D839 c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2009-02-09 10:56 401408 BE27674D1CBC3214AEC84B4336A38BBF c:\windows\system32\rpcss.dll
[-] 2009-02-09 10:56 401408 BE27674D1CBC3214AEC84B4336A38BBF c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 10:56 401408 BE27674D1CBC3214AEC84B4336A38BBF c:\windows\system32\dllcache\cache\rpcss.dll

[-] 2004-08-18 12:00 33792 8B2FCBD881879B55BE40B41F12FFC431 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2008-04-14 03:21 33792 221CD1C815B8A6B79389C3F5D1018DE8 c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 03:21 33792 221CD1C815B8A6B79389C3F5D1018DE8 c:\windows\system32\msgsvc.dll
[-] 2008-04-14 03:21 33792 221CD1C815B8A6B79389C3F5D1018DE8 c:\windows\system32\dllcache\cache\msgsvc.dll

[-] 2006-08-25 15:51 617472 E26B26189B786E6B092F002041D5A1E2 c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-18 12:00 611328 876C658C44F2BF4AF050E5534A9F066F c:\windows\$NtUninstallKB884883$\comctl32.dll
[-] 2004-10-13 20:40 617472 761A6E19FF2635CC4CE2D00EA3B2BC21 c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\system32\comctl32.dll
[-] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\system32\dllcache\cache\comctl32.dll
[-] 2004-08-18 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-18 12:00 1050624 F76B3003366A205E05AFC0D034C7D3E9 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2004-10-13 20:40 1053696 3325C40CDC0C81C29895E06C1738ED24 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2527_x-ww_aa415c8a\comctl32.dll
[-] 2006-08-25 15:51 1054208 6CB1BAC5FA7E692B63C3D5AAA348E76A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2008-04-14 03:07 1054208 D7B7AE36A2EBA312AC4B53862019B3F5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2004-08-18 12:00 11776 AFDFF022A01F0B11C776F0860C3B282F c:\windows\system32\dllcache\cache\acpiec.sys
[-] 2004-08-18 12:00 11776 AFDFF022A01F0B11C776F0860C3B282F c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-18 12:00 5120 6CC2D21488333133AE0C9F44F6051CB7 c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2008-04-14 03:21 5120 5EE949255BABC0B17C09DDB2E59E3878 c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 03:21 5120 5EE949255BABC0B17C09DDB2E59E3878 c:\windows\system32\sfc.dll
[-] 2008-04-14 03:21 5120 5EE949255BABC0B17C09DDB2E59E3878 c:\windows\system32\dllcache\cache\sfc.dll

[-] 2004-08-18 12:00 407040 2591CADAEF7D2242039255028E577688 c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2008-04-14 03:21 407040 C2ED0E3408F50BBC149D4F0936E67832 c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 03:21 407040 C2ED0E3408F50BBC149D4F0936E67832 c:\windows\system32\netlogon.dll
[-] 2008-04-14 03:21 407040 C2ED0E3408F50BBC149D4F0936E67832 c:\windows\system32\dllcache\cache\netlogon.dll

[-] 2004-08-18 12:00 170496 3CD57F31A64D32FDB28918B16D1E6AAC c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2008-04-14 03:22 171008 35B91147124F64AC8081A2EDB9EA4DEE c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 03:22 171008 35B91147124F64AC8081A2EDB9EA4DEE c:\windows\system32\srsvc.dll
[-] 2008-04-14 03:22 171008 35B91147124F64AC8081A2EDB9EA4DEE c:\windows\system32\dllcache\cache\srsvc.dll

[-] 2004-08-18 12:00 435712 D8D2B13BA93AE830B1A637DF571D1195 c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 03:21 435712 023DD70573D644F3D9C8B1258A7BFD08 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 03:21 435712 023DD70573D644F3D9C8B1258A7BFD08 c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 03:21 435712 023DD70573D644F3D9C8B1258A7BFD08 c:\windows\system32\dllcache\cache\ntmssvc.dll

[-] 2004-08-18 12:00 89088 E68B6F9A726A444059705AB43B5656D1 c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2008-04-14 03:21 88576 2B5E44EA009F2F374B980E1E9A70635D c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 03:21 88576 2B5E44EA009F2F374B980E1E9A70635D c:\windows\system32\rasauto.dll
[-] 2008-04-14 03:21 88576 2B5E44EA009F2F374B980E1E9A70635D c:\windows\system32\dllcache\cache\rasauto.dll

[-] 2004-08-18 12:00 1548288 5CA2E2BA624D6F2C7A581C91E70394CB c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\system32\dllcache\sfcfiles.dll
[-] 2008-04-14 03:21 1571840 56A6034E7764E23D9114223EB3523925 c:\windows\system32\dllcache\cache\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-30_13.43.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-31 09:32 . 2009-07-31 09:32 16384 c:\windows\temp\Perflib_Perfdata_708.dat
+ 2006-07-04 06:35 . 2006-07-04 06:35 262144 c:\windows\system32\config\systemprofile\ntuser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Marek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-06-20 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Sierra\\CoolPool\\coolpool.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\Worms 4 Totalni narez\\Worms 4 Mayhem.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\MumboJumbo\\Luxor\\luxor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2869:TCP"= 2869:TCP:@xpsp2res.dll,-22008
"11001:TCP"= 11001:TCP:H&D2 port 11001
"11001:UDP"= 11001:UDP:H&D2 port 11001
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.7.2009 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.7.2009 10:53 72944]
R2 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [19.4.2007 7:42 759312]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.7.2009 10:53 7408]
S2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE --> c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [?]
S3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys --> c:\windows\system32\DRIVERS\axskbus.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.2.2008 20:49 13352]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys [25.12.2006 22:11 276930]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28.7.2009 18:14 38160]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]

2009-07-31 c:\windows\Tasks\User_Feed_Synchronization-{CB8F93AA-F0A1-41BE-9268-229B640A54CD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\j2ggv3xx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\j2ggv3xx.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 11:32
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1324)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\ScsiAccess.EXE
c:\program files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
c:\windows\system32\searchindexer.exe
.
**************************************************************************
.
Celkový čas: 2009-07-31 11:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-31 09:39
ComboFix2.txt 2009-07-30 14:57
ComboFix3.txt 2009-07-30 13:49

Před spuštěním: Volných bajtů: 146 111 352 832
Po spuštění: Volných bajtů: 146 253 041 664

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
514 --- E O F --- 2009-07-29 12:00

MaxDamageCZ · Příspěvekod **MaxDamageCZ** » 31 črc 2009 11:42

DDS (Ver_09-07-30.01) - NTFSx86
Run by Marek at 11:41:31,78 on pá 31.07.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.557 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Marek\Plocha\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies inc\notebook software\NotebookPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\marek\local settings\data aplikací\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 2254899656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {D27CDB6E-CE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marek\dataap~1\mozilla\firefox\profiles\j2ggv3xx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\marek\data aplikací\mozilla\firefox\profiles\j2ggv3xx.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\marek\data aplikacă\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\marek\local settings\data aplikacă\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");

============= SERVICES / DRIVERS ===============

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R2 SMART Web Server;SMART Web Server;c:\program files\smart technologies inc\smart board software\WebServer.exe [2007-4-19 759312]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-18 69120]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
S2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe --> c:\progra~1\f-secure\backweb\7681197\program\SERVIC~1.EXE [?]
S3 axskbus;axskbus;c:\windows\system32\drivers\axskbus.sys --> c:\windows\system32\drivers\axskbus.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-2-20 13352]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys [2006-12-25 276930]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-7-28 38160]
UnknownUnknown vkquwexg;vkquwexg; [x]

=============== Created Last 30 ================

2009-07-31 11:20 <DIR> -cds---- C:\ComboFix
2009-07-30 15:25 219,648 a------- c:\windows\PEV.exe
2009-07-30 15:25 161,792 a------- c:\windows\SWREG.exe
2009-07-30 15:25 98,816 a------- c:\windows\sed.exe
2009-07-30 13:56 <DIR> -cd----- c:\docume~1\alluse~1\dataap~1\SUPERAntiSpyware.com
2009-07-30 13:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-30 13:56 <DIR> --d----- c:\docume~1\marek\dataap~1\SUPERAntiSpyware.com
2009-07-29 23:09 <DIR> -cd----- C:\HostsXpert 4.2 - Hosts File Manager
2009-07-28 21:19 <DIR> -cds---- C:\VerTerm
2009-07-28 19:50 <DIR> --d----- c:\program files\PetrLite
2009-07-28 19:10 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-28 18:51 <DIR> acdshr-- C:\cmdcons
2009-07-28 18:14 <DIR> --d----- c:\docume~1\marek\dataap~1\Malwarebytes
2009-07-28 18:14 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 18:14 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-28 18:14 <DIR> -cd----- c:\docume~1\alluse~1\dataap~1\Malwarebytes
2009-07-28 18:14 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 17:52 28,672 a------- c:\windows\system32\eEmpty.exe
2009-07-28 17:52 522 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-07-28 17:36 <DIR> --d----- c:\program files\CCleaner
2009-07-28 17:30 118,842 -----r-- c:\windows\bwUnin-6.3.2.116-7681197L.exe
2009-07-28 17:16 <DIR> --d----- c:\program files\RegCleaner
2009-07-28 16:03 <DIR> --d----- c:\program files\McAfee UnInstaller 6.5 Demo English
2009-07-28 15:58 1,351,392 a------- c:\windows\system32\comctl32.ocx
2009-07-28 15:58 417,792 a------- c:\windows\system32\vbalCmdBar6.ocx
2009-07-28 15:58 266,240 a------- c:\windows\system32\vbalTreeView6.ocx
2009-07-28 15:58 262,144 a------- c:\windows\system32\lst_v.ocx
2009-07-28 15:58 212,240 a------- c:\windows\system32\RICHTX32.OCX
2009-07-28 15:58 188,928 a------- c:\windows\system32\vbuzip10.DLL
2009-07-28 15:58 167,683 a------- c:\windows\system32\COMCT232.OCX
2009-07-28 15:58 159,744 a------- c:\windows\system32\wt_menu.dll
2009-07-28 15:58 115,920 a------- c:\windows\system32\MSINET.ocx
2009-07-28 15:58 94,208 a------- c:\windows\system32\img_lst.ocx
2009-07-28 15:58 40,960 a------- c:\windows\system32\ssubtmr6.dll
2009-07-28 15:58 <DIR> --d----- c:\program files\Smarty Uninstaller Pro
2009-07-28 15:57 <DIR> --d----- c:\program files\VS Revo Group
2009-07-28 10:44 <DIR> --d----- c:\program files\Trend Micro
2009-07-27 17:14 <DIR> -cd----- c:\docume~1\alluse~1\dataap~1\DAEMON Tools Lite
2009-07-27 17:13 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-27 17:10 <DIR> --d----- c:\docume~1\marek\dataap~1\DAEMON Tools Lite
2009-07-27 16:14 <DIR> --d----- c:\docume~1\marek\dataap~1\XnView
2009-07-27 16:14 <DIR> --d----- c:\program files\XnView
2009-07-27 16:00 <DIR> --d----- c:\docume~1\marek\dataap~1\RealWorld
2009-07-27 16:00 <DIR> --d----- c:\program files\RealWorld Cursor Editor
2009-07-27 15:56 <DIR> --d----- c:\docume~1\marek\dataap~1\CursorArts
2009-07-27 15:56 <DIR> --d----- c:\program files\ImageForge3
2009-07-27 15:55 36 a------- c:\windows\iltwain.ini
2009-07-27 15:50 <DIR> --d----- c:\program files\HTML editor Yugie-shareware
2009-07-27 12:56 31 a------- c:\windows\bluevoda.ini
2009-07-27 12:24 <DIR> --d----- c:\program files\BlueVoda Website Builder
2009-07-26 17:00 <DIR> -cdsh--- c:\docume~1\alluse~1\dataap~1\19238c8
2009-07-22 13:42 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-22 13:42 1,409 a------- c:\windows\QTFont.for
2009-07-21 11:24 <DIR> --d----- c:\program files\Audacity
2009-07-21 11:21 <DIR> --d----- c:\program files\Audacity 1.3 Beta (Unicode)
2009-07-16 19:15 <DIR> --d----- c:\program files\Castle Strike

==================== Find3M ====================

2009-07-28 16:43 475,242 a------- c:\windows\system32\perfh005.dat
2009-07-28 16:43 98,248 a------- c:\windows\system32\perfc005.dat
2009-07-27 17:10 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-03 18:59 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 16:40 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:40 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 21:11 1,293,824 a------- c:\windows\system32\quartz.dll
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 17:33 346,624 a------- c:\windows\system32\localspl.dll
2008-05-28 10:40 22,328 a------- c:\docume~1\marek\dataap~1\PnkBstrK.sys
2007-05-19 13:56 17,337 a------- c:\docume~1\marek\dataap~1\Pamela_Crash_464EE5FF.zip
2007-05-08 17:19 41,004 a------- c:\docume~1\marek\dataap~1\Pamela_Crash_464094F9.zip
2007-04-26 16:10 284 a------- c:\docume~1\marek\dataap~1\ViewerApp.dat
2004-08-23 23:38 3,371 a------- c:\program files\!!!readme.txt
2004-08-23 21:08 83,968 ac------ c:\program files\NB_NB_2_12_37.xls
2008-05-31 19:22 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008053120080601\index.dat

============= FINISH: 11:41:47,64 ===============

Antivir (nebo snad vir?) Vyřešeno

Re: Antivir (nebo snad vir?)

Re: Antivir (nebo snad vir?)

Re: Antivir (nebo snad vir?)

Re: Antivir (nebo snad vir?)

Re: Antivir (nebo snad vir?)

Re: Antivir (nebo snad vir?)

Re: Antivir (nebo snad vir?)

Re: Antivir (nebo snad vir?)

Re: Antivir (nebo snad vir?)

Re: Antivir (nebo snad vir?)

Re: Antivir (nebo snad vir?)

Re: Antivir (nebo snad vir?)

Kdo je online