Sekání PC Vyřešeno

[martin386]

Zde je můj problém : http://www.pc-help.cz/viewtopic.php?f=39&t=88624

Tady je log z HJT :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:51:06, on 1.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe
C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe
C:\Documents and Settings\oem\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\oem\Dokumenty\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2& ... 1928693964
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2& ... 1928693964
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\oem\DATAAP~1\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jet Screenshot] c:\program files\jet screenshot\jetscreenshot.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all by YouTube Robot - C:\Program Files\YouTubeRobot\downall.htm
O8 - Extra context menu item: Download by YouTube Robot - C:\Program Files\YouTubeRobot\downlink.htm
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8917 bytes

[Reklama]

[martin386]

Zkontroluje mi to někdo prosím.. ?

[Žbeky]

Je nedělě, venku je nádherně a my jsme kupodivu taky lidi, s volným časem, koníčky apod. Tak buď vydrž nebo jdi na placenou linku, kde se ti budou hned věnovat

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2& ... 1928693964
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2& ... 1928693964
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\oem\DATAAP~1\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
O3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[martin386]

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.07.01.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
oem :: LAN [administrátor]

2.7.2012 7:56:37
mbam-log-2012-07-02 (08-08-05).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 251813
Uplynulý čas: 11 minut, 16 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[memphisto]

Nech to pomocí Mbam smazat

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[martin386]

ComboFix 12-07-01.04 - oem 02.07.2012 8:40.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1437 [GMT 2:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\Services.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-02 do 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-01 10:25 . 2012-07-01 10:25 -------- d-----w- c:\program files\Common Files\Java
2012-07-01 10:25 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-01 10:24 . 2012-07-01 10:24 -------- d-----w- c:\program files\Oracle
2012-07-01 10:23 . 2012-07-01 10:23 -------- d-----w- c:\documents and settings\oem\Data aplikací\Oracle
2012-07-01 10:20 . 2012-05-04 17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-01 09:33 . 2012-07-01 09:33 -------- d-----w- C:\3eac32319de31d122712410abd4e42
2012-06-30 21:49 . 2012-06-30 21:49 -------- d-----w- C:\bebd6291b379182da1450d5c970aa3
2012-06-29 09:27 . 2012-06-29 09:27 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-06-25 13:38 . 2012-06-25 13:38 -------- d-----w- C:\3ccc0620e598ac689d3e2796c5
2012-06-18 19:26 . 2012-07-01 15:53 -------- d-----w- c:\documents and settings\oem\Data aplikací\.minecraft
2012-06-17 19:34 . 2012-06-17 19:34 -------- d-----w- c:\documents and settings\oem\Data aplikací\Sony
2012-06-15 16:22 . 2012-06-15 16:22 -------- d-----w- c:\documents and settings\oem\Data aplikací\Z-Software
2012-06-15 16:22 . 2012-06-15 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Z-Software
2012-06-15 16:21 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-06-15 16:21 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-06-15 16:21 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-06-15 16:21 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-06-15 16:21 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-06-15 16:21 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-06-13 16:51 . 2012-06-13 16:51 765440 ----a-r- c:\documents and settings\oem\Data aplikací\Microsoft\Installer\{23BF7533-1747-4744-94FF-CF716FBB5597}\VVCap.exe
2012-06-13 16:51 . 2012-06-13 16:51 -------- d-----w- c:\program files\VVCap
2012-06-13 12:17 . 2012-06-13 12:17 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\Quadriga Games
2012-06-12 18:45 . 2012-06-12 18:45 -------- d-----w- c:\program files\DsNET Corp
2012-06-12 18:44 . 2012-06-12 18:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ask
2012-06-08 15:52 . 2012-06-08 15:53 -------- d-----w- c:\documents and settings\oem\Data aplikací\Media Finder
2012-06-08 15:29 . 2012-06-08 15:29 -------- d-----w- c:\program files\Rockstar Games
2012-06-08 15:29 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-06-08 15:29 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-06-08 15:29 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-06-08 15:29 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-06-08 15:29 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-06-08 15:29 . 2012-06-08 15:29 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-06-08 15:29 . 2012-06-08 15:29 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 12:52 . 2010-04-21 18:05 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-28 12:52 . 2010-04-21 18:05 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-28 12:52 . 2011-02-28 14:48 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52 . 2010-04-21 18:05 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-28 12:52 . 2010-04-21 18:05 97352 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-06-28 12:52 . 2010-04-21 18:05 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-06-28 12:52 . 2010-04-21 18:05 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-28 12:52 . 2010-04-21 18:05 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-06-28 12:52 . 2010-06-29 08:37 41224 ----a-w- c:\windows\avastSS.scr
2012-06-28 12:51 . 2010-04-21 18:05 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-23 15:00 . 2012-04-02 07:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 15:00 . 2011-09-16 04:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2008-10-16 12:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 12:08 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-09-09 12:11 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-09-09 12:11 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-09-09 12:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-09-09 12:11 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-09-09 12:11 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 12:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 12:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-09-09 12:11 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-09-09 12:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-10-04 08:17 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-10-04 08:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-10-04 08:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:59 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-05 03:14 . 2008-04-14 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-04 17:29 . 2010-07-19 19:13 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-02 13:46 . 2009-09-09 12:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:30 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Screenshot
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-28 17:23 880496 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Steam\\steamapps\\martin38697\\team fortress 2\\hl2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.2.2011 16:48 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.4.2010 20:05 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.4.2010 20:05 21256]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [27.6.2012 12:29 1385896]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 9:42 250056]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3.9.2011 17:05 47360]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [21.11.2011 18:12 111872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:00]
.
2012-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
2012-06-29 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-07-01 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-07-01 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-07-01 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
.
------- Doplňkový sken -------
.
IE: &Download All using 4shared Desktop
IE: Download all by YouTube Robot - c:\program files\YouTubeRobot\downall.htm
IE: Download by YouTube Robot - c:\program files\YouTubeRobot\downlink.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: ????3?? - c:\documents and settings\oem\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\oem\Data aplikací\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Jet Screenshot - c:\program files\jet screenshot\jetscreenshot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-02 08:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\oem\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\oem\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1200)
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-07-02 08:55:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-02 06:54
.
Před spuštěním: Volných bajtů: 140 988 743 680
Po spuštění: Volných bajtů: 145 824 083 968
.
- - End Of File - - CB7535BC90D09927137FCB2A315F2EDE

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
DirLook::
C:\3eac32319de31d122712410abd4e42
C:\bebd6291b379182da1450d5c970aa3
C:\3ccc0620e598ac689d3e2796c5

Folder::
c:\documents and settings\All Users\Data aplikací\Ask
c:\documents and settings\oem\Data aplikací\Media Finder


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť?.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[martin386]

ComboFix 12-07-02.01 - oem 02.07.2012 11:47:59.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1374 [GMT 2:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\oem\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-02 do 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 09:55 . 2012-07-02 09:55 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-07-01 10:25 . 2012-07-01 10:25 -------- d-----w- c:\program files\Common Files\Java
2012-07-01 10:25 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-01 10:24 . 2012-07-01 10:24 -------- d-----w- c:\program files\Oracle
2012-07-01 10:23 . 2012-07-01 10:23 -------- d-----w- c:\documents and settings\oem\Data aplikací\Oracle
2012-07-01 10:20 . 2012-05-04 17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-01 09:33 . 2012-07-01 09:33 -------- d-----w- C:\3eac32319de31d122712410abd4e42
2012-06-30 21:49 . 2012-06-30 21:49 -------- d-----w- C:\bebd6291b379182da1450d5c970aa3
2012-06-29 09:27 . 2012-06-29 09:27 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-06-25 13:38 . 2012-06-25 13:38 -------- d-----w- C:\3ccc0620e598ac689d3e2796c5
2012-06-18 19:26 . 2012-07-02 07:45 -------- d-----w- c:\documents and settings\oem\Data aplikací\.minecraft
2012-06-17 19:34 . 2012-06-17 19:34 -------- d-----w- c:\documents and settings\oem\Data aplikací\Sony
2012-06-15 16:22 . 2012-06-15 16:22 -------- d-----w- c:\documents and settings\oem\Data aplikací\Z-Software
2012-06-15 16:22 . 2012-06-15 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Z-Software
2012-06-15 16:21 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-06-15 16:21 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-06-15 16:21 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-06-15 16:21 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-06-15 16:21 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-06-15 16:21 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-06-13 16:51 . 2012-06-13 16:51 765440 ----a-r- c:\documents and settings\oem\Data aplikací\Microsoft\Installer\{23BF7533-1747-4744-94FF-CF716FBB5597}\VVCap.exe
2012-06-13 16:51 . 2012-06-13 16:51 -------- d-----w- c:\program files\VVCap
2012-06-13 12:17 . 2012-06-13 12:17 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\Quadriga Games
2012-06-12 18:45 . 2012-06-12 18:45 -------- d-----w- c:\program files\DsNET Corp
2012-06-12 18:44 . 2012-06-12 18:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ask
2012-06-08 15:52 . 2012-06-08 15:53 -------- d-----w- c:\documents and settings\oem\Data aplikací\Media Finder
2012-06-08 15:29 . 2012-06-08 15:29 -------- d-----w- c:\program files\Rockstar Games
2012-06-08 15:29 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-06-08 15:29 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-06-08 15:29 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-06-08 15:29 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-06-08 15:29 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-06-08 15:29 . 2012-06-08 15:29 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-06-08 15:29 . 2012-06-08 15:29 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 12:52 . 2010-04-21 18:05 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-28 12:52 . 2010-04-21 18:05 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-28 12:52 . 2011-02-28 14:48 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52 . 2010-04-21 18:05 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-28 12:52 . 2010-04-21 18:05 97352 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-06-28 12:52 . 2010-04-21 18:05 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-06-28 12:52 . 2010-04-21 18:05 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-28 12:52 . 2010-04-21 18:05 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-06-28 12:52 . 2010-06-29 08:37 41224 ----a-w- c:\windows\avastSS.scr
2012-06-28 12:51 . 2010-04-21 18:05 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-23 15:00 . 2012-04-02 07:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 15:00 . 2011-09-16 04:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2008-10-16 12:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 12:08 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-09-09 12:11 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-09-09 12:11 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-09-09 12:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-09-09 12:11 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-09-09 12:11 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 12:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 12:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-09-09 12:11 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-09-09 12:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-10-04 08:17 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-10-04 08:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-10-04 08:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:59 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-05 03:14 . 2008-04-14 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-04 17:29 . 2010-07-19 19:13 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-02 13:46 . 2009-09-09 12:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:30 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\3ccc0620e598ac689d3e2796c5 ----
.
2012-06-25 13:38 . 2012-06-25 13:38 788 ---ha-w- c:\3ccc0620e598ac689d3e2796c5\$shtdwn$.req
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\3ccc0620e598ac689d3e2796c5\3082\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12064 ----a-w- c:\3ccc0620e598ac689d3e2796c5\2052\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\2070\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1053\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1055\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1046\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1049\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1044\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1045\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12576 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1042\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1043\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1040\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12576 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1041\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13088 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1037\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1038\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1036\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1033\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1035\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1032\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1031\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1030\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1029\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13088 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1025\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12064 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1028\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12064 ----a-w- c:\3ccc0620e598ac689d3e2796c5\3076\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 322840 ----a-w- c:\3ccc0620e598ac689d3e2796c5\HotFixInstaller.exe
2012-03-20 21:57 . 2012-03-20 21:57 6188544 ----a-w- c:\3ccc0620e598ac689d3e2796c5\NDP20SP2-KB2686828.msp
2012-03-20 21:47 . 2012-03-20 21:47 15616 ----a-w- c:\3ccc0620e598ac689d3e2796c5\DHtmlHeader.html
2012-03-20 21:47 . 2012-03-20 21:47 7306 -c--a-w- c:\3ccc0620e598ac689d3e2796c5\header.bmp
2012-03-20 21:47 . 2012-03-20 21:47 3580 ----a-w- c:\3ccc0620e598ac689d3e2796c5\ParameterInfo.xml
2012-03-20 21:47 . 2012-03-20 21:47 110348 -c--a-w- c:\3ccc0620e598ac689d3e2796c5\watermark.bmp
2012-03-20 21:47 . 2012-03-20 21:47 76237 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1025\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 37119 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1028\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 74519 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1029\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76465 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1030\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 116656 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1031\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 78951 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1032\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 100363 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1033\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 75533 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1035\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 127060 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1036\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 59647 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1037\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 67624 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1038\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 115589 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1040\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 104768 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1041\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 147711 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1042\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76257 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1043\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 73305 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1044\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 73386 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1045\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 97721 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1046\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 141033 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1049\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76556 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1053\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 77193 ----a-w- c:\3ccc0620e598ac689d3e2796c5\1055\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 102032 ----a-w- c:\3ccc0620e598ac689d3e2796c5\2052\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76519 ----a-w- c:\3ccc0620e598ac689d3e2796c5\2070\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 37119 ----a-w- c:\3ccc0620e598ac689d3e2796c5\3076\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 94271 ----a-w- c:\3ccc0620e598ac689d3e2796c5\3082\eula.rtf
.
---- Directory of C:\3eac32319de31d122712410abd4e42 ----
.
2012-07-01 09:33 . 2012-07-01 09:33 788 ---ha-w- c:\3eac32319de31d122712410abd4e42\$shtdwn$.req
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\3eac32319de31d122712410abd4e42\3082\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12064 ----a-w- c:\3eac32319de31d122712410abd4e42\2052\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\2070\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1053\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1055\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1046\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1049\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1044\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\3eac32319de31d122712410abd4e42\1045\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12576 ----a-w- c:\3eac32319de31d122712410abd4e42\1042\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1043\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1040\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12576 ----a-w- c:\3eac32319de31d122712410abd4e42\1041\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13088 ----a-w- c:\3eac32319de31d122712410abd4e42\1037\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1038\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\3eac32319de31d122712410abd4e42\1036\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1033\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1035\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\3eac32319de31d122712410abd4e42\1032\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\3eac32319de31d122712410abd4e42\1031\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1030\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\3eac32319de31d122712410abd4e42\1029\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13088 ----a-w- c:\3eac32319de31d122712410abd4e42\1025\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12064 ----a-w- c:\3eac32319de31d122712410abd4e42\1028\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12064 ----a-w- c:\3eac32319de31d122712410abd4e42\3076\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 322840 ----a-w- c:\3eac32319de31d122712410abd4e42\HotFixInstaller.exe
2012-03-20 21:57 . 2012-03-20 21:57 6188544 ----a-w- c:\3eac32319de31d122712410abd4e42\NDP20SP2-KB2686828.msp
2012-03-20 21:47 . 2012-03-20 21:47 15616 ----a-w- c:\3eac32319de31d122712410abd4e42\DHtmlHeader.html
2012-03-20 21:47 . 2012-03-20 21:47 7306 ----a-w- c:\3eac32319de31d122712410abd4e42\header.bmp
2012-03-20 21:47 . 2012-03-20 21:47 3580 ----a-w- c:\3eac32319de31d122712410abd4e42\ParameterInfo.xml
2012-03-20 21:47 . 2012-03-20 21:47 110348 ----a-w- c:\3eac32319de31d122712410abd4e42\watermark.bmp
2012-03-20 21:47 . 2012-03-20 21:47 76237 ----a-w- c:\3eac32319de31d122712410abd4e42\1025\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 37119 ----a-w- c:\3eac32319de31d122712410abd4e42\1028\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 74519 ----a-w- c:\3eac32319de31d122712410abd4e42\1029\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76465 ----a-w- c:\3eac32319de31d122712410abd4e42\1030\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 116656 ----a-w- c:\3eac32319de31d122712410abd4e42\1031\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 78951 ----a-w- c:\3eac32319de31d122712410abd4e42\1032\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 100363 ----a-w- c:\3eac32319de31d122712410abd4e42\1033\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 75533 ----a-w- c:\3eac32319de31d122712410abd4e42\1035\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 127060 ----a-w- c:\3eac32319de31d122712410abd4e42\1036\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 59647 ----a-w- c:\3eac32319de31d122712410abd4e42\1037\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 67624 ----a-w- c:\3eac32319de31d122712410abd4e42\1038\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 115589 ----a-w- c:\3eac32319de31d122712410abd4e42\1040\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 104768 ----a-w- c:\3eac32319de31d122712410abd4e42\1041\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 147711 ----a-w- c:\3eac32319de31d122712410abd4e42\1042\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76257 ----a-w- c:\3eac32319de31d122712410abd4e42\1043\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 73305 ----a-w- c:\3eac32319de31d122712410abd4e42\1044\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 73386 ----a-w- c:\3eac32319de31d122712410abd4e42\1045\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 97721 ----a-w- c:\3eac32319de31d122712410abd4e42\1046\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 141033 ----a-w- c:\3eac32319de31d122712410abd4e42\1049\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76556 ----a-w- c:\3eac32319de31d122712410abd4e42\1053\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 77193 ----a-w- c:\3eac32319de31d122712410abd4e42\1055\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 102032 ----a-w- c:\3eac32319de31d122712410abd4e42\2052\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76519 ----a-w- c:\3eac32319de31d122712410abd4e42\2070\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 37119 ----a-w- c:\3eac32319de31d122712410abd4e42\3076\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 94271 ----a-w- c:\3eac32319de31d122712410abd4e42\3082\eula.rtf
.
---- Directory of C:\bebd6291b379182da1450d5c970aa3 ----
.
2012-06-30 21:49 . 2012-06-30 21:49 788 ---ha-w- c:\bebd6291b379182da1450d5c970aa3\$shtdwn$.req
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\bebd6291b379182da1450d5c970aa3\3082\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12064 ----a-w- c:\bebd6291b379182da1450d5c970aa3\2052\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\2070\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1053\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1055\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1046\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1049\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1044\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1045\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12576 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1042\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1043\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1040\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12576 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1041\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13088 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1037\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1038\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1036\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1033\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1035\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1032\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 14112 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1031\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1030\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13600 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1029\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 13088 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1025\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12064 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1028\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 12064 ----a-w- c:\bebd6291b379182da1450d5c970aa3\3076\HotFixInstallerUI.dll
2012-03-20 21:57 . 2012-03-20 21:57 322840 ----a-w- c:\bebd6291b379182da1450d5c970aa3\HotFixInstaller.exe
2012-03-20 21:57 . 2012-03-20 21:57 6188544 ----a-w- c:\bebd6291b379182da1450d5c970aa3\NDP20SP2-KB2686828.msp
2012-03-20 21:47 . 2012-03-20 21:47 15616 ----a-w- c:\bebd6291b379182da1450d5c970aa3\DHtmlHeader.html
2012-03-20 21:47 . 2012-03-20 21:47 7306 -c--a-w- c:\bebd6291b379182da1450d5c970aa3\header.bmp
2012-03-20 21:47 . 2012-03-20 21:47 3580 ----a-w- c:\bebd6291b379182da1450d5c970aa3\ParameterInfo.xml
2012-03-20 21:47 . 2012-03-20 21:47 110348 -c--a-w- c:\bebd6291b379182da1450d5c970aa3\watermark.bmp
2012-03-20 21:47 . 2012-03-20 21:47 76237 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1025\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 37119 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1028\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 74519 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1029\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76465 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1030\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 116656 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1031\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 78951 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1032\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 100363 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1033\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 75533 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1035\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 127060 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1036\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 59647 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1037\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 67624 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1038\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 115589 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1040\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 104768 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1041\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 147711 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1042\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76257 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1043\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 73305 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1044\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 73386 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1045\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 97721 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1046\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 141033 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1049\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76556 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1053\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 77193 ----a-w- c:\bebd6291b379182da1450d5c970aa3\1055\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 102032 ----a-w- c:\bebd6291b379182da1450d5c970aa3\2052\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 76519 ----a-w- c:\bebd6291b379182da1450d5c970aa3\2070\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 37119 ----a-w- c:\bebd6291b379182da1450d5c970aa3\3076\eula.rtf
2012-03-20 21:47 . 2012-03-20 21:47 94271 ----a-w- c:\bebd6291b379182da1450d5c970aa3\3082\eula.rtf
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-02_06.48.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-02 09:54 . 2012-07-02 09:54 16384 c:\windows\temp\Perflib_Perfdata_440.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-28 17:23 880496 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Steam\\steamapps\\martin38697\\team fortress 2\\hl2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.2.2011 16:48 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.4.2010 20:05 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.4.2010 20:05 21256]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [27.6.2012 12:29 1385896]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 9:42 250056]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3.9.2011 17:05 47360]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [21.11.2011 18:12 111872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:00]
.
2012-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
2012-07-02 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-07-01 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-07-01 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-07-01 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
.
------- Doplňkový sken -------
.
IE: &Download All using 4shared Desktop
IE: Download all by YouTube Robot - c:\program files\YouTubeRobot\downall.htm
IE: Download by YouTube Robot - c:\program files\YouTubeRobot\downlink.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: ????3?? - c:\documents and settings\oem\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\oem\Data aplikací\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-02 11:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\oem\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\oem\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4004)
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-07-02 12:00:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-02 10:00
ComboFix2.txt 2012-07-02 06:55
.
Před spuštěním: Volných bajtů: 145 805 860 864
Po spuštění: Volných bajtů: 145 793 540 096
.
- - End Of File - - D987CD82EA834FF764DFFBAF7572F7C0

[jaro3]

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[martin386]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-02 20:54:38
-----------------------------
20:54:38.437 OS Version: Windows 5.1.2600 Service Pack 3
20:54:38.437 Number of processors: 2 586 0xF0D
20:54:38.437 ComputerName: LAN UserName: oem
20:54:39.406 Initialize success
20:54:43.484 AVAST engine defs: 12070201
20:54:46.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:54:46.062 Disk 0 Vendor: ST3250318AS CC35 Size: 238474MB BusType: 3
20:54:46.078 Disk 0 MBR read successfully
20:54:46.078 Disk 0 MBR scan
20:54:46.109 Disk 0 Windows XP default MBR code
20:54:46.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
20:54:46.125 Disk 0 scanning sectors +488376000
20:54:46.187 Disk 0 scanning C:\WINDOWS\system32\drivers
20:54:55.031 Service scanning
20:55:08.687 Modules scanning
20:55:12.656 Disk 0 trace - called modules:
20:55:12.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
20:55:12.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6dcab8]
20:55:13.187 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a6619e8]
20:55:13.187 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a661d98]
20:55:13.187 \Driver\atapi[0x8a65e310] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xba0c98b4]
20:55:13.703 AVAST engine scan C:\WINDOWS
20:55:20.703 AVAST engine scan C:\WINDOWS\system32
20:58:23.046 AVAST engine scan C:\WINDOWS\system32\drivers
20:58:40.343 AVAST engine scan C:\Documents and Settings\oem
21:08:59.109 AVAST engine scan C:\Documents and Settings\All Users
21:12:09.828 Scan finished successfully
21:12:19.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\oem\Plocha\MBR.dat"
21:12:19.000 The log file has been saved successfully to "C:\Documents and Settings\oem\Plocha\aswMBR.txt"

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

AtJob::

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Stáhni si Memtest:

Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.


Je třeba zkontrolovat HDD na chyby , zkusit jeho defragmentaci ..

[martin386]

ComboFix 12-07-02.01 - oem 02.07.2012 22:57:32.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1406 [GMT 2:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\oem\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-02 do 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-01 10:25 . 2012-07-01 10:25 -------- d-----w- c:\program files\Common Files\Java
2012-07-01 10:25 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-01 10:24 . 2012-07-01 10:24 -------- d-----w- c:\program files\Oracle
2012-07-01 10:23 . 2012-07-01 10:23 -------- d-----w- c:\documents and settings\oem\Data aplikací\Oracle
2012-07-01 10:20 . 2012-05-04 17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-01 09:33 . 2012-07-01 09:33 -------- d-----w- C:\3eac32319de31d122712410abd4e42
2012-06-30 21:49 . 2012-06-30 21:49 -------- d-----w- C:\bebd6291b379182da1450d5c970aa3
2012-06-29 09:27 . 2012-06-29 09:27 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-06-25 13:38 . 2012-06-25 13:38 -------- d-----w- C:\3ccc0620e598ac689d3e2796c5
2012-06-18 19:26 . 2012-07-02 19:21 -------- d-----w- c:\documents and settings\oem\Data aplikací\.minecraft
2012-06-17 19:34 . 2012-06-17 19:34 -------- d-----w- c:\documents and settings\oem\Data aplikací\Sony
2012-06-15 16:22 . 2012-06-15 16:22 -------- d-----w- c:\documents and settings\oem\Data aplikací\Z-Software
2012-06-15 16:22 . 2012-06-15 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Z-Software
2012-06-15 16:21 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-06-15 16:21 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-06-15 16:21 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-06-15 16:21 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-06-15 16:21 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-06-15 16:21 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-06-13 16:51 . 2012-06-13 16:51 765440 ----a-r- c:\documents and settings\oem\Data aplikací\Microsoft\Installer\{23BF7533-1747-4744-94FF-CF716FBB5597}\VVCap.exe
2012-06-13 16:51 . 2012-06-13 16:51 -------- d-----w- c:\program files\VVCap
2012-06-13 12:17 . 2012-06-13 12:17 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\Quadriga Games
2012-06-12 18:45 . 2012-06-12 18:45 -------- d-----w- c:\program files\DsNET Corp
2012-06-12 18:44 . 2012-06-12 18:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ask
2012-06-08 15:52 . 2012-06-08 15:53 -------- d-----w- c:\documents and settings\oem\Data aplikací\Media Finder
2012-06-08 15:29 . 2012-06-08 15:29 -------- d-----w- c:\program files\Rockstar Games
2012-06-08 15:29 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-06-08 15:29 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-06-08 15:29 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-06-08 15:29 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-06-08 15:29 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-06-08 15:29 . 2012-06-08 15:29 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-06-08 15:29 . 2012-06-08 15:29 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-02 11:56 . 2012-04-02 07:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-02 11:56 . 2011-09-16 04:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 12:52 . 2010-04-21 18:05 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-28 12:52 . 2010-04-21 18:05 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-28 12:52 . 2011-02-28 14:48 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52 . 2010-04-21 18:05 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-28 12:52 . 2010-04-21 18:05 97352 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-06-28 12:52 . 2010-04-21 18:05 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-06-28 12:52 . 2010-04-21 18:05 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-28 12:52 . 2010-04-21 18:05 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-06-28 12:52 . 2010-06-29 08:37 41224 ----a-w- c:\windows\avastSS.scr
2012-06-28 12:51 . 2010-04-21 18:05 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-02 13:19 . 2008-10-16 12:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 12:08 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-09-09 12:11 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-09-09 12:11 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-09-09 12:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-09-09 12:11 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-09-09 12:11 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 12:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 12:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-09-09 12:11 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-09-09 12:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-10-04 08:17 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-10-04 08:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-10-04 08:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:59 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-05 03:14 . 2008-04-14 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-04 17:29 . 2010-07-19 19:13 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-02 13:46 . 2009-09-09 12:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:30 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-02_06.48.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-02 20:06 . 2012-07-02 20:06 16384 c:\windows\temp\Perflib_Perfdata_bd0.dat
+ 2012-07-02 11:02 . 2008-07-25 09:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Web.RegularExpressions.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Drawing.Design.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Configuration.Install.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.Vsa.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.VisualBasic.Vsa.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.Build.Utilities.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.Build.Framework.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\ISymWrapper.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\IEHost.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\CustomMarshalers.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\cscompmgd.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Accessibility.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-07-01 11:09 . 2012-07-01 11:09 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft_VsaVb.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.VisualC.Dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\IIEHost.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\IEExecRemote.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-07-01 11:09 . 2012-07-01 11:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-07-01 11:08 . 2012-07-01 11:08 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-07-02 11:56 . 2012-07-02 11:56 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
+ 2012-07-02 11:56 . 2012-07-02 11:56 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
+ 2012-04-02 07:42 . 2012-07-02 11:56 257224 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-02 11:02 . 2008-07-25 09:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Web.Services.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Web.Mobile.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Transactions.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.ServiceProcess.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Security.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Runtime.Remoting.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Messaging.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Management.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.EnterpriseServices.Wrapper.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.EnterpriseServices.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Drawing.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.DirectoryServices.Protocols.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.DirectoryServices.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Deployment.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Data.SqlXml.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Data.OracleClient.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.configuration.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\sysglobl.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.VisualBasic.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.VisualBasic.Compatibility.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.JScript.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.Build.Tasks.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\Microsoft.Build.Engine.dll
+ 2012-07-02 11:02 . 2008-07-25 09:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\AspNetMMCExt.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-07-01 11:09 . 2012-07-01 11:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.XML.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Windows.Forms.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 5238784 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Web.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Design.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\System.Data.dll
+ 2012-07-02 11:02 . 2008-07-25 09:17 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23452\mscorlib.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-07-01 11:08 . 2012-07-01 11:08 5238784 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 5238784 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-07-02 11:02 . 2012-07-02 11:02 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-07-01 11:09 . 2012-07-01 11:09 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-28 17:23 880496 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Steam\\steamapps\\martin38697\\team fortress 2\\hl2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.2.2011 16:48 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.4.2010 20:05 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.4.2010 20:05 21256]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [27.6.2012 12:29 1385896]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 9:42 257224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3.9.2011 17:05 47360]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [21.11.2011 18:12 111872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 11:56]
.
2012-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Doplňkový sken -------
.
IE: &Download All using 4shared Desktop
IE: Download all by YouTube Robot - c:\program files\YouTubeRobot\downall.htm
IE: Download by YouTube Robot - c:\program files\YouTubeRobot\downlink.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: ????3?? - c:\documents and settings\oem\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\oem\Data aplikací\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-02 23:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\oem\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\oem\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
Celkový čas: 2012-07-02 23:05:39
ComboFix-quarantined-files.txt 2012-07-02 21:05
ComboFix2.txt 2012-07-02 10:01
ComboFix3.txt 2012-07-02 06:55
.
Před spuštěním: Volných bajtů: 145 569 742 848
Po spuštění: Volných bajtů: 145 571 696 640
.
- - End Of File - - E62B7B96F0956141272DA3F6844D3039