FCB vir

[C0R3]

Ahoj všichni včera ráno jsem naletěl na odkaz a chytl vir který dá dotyčnému vzdálený přístup a neustále vám restartuje PC.

Vyřešil jsem to tak že jsem zformátoval HDD a nainstaloval operační systém a ostatní programy na čistý HDD.
Je toto řešení dostačující ?

Tady mám svůj log

Logfile of random's system information tool 1.09 (written by random/random)
Run by C0R3 at 2011-08-23 13:51:48
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 219 GB (46%) free of 477 GB
Total RAM: 4094 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:51:54, on 23.8.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ICQ7.6\ICQ.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2011\PSD 2011.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Program Files\trend micro\C0R3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\C0R3\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = ?
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7311 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
Ati2evxx.exe -Client
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-87ea9601-a601-40dd-8c41-00d135d9f404 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2475a366-bb01-4cef-abdf-964bf67bd48e -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-665baa86-4e7e-4dda-8aa7-cdd5d9e6bab8 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5d5ab8e3-babe-4e93-95eb-c3c7e7004dc8
taskeng.exe {8ADCF60F-B1A1-4B50-85C0-4840F85DFE21}
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
taskeng.exe {1F527C94-3749-4115-A4F2-0745BC4037A8}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
"C:\Windows\RAVCpl64.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2011\PSD 2011.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4644.a287240.1684091836 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" - -omnijar C:\Program Files (x86)\Mozilla Firefox\omni.jar 4644 \\.\pipe\gecko-crash-server-pipe.4644 plugin
"C:\Program Files (x86)\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\C0R3\Downloads\ProEvo44lutionSoc58cer2012PCDemo-elamigos.rar" "?\"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe21_ Global\UsGthrCtrlFltPipeMssGthrPipe21 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 644 648 656 65536 652
"C:\Users\C0R3\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2339401156-3218567862-1111171233-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2339401156-3218567862-1111171233-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2010-03-25 1548096]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1584184]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-01-29 5682688]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2918656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
"Google Update"=C:\Users\C0R3\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 136176]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2011-08-22 1242448]
"ICQ"=C:\Program Files (x86)\ICQ7.6\ICQ.exe [2011-08-22 127040]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Aktualizovat ESET licenci.lnk - C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-08-23 12:39:48 ----D---- C:\rsit
2011-08-23 12:39:48 ----D---- C:\Program Files\trend micro
2011-08-23 10:57:03 ----A---- C:\Windows\system32\wsepno.dll
2011-08-23 10:57:02 ----A---- C:\Windows\system32\msshooks.dll
2011-08-23 10:57:02 ----A---- C:\Windows\system32\msscb.dll
2011-08-23 10:57:01 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2011-08-23 10:57:01 ----A---- C:\Windows\SYSWOW64\msscb.dll
2011-08-23 10:57:01 ----A---- C:\Windows\SYSWOW64\mimefilt.dll
2011-08-23 10:57:01 ----A---- C:\Windows\system32\xmlfilter.dll
2011-08-23 10:57:01 ----A---- C:\Windows\system32\rtffilt.dll
2011-08-23 10:57:01 ----A---- C:\Windows\system32\propdefs.dll
2011-08-23 10:57:01 ----A---- C:\Windows\system32\mimefilt.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\thawbrkr.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\propsys.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\propdefs.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\offfilt.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\msstrc.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\msshsq.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\korwbrkr.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\chsbrkr.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\thawbrkr.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\srchadmin.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\propsys.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\offfilt.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\nlhtml.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\mssprxy.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\mssitlb.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\msshsq.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\korwbrkr.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\chsbrkr.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\xmlfilter.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\rtffilt.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\nlhtml.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\chtbrkr.dll
2011-08-23 10:56:58 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-08-23 10:56:58 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-08-23 10:56:58 ----A---- C:\Windows\system32\msstrc.dll
2011-08-23 10:56:58 ----A---- C:\Windows\system32\msscntrs.dll
2011-08-23 10:56:58 ----A---- C:\Windows\system32\chtbrkr.dll
2011-08-23 10:56:57 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-08-23 10:56:57 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-08-23 10:56:57 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-08-23 10:56:57 ----A---- C:\Windows\system32\tquery.dll
2011-08-23 10:56:57 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-08-23 10:56:57 ----A---- C:\Windows\system32\mssvp.dll
2011-08-23 10:56:57 ----A---- C:\Windows\system32\mssrch.dll
2011-08-23 10:56:57 ----A---- C:\Windows\system32\mssphtb.dll
2011-08-23 10:56:57 ----A---- C:\Windows\system32\mssph.dll
2011-08-23 10:49:19 ----D---- C:\Program Files (x86)\MSXML 4.0
2011-08-23 10:40:16 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2011-08-23 10:40:16 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2011-08-23 10:40:16 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2011-08-23 10:40:16 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2011-08-23 10:40:16 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2011-08-23 10:40:16 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-08-23 10:40:16 ----A---- C:\Windows\system32\PresentationHost.exe
2011-08-23 10:40:16 ----A---- C:\Windows\system32\netfxperf.dll
2011-08-23 10:40:16 ----A---- C:\Windows\system32\mscoree.dll
2011-08-23 10:40:16 ----A---- C:\Windows\system32\dfshim.dll
2011-08-23 10:36:28 ----D---- C:\ProgramData\ATI
2011-08-23 10:21:46 ----A---- C:\Windows\system32\drivers\AtiPcie.sys
2011-08-23 10:17:11 ----D---- C:\Users\C0R3\AppData\Roaming\ATI
2011-08-23 10:12:36 ----D---- C:\Program Files (x86)\ATI Technologies
2011-08-23 10:11:32 ----A---- C:\Windows\system32\drivers\amdide64.sys
2011-08-23 10:10:59 ----D---- C:\Program Files\Common Files\ATI Technologies
2011-08-23 10:10:28 ----A---- C:\Windows\SYSWOW64\atiumdva.dat
2011-08-23 10:10:28 ----A---- C:\Windows\system32\ATIDEMGX.dll
2011-08-23 10:10:27 ----A---- C:\Windows\system32\atiumd6a.dat
2011-08-23 10:09:13 ----D---- C:\Program Files\ATI Technologies
2011-08-23 10:09:11 ----D---- C:\Program Files\ATI
2011-08-23 08:53:47 ----A---- C:\Windows\SYSWOW64\Apphlpdm.dll
2011-08-23 08:53:47 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-08-23 08:53:46 ----A---- C:\Windows\SYSWOW64\GameUXLegacyGDFs.dll
2011-08-23 08:53:46 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-08-23 08:35:14 ----A---- C:\ProgramData\NTUSER.DAT
2011-08-22 23:50:48 ----D---- C:\Windows\SYSWOW64\WindowsPowerShell
2011-08-22 23:50:47 ----D---- C:\Windows\system32\WindowsPowerShell
2011-08-22 22:53:50 ----D---- C:\ProgramData\Sun
2011-08-22 22:26:13 ----A---- C:\Windows\system32\icardres.dll
2011-08-22 22:26:12 ----A---- C:\Windows\SYSWOW64\PresentationNative_v0300.dll
2011-08-22 22:26:12 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2011-08-22 22:26:12 ----A---- C:\Windows\SYSWOW64\icardres.dll
2011-08-22 22:26:12 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2011-08-22 22:26:12 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2011-08-22 22:26:12 ----A---- C:\Windows\system32\infocardapi.dll
2011-08-22 22:26:12 ----A---- C:\Windows\system32\icardagt.exe
2011-08-22 22:26:08 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2011-08-22 22:26:08 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-08-22 22:21:43 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-08-22 22:21:43 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-08-22 22:21:43 ----A---- C:\Windows\SYSWOW64\java.exe
2011-08-22 22:21:43 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-08-22 22:18:35 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2011-08-22 22:18:35 ----A---- C:\Windows\system32\mscorier.dll
2011-08-22 22:18:33 ----A---- C:\Windows\system32\mscories.dll
2011-08-22 22:18:32 ----A---- C:\Windows\SYSWOW64\mscories.dll
2011-08-22 22:16:19 ----A---- C:\Windows\system32\browserchoice.exe
2011-08-22 22:12:22 ----A---- C:\Windows\SYSWOW64\nshhttp.dll
2011-08-22 22:12:22 ----A---- C:\Windows\system32\nshhttp.dll
2011-08-22 22:12:20 ----A---- C:\Windows\system32\httpapi.dll
2011-08-22 22:12:20 ----A---- C:\Windows\system32\drivers\http.sys
2011-08-22 22:12:19 ----A---- C:\Windows\SYSWOW64\httpapi.dll
2011-08-22 22:06:59 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-08-22 22:06:59 ----A---- C:\Windows\system32\psisdecd.dll
2011-08-22 22:04:44 ----A---- C:\Windows\SYSWOW64\winrsmgr.dll
2011-08-22 22:04:44 ----A---- C:\Windows\system32\winrsmgr.dll
2011-08-22 22:04:43 ----A---- C:\Windows\system32\wsmplpxy.dll
2011-08-22 22:04:43 ----A---- C:\Windows\system32\winrssrv.dll
2011-08-22 22:04:41 ----A---- C:\Windows\SYSWOW64\wsmplpxy.dll
2011-08-22 22:04:41 ----A---- C:\Windows\SYSWOW64\winrssrv.dll
2011-08-22 22:04:38 ----A---- C:\Windows\SYSWOW64\pwrshplugin.dll
2011-08-22 22:04:38 ----A---- C:\Windows\system32\pwrshplugin.dll
2011-08-22 22:04:37 ----A---- C:\Windows\system32\wsmprovhost.exe
2011-08-22 22:04:37 ----A---- C:\Windows\system32\winrshost.exe
2011-08-22 22:04:37 ----A---- C:\Windows\system32\winrs.exe
2011-08-22 22:04:35 ----A---- C:\Windows\SYSWOW64\WsmRes.dll
2011-08-22 22:04:35 ----A---- C:\Windows\SYSWOW64\wecutil.exe
2011-08-22 22:04:35 ----A---- C:\Windows\SYSWOW64\wecapi.dll
2011-08-22 22:04:35 ----A---- C:\Windows\system32\WsmRes.dll
2011-08-22 22:04:35 ----A---- C:\Windows\system32\wevtfwd.dll
2011-08-22 22:04:35 ----A---- C:\Windows\system32\wecutil.exe
2011-08-22 22:04:35 ----A---- C:\Windows\system32\wecsvc.dll
2011-08-22 22:04:35 ----A---- C:\Windows\system32\wecapi.dll
2011-08-22 22:04:34 ----A---- C:\Windows\SYSWOW64\wsmprovhost.exe
2011-08-22 22:04:34 ----A---- C:\Windows\SYSWOW64\winrshost.exe
2011-08-22 22:04:34 ----A---- C:\Windows\SYSWOW64\winrs.exe
2011-08-22 22:04:34 ----A---- C:\Windows\SYSWOW64\wevtfwd.dll
2011-08-22 22:04:32 ----A---- C:\Windows\SYSWOW64\winrm.vbs
2011-08-22 22:04:32 ----A---- C:\Windows\system32\winrm.vbs
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\WsmAuto.dll
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\WSManMigrationPlugin.dll
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\WSManHTTPConfig.exe
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\winrscmd.dll
2011-08-22 22:04:31 ----A---- C:\Windows\system32\WsmWmiPl.dll
2011-08-22 22:04:31 ----A---- C:\Windows\system32\WsmAuto.dll
2011-08-22 22:04:31 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2011-08-22 22:04:31 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2011-08-22 22:04:31 ----A---- C:\Windows\system32\winrscmd.dll
2011-08-22 22:04:30 ----A---- C:\Windows\system32\WsmSvc.dll
2011-08-22 21:57:45 ----N---- C:\Windows\system32\MpSigStub.exe
2011-08-22 21:49:09 ----A---- C:\Windows\SYSWOW64\gameux.dll
2011-08-22 21:49:09 ----A---- C:\Windows\system32\gameux.dll
2011-08-22 21:49:05 ----A---- C:\Windows\system32\mshtml.dll
2011-08-22 21:49:03 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-22 21:49:02 ----A---- C:\Windows\system32\ieframe.dll
2011-08-22 21:49:01 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2011-08-22 21:49:01 ----A---- C:\Windows\system32\ieapfltr.dat
2011-08-22 21:48:59 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-22 21:48:59 ----A---- C:\Windows\system32\wininet.dll
2011-08-22 21:48:59 ----A---- C:\Windows\system32\urlmon.dll
2011-08-22 21:48:58 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-22 21:48:58 ----A---- C:\Windows\system32\mstime.dll
2011-08-22 21:48:57 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-22 21:48:57 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-08-22 21:48:57 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-22 21:48:56 ----A---- C:\Windows\SYSWOW64\occache.dll
2011-08-22 21:48:56 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-22 21:48:56 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-22 21:48:56 ----A---- C:\Windows\system32\occache.dll
2011-08-22 21:48:56 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-22 21:48:55 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-22 21:48:55 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-08-22 21:48:55 ----A---- C:\Windows\system32\iertutil.dll
2011-08-22 21:48:55 ----A---- C:\Windows\system32\iepeers.dll
2011-08-22 21:48:55 ----A---- C:\Windows\system32\iedkcs32.dll
2011-08-22 21:48:54 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-08-22 21:48:54 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2011-08-22 21:48:54 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2011-08-22 21:48:54 ----A---- C:\Windows\system32\ieUnatt.exe
2011-08-22 21:48:54 ----A---- C:\Windows\system32\ieapfltr.dll
2011-08-22 21:48:54 ----A---- C:\Windows\system32\ieaksie.dll
2011-08-22 21:48:53 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-22 21:48:53 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2011-08-22 21:48:53 ----A---- C:\Windows\SYSWOW64\ieencode.dll
2011-08-22 21:48:53 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-22 21:48:53 ----A---- C:\Windows\system32\ieencode.dll
2011-08-22 21:48:50 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2011-08-22 21:48:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-22 21:48:27 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2011-08-22 21:48:27 ----A---- C:\Windows\system32\ntdll.dll
2011-08-22 21:48:23 ----A---- C:\Windows\system32\rpcss.dll
2011-08-22 21:48:23 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-08-22 21:48:21 ----A---- C:\Windows\SYSWOW64\sdohlp.dll
2011-08-22 21:48:21 ----A---- C:\Windows\SYSWOW64\iasrecst.dll
2011-08-22 21:48:21 ----A---- C:\Windows\SYSWOW64\iashost.exe
2011-08-22 21:48:21 ----A---- C:\Windows\SYSWOW64\iasdatastore.dll
2011-08-22 21:48:21 ----A---- C:\Windows\SYSWOW64\iasads.dll
2011-08-22 21:48:21 ----A---- C:\Windows\system32\sdohlp.dll
2011-08-22 21:48:21 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-08-22 21:48:21 ----A---- C:\Windows\system32\iasrecst.dll
2011-08-22 21:48:21 ----A---- C:\Windows\system32\iashost.exe
2011-08-22 21:48:21 ----A---- C:\Windows\system32\iasdatastore.dll
2011-08-22 21:48:21 ----A---- C:\Windows\system32\iasads.dll
2011-08-22 21:48:13 ----A---- C:\Windows\SYSWOW64\netiohlp.dll
2011-08-22 21:48:13 ----A---- C:\Windows\system32\netiohlp.dll
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\TCPSVCS.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\ROUTE.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\NETSTAT.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\MRINFO.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\HOSTNAME.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\finger.exe
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\ARP.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\TCPSVCS.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\ROUTE.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\NETSTAT.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\MRINFO.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\HOSTNAME.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\finger.exe
2011-08-22 21:48:12 ----A---- C:\Windows\system32\ARP.EXE
2011-08-22 21:48:11 ----A---- C:\Windows\SYSWOW64\netevent.dll
2011-08-22 21:48:11 ----A---- C:\Windows\system32\netevent.dll
2011-08-22 21:47:39 ----A---- C:\Windows\SYSWOW64\shsvcs.dll
2011-08-22 21:47:39 ----A---- C:\Windows\system32\shsvcs.dll
2011-08-22 21:47:32 ----A---- C:\Windows\system32\wmp.dll
2011-08-22 21:47:26 ----A---- C:\Windows\SYSWOW64\wmp.dll
2011-08-22 21:47:24 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2011-08-22 21:47:23 ----A---- C:\Windows\system32\wmploc.DLL
2011-08-22 21:46:57 ----A---- C:\Windows\SYSWOW64\unregmp2.exe
2011-08-22 21:46:57 ----A---- C:\Windows\system32\unregmp2.exe
2011-08-22 21:46:36 ----A---- C:\Windows\system32\kerberos.dll
2011-08-22 21:46:35 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-08-22 21:46:19 ----A---- C:\Windows\SYSWOW64\apilogen.dll
2011-08-22 21:46:19 ----A---- C:\Windows\SYSWOW64\amxread.dll
2011-08-22 21:46:19 ----A---- C:\Windows\system32\apilogen.dll
2011-08-22 21:46:19 ----A---- C:\Windows\system32\amxread.dll
2011-08-22 21:46:13 ----A---- C:\Windows\system32\shell32.dll
2011-08-22 21:46:10 ----A---- C:\Windows\SYSWOW64\shell32.dll
2011-08-22 21:46:10 ----A---- C:\Windows\system32\shlwapi.dll
2011-08-22 21:46:09 ----A---- C:\Windows\SYSWOW64\shlwapi.dll
2011-08-22 21:46:05 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-22 21:46:05 ----A---- C:\Windows\system32\tzres.dll
2011-08-22 21:45:54 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-08-22 21:45:54 ----A---- C:\Windows\system32\oleaut32.dll
2011-08-22 21:45:53 ----A---- C:\Windows\SYSWOW64\schannel.dll
2011-08-22 21:45:53 ----A---- C:\Windows\system32\schannel.dll
2011-08-22 21:45:48 ----A---- C:\Windows\system32\ci.dll
2011-08-22 21:45:47 ----A---- C:\Windows\SYSWOW64\srclient.dll
2011-08-22 21:45:47 ----A---- C:\Windows\SYSWOW64\kbd106n.dll
2011-08-22 21:45:47 ----A---- C:\Windows\system32\srdelayed.exe
2011-08-22 21:45:47 ----A---- C:\Windows\system32\srcore.dll
2011-08-22 21:45:47 ----A---- C:\Windows\system32\srclient.dll
2011-08-22 21:45:47 ----A---- C:\Windows\system32\rstrui.exe
2011-08-22 21:45:47 ----A---- C:\Windows\system32\kbd106n.dll
2011-08-22 21:45:38 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2011-08-22 21:45:38 ----A---- C:\Windows\system32\rtutils.dll
2011-08-22 21:45:32 ----A---- C:\Windows\SYSWOW64\NlsLexicons0007.dll
2011-08-22 21:45:32 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2011-08-22 21:45:31 ----A---- C:\Windows\SYSWOW64\NlsLexicons0009.dll
2011-08-22 21:45:31 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2011-08-22 21:45:02 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2011-08-22 21:45:01 ----A---- C:\Windows\SYSWOW64\NaturalLanguage6.dll
2011-08-22 21:44:11 ----A---- C:\Windows\system32\WMVCORE.DLL
2011-08-22 21:44:10 ----A---- C:\Windows\SYSWOW64\WMVCORE.DLL
2011-08-22 21:44:10 ----A---- C:\Windows\system32\mf.dll
2011-08-22 21:44:09 ----A---- C:\Windows\SYSWOW64\mf.dll
2011-08-22 21:44:05 ----A---- C:\Windows\system32\drivers\afd.sys
2011-08-22 21:44:00 ----A---- C:\Windows\system32\rpcrt4.dll
2011-08-22 21:43:59 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2011-08-22 21:43:56 ----A---- C:\Windows\SYSWOW64\wshext.dll
2011-08-22 21:43:56 ----A---- C:\Windows\SYSWOW64\wscript.exe
2011-08-22 21:43:56 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2011-08-22 21:43:56 ----A---- C:\Windows\SYSWOW64\scrobj.dll
2011-08-22 21:43:56 ----A---- C:\Windows\SYSWOW64\cscript.exe
2011-08-22 21:43:56 ----A---- C:\Windows\system32\wshext.dll
2011-08-22 21:43:56 ----A---- C:\Windows\system32\wscript.exe
2011-08-22 21:43:56 ----A---- C:\Windows\system32\scrrun.dll
2011-08-22 21:43:56 ----A---- C:\Windows\system32\scrobj.dll
2011-08-22 21:43:56 ----A---- C:\Windows\system32\cscript.exe
2011-08-22 21:43:54 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-08-22 21:43:54 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-08-22 21:43:54 ----A---- C:\Windows\system32\vbscript.dll
2011-08-22 21:43:54 ----A---- C:\Windows\system32\jscript.dll
2011-08-22 21:43:51 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-22 21:43:50 ----A---- C:\Windows\system32\mfc42u.dll
2011-08-22 21:43:49 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2011-08-22 21:43:49 ----A---- C:\Windows\system32\mfc42.dll
2011-08-22 21:43:48 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2011-08-22 21:43:46 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2011-08-22 21:43:46 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2011-08-22 21:43:46 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-08-22 21:43:46 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-08-22 21:43:46 ----A---- C:\Windows\system32\fontsub.dll
2011-08-22 21:43:46 ----A---- C:\Windows\system32\atmlib.dll
2011-08-22 21:43:46 ----A---- C:\Windows\system32\atmfd.dll
2011-08-22 21:43:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2011-08-22 21:43:43 ----A---- C:\Windows\system32\msxml3.dll
2011-08-22 21:43:37 ----A---- C:\Windows\SYSWOW64\WSDApi.dll
2011-08-22 21:43:37 ----A---- C:\Windows\system32\WSDApi.dll
2011-08-22 21:43:36 ----A---- C:\Windows\SYSWOW64\quartz.dll
2011-08-22 21:43:36 ----A---- C:\Windows\system32\quartz.dll
2011-08-22 21:43:33 ----A---- C:\Windows\system32\comctl32.dll
2011-08-22 21:43:32 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2011-08-22 21:43:30 ----A---- C:\Windows\SYSWOW64\rastls.dll
2011-08-22 21:43:30 ----A---- C:\Windows\SYSWOW64\raschap.dll
2011-08-22 21:43:30 ----A---- C:\Windows\system32\rastls.dll
2011-08-22 21:43:30 ----A---- C:\Windows\system32\raschap.dll
2011-08-22 21:43:29 ----A---- C:\Windows\system32\emdmgmt.dll
2011-08-22 21:43:28 ----A---- C:\Windows\SYSWOW64\dataclen.dll
2011-08-22 21:43:28 ----A---- C:\Windows\system32\drivers\nwifi.sys
2011-08-22 21:43:28 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-08-22 21:43:28 ----A---- C:\Windows\system32\dataclen.dll
2011-08-22 21:43:28 ----A---- C:\Windows\system32\cdd.dll
2011-08-22 21:43:27 ----A---- C:\Windows\SYSWOW64\atl.dll
2011-08-22 21:43:27 ----A---- C:\Windows\system32\atl.dll
2011-08-22 21:43:25 ----A---- C:\Windows\SYSWOW64\connect.dll
2011-08-22 21:43:25 ----A---- C:\Windows\system32\connect.dll
2011-08-22 21:43:07 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2011-08-22 21:43:07 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-08-22 21:43:07 ----A---- C:\Windows\system32\RMActivate.exe
2011-08-22 21:43:06 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2011-08-22 21:43:06 ----A---- C:\Windows\SYSWOW64\secproc.dll
2011-08-22 21:43:06 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2011-08-22 21:43:06 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2011-08-22 21:43:06 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2011-08-22 21:43:06 ----A---- C:\Windows\system32\secproc_isv.dll
2011-08-22 21:43:06 ----A---- C:\Windows\system32\secproc.dll
2011-08-22 21:43:06 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-08-22 21:43:06 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-08-22 21:43:05 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2011-08-22 21:43:05 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2011-08-22 21:43:05 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2011-08-22 21:43:05 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-08-22 21:43:05 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-08-22 21:43:05 ----A---- C:\Windows\system32\msdrm.dll
2011-08-22 21:42:59 ----A---- C:\Windows\SYSWOW64\WMNetMgr.dll
2011-08-22 21:42:59 ----A---- C:\Windows\system32\WMNetMgr.dll
2011-08-22 21:42:58 ----A---- C:\Windows\SYSWOW64\logagent.exe
2011-08-22 21:42:58 ----A---- C:\Windows\system32\logagent.exe
2011-08-22 21:42:44 ----A---- C:\Windows\SYSWOW64\wmpdxm.dll
2011-08-22 21:42:44 ----A---- C:\Windows\system32\wmpdxm.dll
2011-08-22 21:42:43 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2011-08-22 21:42:43 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2011-08-22 21:42:43 ----A---- C:\Windows\system32\spwmp.dll
2011-08-22 21:42:43 ----A---- C:\Windows\system32\dxmasf.dll
2011-08-22 21:42:38 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2011-08-22 21:42:38 ----A---- C:\Windows\system32\msxml6.dll
2011-08-22 21:42:32 ----A---- C:\Windows\system32\drivers\srv.sys
2011-08-22 21:42:30 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-08-22 21:42:30 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-08-22 21:42:29 ----A---- C:\Windows\SYSWOW64\mfc40u.dll
2011-08-22 21:42:29 ----A---- C:\Windows\SYSWOW64\mfc40.dll
2011-08-22 21:42:27 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-08-22 21:42:27 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-22 21:42:27 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-08-22 21:42:25 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-22 21:42:25 ----A---- C:\Windows\system32\kernel32.dll
2011-08-22 21:42:23 ----A---- C:\Windows\system32\ole32.dll
2011-08-22 21:42:22 ----A---- C:\Windows\SYSWOW64\ole32.dll
2011-08-22 21:42:20 ----A---- C:\Windows\system32\win32k.sys
2011-08-22 21:42:18 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2011-08-22 21:42:18 ----A---- C:\Windows\system32\wdigest.dll
2011-08-22 21:42:18 ----A---- C:\Windows\system32\msv1_0.dll
2011-08-22 21:42:18 ----A---- C:\Windows\system32\lsasrv.dll
2011-08-22 21:42:17 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2011-08-22 21:42:17 ----A---- C:\Windows\SYSWOW64\secur32.dll
2011-08-22 21:42:17 ----A---- C:\Windows\system32\secur32.dll
2011-08-22 21:42:17 ----A---- C:\Windows\system32\lsass.exe
2011-08-22 21:42:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2011-08-22 21:42:11 ----A---- C:\Windows\system32\tsbyuv.dll
2011-08-22 21:42:11 ----A---- C:\Windows\system32\msyuv.dll
2011-08-22 21:42:11 ----A---- C:\Windows\system32\msvidc32.dll
2011-08-22 21:42:11 ----A---- C:\Windows\system32\msrle32.dll
2011-08-22 21:42:11 ----A---- C:\Windows\system32\mciavi32.dll
2011-08-22 21:42:11 ----A---- C:\Windows\system32\iyuv_32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\tsbyuv.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\msyuv.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\msvidc32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\msvfw32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\msrle32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\mciavi32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\iyuv_32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\avifil32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\avicap32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\system32\avifil32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\system32\avicap32.dll
2011-08-22 21:42:09 ----A---- C:\Windows\system32\msvfw32.dll
2011-08-22 21:42:08 ----A---- C:\Windows\SYSWOW64\explorer.exe
2011-08-22 21:42:08 ----A---- C:\Windows\explorer.exe
2011-08-22 21:42:06 ----A---- C:\Windows\system32\mstscax.dll
2011-08-22 21:42:05 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2011-08-22 21:42:05 ----A---- C:\Windows\system32\mstsc.exe
2011-08-22 21:42:04 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2011-08-22 21:42:02 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-08-22 21:41:59 ----A---- C:\Windows\system32\winsrv.dll
2011-08-22 21:41:59 ----A---- C:\Windows\system32\csrsrv.dll
2011-08-22 21:41:51 ----A---- C:\Windows\system32\winresume.exe
2011-08-22 21:41:51 ----A---- C:\Windows\system32\winload.exe
2011-08-22 21:41:51 ----A---- C:\Windows\system32\setbcdlocale.dll
2011-08-22 21:41:51 ----A---- C:\Windows\system32\kdusb.dll
2011-08-22 21:41:51 ----A---- C:\Windows\system32\kdcom.dll
2011-08-22 21:41:51 ----A---- C:\Windows\system32\kd1394.dll
2011-08-22 21:41:48 ----A---- C:\Windows\SYSWOW64\odbc32.dll
2011-08-22 21:41:48 ----A---- C:\Windows\system32\odbc32.dll
2011-08-22 21:41:30 ----A---- C:\Windows\SYSWOW64\xolehlp.dll
2011-08-22 21:41:30 ----A---- C:\Windows\SYSWOW64\msdtcprx.dll
2011-08-22 21:41:30 ----A---- C:\Windows\system32\xolehlp.dll
2011-08-22 21:41:30 ----A---- C:\Windows\system32\msdtcprx.dll
2011-08-22 21:41:28 ----A---- C:\Windows\SYSWOW64\wlanmsm.dll
2011-08-22 21:41:28 ----A---- C:\Windows\SYSWOW64\L2SecHC.dll
2011-08-22 21:41:28 ----A---- C:\Windows\system32\wlansec.dll
2011-08-22 21:41:28 ----A---- C:\Windows\system32\wlanmsm.dll
2011-08-22 21:41:28 ----A---- C:\Windows\system32\L2SecHC.dll
2011-08-22 21:41:27 ----A---- C:\Windows\SYSWOW64\wlansec.dll
2011-08-22 21:41:27 ----A---- C:\Windows\system32\wlansvc.dll
2011-08-22 21:41:27 ----A---- C:\Windows\system32\wlanhlp.dll
2011-08-22 21:41:27 ----A---- C:\Windows\system32\wlanapi.dll
2011-08-22 21:41:26 ----A---- C:\Windows\SYSWOW64\wmpeffects.dll
2011-08-22 21:41:26 ----A---- C:\Windows\system32\wmpeffects.dll
2011-08-22 21:41:24 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2011-08-22 21:41:24 ----A---- C:\Windows\system32\winhttp.dll
2011-08-22 21:41:22 ----A---- C:\Windows\SYSWOW64\localspl.dll
2011-08-22 21:41:22 ----A---- C:\Windows\system32\localspl.dll
2011-08-22 21:41:19 ----A---- C:\Windows\SYSWOW64\wshqos.dll
2011-08-22 21:41:19 ----A---- C:\Windows\SYSWOW64\traffic.dll
2011-08-22 21:41:19 ----A---- C:\Windows\SYSWOW64\pacerprf.dll
2011-08-22 21:41:19 ----A---- C:\Windows\system32\wshqos.dll
2011-08-22 21:41:19 ----A---- C:\Windows\system32\traffic.dll
2011-08-22 21:41:19 ----A---- C:\Windows\system32\pacerprf.dll
2011-08-22 21:41:19 ----A---- C:\Windows\system32\drivers\pacer.sys
2011-08-22 21:41:14 ----A---- C:\Windows\system32\wkssvc.dll
2011-08-22 21:41:11 ----A---- C:\Windows\SYSWOW64\usp10.dll
2011-08-22 21:41:11 ----A---- C:\Windows\system32\usp10.dll
2011-08-22 21:41:06 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-08-22 21:41:06 ----A---- C:\Windows\system32\sbe.dll
2011-08-22 21:41:06 ----A---- C:\Windows\system32\EncDec.dll
2011-08-22 21:41:05 ----A---- C:\Windows\SYSWOW64\sbeio.dll
2011-08-22 21:41:05 ----A---- C:\Windows\SYSWOW64\sbe.dll
2011-08-22 21:41:05 ----A---- C:\Windows\system32\sbeio.dll
2011-08-22 21:41:03 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2011-08-22 21:41:03 ----A---- C:\Windows\system32\win32spl.dll
2011-08-22 21:41:02 ----A---- C:\Windows\system32\asycfilt.dll
2011-08-22 21:41:01 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2011-08-22 21:40:58 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2011-08-22 21:40:58 ----A---- C:\Windows\system32\gdi32.dll
2011-08-22 21:40:56 ----A---- C:\Windows\SYSWOW64\PortableDeviceApi.dll
2011-08-22 21:40:56 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2011-08-22 21:40:54 ----A---- C:\Windows\SYSWOW64\WMSPDMOD.DLL
2011-08-22 21:40:54 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2011-08-22 21:40:51 ----A---- C:\Windows\SYSWOW64\MP4SDECD.DLL
2011-08-22 21:40:51 ----A---- C:\Windows\system32\MP4SDECD.DLL
2011-08-22 21:40:50 ----A---- C:\Windows\SYSWOW64\msasn1.dll
2011-08-22 21:40:50 ----A---- C:\Windows\system32\msasn1.dll
2011-08-22 21:40:48 ----A---- C:\Windows\system32\inetcomm.dll
2011-08-22 21:40:47 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-08-22 21:40:46 ----A---- C:\Windows\system32\spoolsv.exe
2011-08-22 21:40:45 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2011-08-22 21:40:45 ----A---- C:\Windows\system32\t2embed.dll
2011-08-22 21:40:42 ----A---- C:\Windows\SYSWOW64\es.dll
2011-08-22 21:40:42 ----A---- C:\Windows\system32\es.dll
2011-08-22 21:40:39 ----A---- C:\Windows\system32\IPSECSVC.DLL
2011-08-22 21:40:38 ----A---- C:\Windows\SYSWOW64\winipsec.dll
2011-08-22 21:40:38 ----A---- C:\Windows\SYSWOW64\polstore.dll
2011-08-22 21:40:38 ----A---- C:\Windows\SYSWOW64\FwRemoteSvr.dll
2011-08-22 21:40:37 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2011-08-22 21:40:37 ----A---- C:\Windows\system32\wshrm.dll
2011-08-22 21:40:37 ----A---- C:\Windows\system32\drivers\rmcast.sys
2011-08-22 21:40:34 ----A---- C:\Windows\system32\sdclt.exe
2011-08-22 21:40:31 ----A---- C:\Windows\system32\consent.exe
2011-08-22 21:40:18 ----A---- C:\Windows\SYSWOW64\Faultrep.dll
2011-08-22 21:40:18 ----A---- C:\Windows\system32\Faultrep.dll
2011-08-22 21:40:17 ----A---- C:\Windows\system32\wersvc.dll
2011-08-22 21:40:16 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-08-22 21:34:59 ----A---- C:\Windows\system32\wmpmde.dll
2011-08-22 21:34:58 ----A---- C:\Windows\SYSWOW64\wmpmde.dll
2011-08-22 21:32:34 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2011-08-22 21:32:34 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-08-22 21:32:34 ----A---- C:\Windows\system32\taskschd.dll
2011-08-22 21:32:34 ----A---- C:\Windows\system32\taskeng.exe
2011-08-22 21:32:34 ----A---- C:\Windows\system32\taskcomp.dll
2011-08-22 21:32:34 ----A---- C:\Windows\system32\schedsvc.dll
2011-08-22 21:32:33 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2011-08-22 21:32:33 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2011-08-22 21:32:30 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2011-08-22 21:32:30 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2011-08-22 21:32:30 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-08-22 21:32:30 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-08-22 21:32:30 ----A---- C:\Windows\system32\dnsapi.dll
2011-08-22 21:32:10 ----A---- C:\Windows\SYSWOW64\PhotoMetadataHandler.dll
2011-08-22 21:32:10 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2011-08-22 21:32:10 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2011-08-22 21:32:09 ----A---- C:\Windows\SYSWOW64\WindowsCodecsExt.dll
2011-08-22 21:32:09 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2011-08-22 21:32:09 ----A---- C:\Windows\system32\WindowsCodecs.dll
2011-08-22 21:22:25 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2011-08-22 21:22:25 ----A---- C:\Windows\system32\netapi32.dll
2011-08-22 21:16:38 ----D---- C:\Program Files (x86)\ICQ6Toolbar
2011-08-22 21:16:32 ----D---- C:\ProgramData\ICQ
2011-08-22 21:15:54 ----D---- C:\Users\C0R3\AppData\Roaming\ICQ
2011-08-22 21:15:48 ----D---- C:\Program Files (x86)\ICQ7.6
2011-08-22 21:08:30 ----A---- C:\Windows\SYSWOW64\cabview.dll
2011-08-22 21:08:30 ----A---- C:\Windows\system32\cabview.dll
2011-08-22 21:08:29 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2011-08-22 21:08:29 ----A---- C:\Windows\system32\wintrust.dll
2011-08-22 21:07:18 ----D---- C:\Program Files (x86)\The KMPlayer
2011-08-22 21:03:15 ----D---- C:\Users\C0R3\AppData\Roaming\CyberLink
2011-08-22 21:01:48 ----D---- C:\ProgramData\CyberLink
2011-08-22 21:01:24 ----N---- C:\Windows\SYSWOW64\msxml3a.dll
2011-08-22 21:01:06 ----N---- C:\Windows\SYSWOW64\msvcr71.dll
2011-08-22 21:01:06 ----N---- C:\Windows\SYSWOW64\msvcp71.dll
2011-08-22 21:01:05 ----D---- C:\Program Files (x86)\CyberLink
2011-08-22 20:40:10 ----D---- C:\Program Files (x86)\Java
2011-08-22 20:39:14 ----D---- C:\Program Files (x86)\ESET
2011-08-22 20:28:27 ----D---- C:\Users\C0R3\AppData\Roaming\ESET
2011-08-22 20:26:55 ----D---- C:\ProgramData\ESET
2011-08-22 20:26:55 ----D---- C:\Program Files\ESET
2011-08-22 20:19:37 ----D---- C:\ProgramData\KONAMI
2011-08-22 20:19:37 ----D---- C:\Program Files (x86)\KONAMI
2011-08-22 20:04:45 ----D---- C:\Program Files (x86)\Steam
2011-08-22 19:40:59 ----D---- C:\Windows\SYSWOW64\Macromed
2011-08-22 17:28:45 ----D---- C:\Users\C0R3\AppData\Roaming\Macromedia
2011-08-22 17:28:45 ----D---- C:\Users\C0R3\AppData\Roaming\Adobe
2011-08-22 17:16:29 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar
2011-08-22 17:16:04 ----A---- C:\Windows\system32\drivers\sptd.sys
2011-08-22 17:15:38 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-08-22 17:15:28 ----D---- C:\Users\C0R3\AppData\Roaming\DAEMON Tools Lite
2011-08-22 17:15:25 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-08-22 17:15:15 ----D---- C:\Users\C0R3\AppData\Roaming\WinRAR
2011-08-22 17:12:01 ----D---- C:\Program Files (x86)\WinRAR
2011-08-22 17:11:22 ----D---- C:\Users\C0R3\AppData\Roaming\Mozilla
2011-08-22 17:10:48 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-22 17:01:27 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2011-08-22 17:01:16 ----D---- C:\Windows\SYSWOW64\RTCOM
2011-08-22 17:00:48 ----A---- C:\Windows\DIFxAPI.dll
2011-08-22 17:00:46 ----A---- C:\Windows\system32\SRSWOW64.dll
2011-08-22 17:00:46 ----A---- C:\Windows\system32\SRSTSX64.dll
2011-08-22 17:00:46 ----A---- C:\Windows\system32\SRSTSH64.dll
2011-08-22 17:00:46 ----A---- C:\Windows\system32\SRSHP64.dll
2011-08-22 17:00:46 ----A---- C:\Windows\SkyTel.exe
2011-08-22 17:00:46 ----A---- C:\Windows\RtlUpd64.exe
2011-08-22 17:00:45 ----A---- C:\Windows\system32\RtPgEx64.dll
2011-08-22 17:00:45 ----A---- C:\Windows\system32\RtkAPO64.dll
2011-08-22 17:00:45 ----A---- C:\Windows\system32\RtkApi64.dll
2011-08-22 17:00:44 ----A---- C:\Windows\system32\RCoInst64.dll
2011-08-22 17:00:44 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2011-08-22 17:00:43 ----A---- C:\Windows\RAVCpl64.exe
2011-08-22 17:00:42 ----D---- C:\Program Files (x86)\Realtek
2011-08-22 17:00:41 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-22 17:00:40 ----A---- C:\Windows\HideWin.exe
2011-08-22 17:00:39 ----R---- C:\Windows\RtlExUpd.dll
2011-08-22 16:58:17 ----D---- C:\Users\C0R3\AppData\Roaming\Nero
2011-08-22 16:49:48 ----D---- C:\Program Files (x86)\NeroInstall.bak
2011-08-22 16:48:12 ----A---- C:\Windows\Irremote.ini
2011-08-22 16:46:45 ----RAS---- C:\BOOTSECT.BAK
2011-08-22 16:46:43 ----SHD---- C:\Boot
2011-08-22 16:45:54 ----D---- C:\ProgramData\Nero
2011-08-22 16:45:54 ----D---- C:\Program Files (x86)\Nero
2011-08-22 16:43:18 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-08-22 16:43:18 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-08-22 16:13:54 ----D---- C:\Program Files (x86)\Microsoft Works
2011-08-22 16:13:40 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-08-22 16:13:31 ----D---- C:\Windows\PCHEALTH
2011-08-22 16:13:31 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-08-22 16:10:57 ----D---- C:\Program Files\Microsoft Office
2011-08-22 16:10:16 ----D---- C:\ProgramData\Microsoft Help
2011-08-22 16:10:16 ----D---- C:\Program Files (x86)\Microsoft Office
2011-08-22 16:10:13 ----SHD---- C:\Windows\Installer
2011-08-22 16:09:59 ----RHD---- C:\MSOCache
2011-08-22 16:01:33 ----A---- C:\Windows\system32\wups2.dll
2011-08-22 16:01:33 ----A---- C:\Windows\system32\wucltux.dll
2011-08-22 16:01:33 ----A---- C:\Windows\system32\wuaueng.dll
2011-08-22 16:01:33 ----A---- C:\Windows\system32\wuauclt.exe
2011-08-22 16:01:19 ----A---- C:\Windows\SYSWOW64\wups.dll
2011-08-22 16:01:19 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2011-08-22 16:01:19 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2011-08-22 16:01:19 ----A---- C:\Windows\system32\wups.dll
2011-08-22 16:01:19 ----A---- C:\Windows\system32\wudriver.dll
2011-08-22 16:01:19 ----A---- C:\Windows\system32\wuapi.dll
2011-08-22 16:01:09 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2011-08-22 16:01:09 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2011-08-22 16:01:09 ----A---- C:\Windows\system32\wuwebv.dll
2011-08-22 16:01:09 ----A---- C:\Windows\system32\wuapp.exe
2011-08-22 15:59:39 ----D---- C:\Users\C0R3\AppData\Roaming\Identities
2011-08-22 15:59:30 ----D---- C:\Users\C0R3\AppData\Roaming\Media Center Programs
2011-08-22 15:59:29 ----SD---- C:\Users\C0R3\AppData\Roaming\Microsoft
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Šablony
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Plocha
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Oblíbené položky
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Nabídka Start
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Dokumenty
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Data aplikací
2011-08-22 15:56:27 ----D---- C:\Windows\Debug
2011-08-22 15:51:55 ----D---- C:\Windows\SoftwareDistribution
2011-08-22 15:47:35 ----D---- C:\Windows\Prefetch
2011-08-22 15:47:33 ----SHD---- C:\System Volume Information
2011-08-22 15:47:33 ----ASH---- C:\pagefile.sys

======List of files/folders modified in the last 1 month======

2011-08-23 13:51:50 ----D---- C:\Windows\Temp
2011-08-23 12:39:48 ----RD---- C:\Program Files
2011-08-23 12:07:20 ----D---- C:\Windows\Microsoft.NET
2011-08-23 12:07:13 ----RSD---- C:\Windows\assembly
2011-08-23 11:37:50 ----D---- C:\Windows\winsxs
2011-08-23 11:18:09 ----D---- C:\Windows\System32
2011-08-23 11:18:09 ----D---- C:\Windows\inf
2011-08-23 11:18:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-23 11:13:01 ----D---- C:\Windows\system32\catroot2
2011-08-23 11:13:01 ----D---- C:\Windows\system32\catroot
2011-08-23 11:10:26 ----D---- C:\Windows
2011-08-23 11:10:07 ----D---- C:\Windows\SysWOW64
2011-08-23 11:10:07 ----D---- C:\Windows\system32\drivers
2011-08-23 11:10:07 ----D---- C:\Program Files\Windows Media Player
2011-08-23 11:10:07 ----D---- C:\Program Files (x86)\Windows Media Player
2011-08-23 11:10:04 ----D---- C:\Windows\SYSWOW64\wbem
2011-08-23 11:10:04 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-23 11:10:04 ----D---- C:\Windows\system32\wbem
2011-08-23 11:10:02 ----D---- C:\Windows\system32\cs-CZ
2011-08-23 11:10:02 ----D---- C:\Windows\PolicyDefinitions
2011-08-23 11:10:00 ----D---- C:\Windows\SYSWOW64\migration
2011-08-23 11:10:00 ----D---- C:\Program Files\Internet Explorer
2011-08-23 11:10:00 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-23 11:09:58 ----D---- C:\Windows\system32\migration
2011-08-23 11:09:55 ----D---- C:\Windows\ehome
2011-08-23 11:09:53 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-08-23 11:09:53 ----D---- C:\Windows\system32\manifeststore
2011-08-23 11:09:53 ----D---- C:\Windows\AppPatch
2011-08-23 11:09:44 ----D---- C:\Windows\SYSWOW64\XPSViewer
2011-08-23 10:49:19 ----RD---- C:\Program Files (x86)
2011-08-23 10:36:28 ----HD---- C:\ProgramData
2011-08-23 10:10:59 ----D---- C:\Program Files\Common Files
2011-08-23 08:47:45 ----SD---- C:\Windows\Downloaded Program Files
2011-08-23 08:28:05 ----D---- C:\Windows\system32\WDI
2011-08-22 23:51:01 ----D---- C:\Program Files\Windows Mail
2011-08-22 23:51:01 ----D---- C:\Program Files (x86)\Windows Mail
2011-08-22 23:50:59 ----D---- C:\Windows\SYSWOW64\en-US
2011-08-22 23:50:59 ----D---- C:\Windows\system32\en-US
2011-08-22 23:50:53 ----D---- C:\Windows\system32\Boot
2011-08-22 23:50:51 ----RSD---- C:\Windows\Fonts
2011-08-22 23:50:46 ----D---- C:\Program Files\Movie Maker
2011-08-22 23:19:55 ----D---- C:\Windows\Logs
2011-08-22 22:53:50 ----D---- C:\Program Files (x86)\Common Files
2011-08-22 21:06:18 ----RD---- C:\Users
2011-08-22 20:14:49 ----D---- C:\Windows\system32\LogFiles
2011-08-22 17:52:25 ----SHD---- C:\$Recycle.Bin
2011-08-22 17:15:42 ----D---- C:\Windows\system32\Tasks
2011-08-22 17:15:11 ----D---- C:\Windows\Tasks
2011-08-22 16:45:50 ----D---- C:\Windows\Cursors
2011-08-22 16:13:31 ----SD---- C:\ProgramData\Microsoft
2011-08-22 16:12:49 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-08-22 16:10:42 ----D---- C:\Windows\ShellNew
2011-08-22 16:00:58 ----D---- C:\Windows\system32\restore
2011-08-22 15:58:18 ----D---- C:\Windows\rescache
2011-08-22 15:57:03 ----D---- C:\Program Files\Windows NT
2011-08-22 15:55:00 ----D---- C:\Windows\Panther
2011-08-22 15:52:22 ----D---- C:\Windows\system32\drivers\UMDF
2011-07-30 10:40:34 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide64;amdide64; C:\Windows\system32\DRIVERS\amdide64.sys [2007-10-12 10632]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 16400]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-22 834544]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 170640]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-04 4598272]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 34144]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-01-30 1354784]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2006-10-03 51200]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 108544]
S3 akyi6aq5;akyi6aq5; C:\Windows\system32\drivers\akyi6aq5.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 6144]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 7936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-07-04 901120]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-08-22 411432]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 42360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

-----------------EOF-----------------

[Roli]

Zdravím, až se zbavíš toho CRACKED Nodu a nahradíš ho nejakým free antivirem když za něj nechceš platit můžeme pokračovat.

Do té doby

[C0R3]

Počkej proč bych se ho měl zbavovat ?

A doporučil bys mi nějakej dobrej free antivir ?

[C0R3]

Ok teď jdu ve až se vrátím odinstaluju ho

[C0R3]

Tak NOD je pryč co dál prosím

[Roli]

Počkej proč bych se ho měl zbavovat ?

A doporučil bys mi nějakej dobrej free antivir ?

Proč ?

Protože je nelegálně používán a tohle tu neřešíme.

Jinak doporučuji Avast, je free a tím pádem nemusíš nic crackovat.


Dej mi sem tedy aktuální log.txt z Rsit.

[C0R3]

Logfile of random's system information tool 1.09 (written by random/random)
Run by C0R3 at 2011-08-24 09:20:36
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 205 GB (43%) free of 477 GB
Total RAM: 4094 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:20:40, on 24.8.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\C0R3\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ICQ7.6\ICQ.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\WinRAR\RarExtLoader.exe
C:\Program Files\trend micro\C0R3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\C0R3\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6887 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
Ati2evxx.exe -Client
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {D78A1B91-501B-443C-B61F-96071C7C003A}
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-06460101-9b31-4956-812d-846414d2768e -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-45f98f75-4926-42af-a353-5c33a5ddc031 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-9ece2df4-d73c-41ba-860e-d6278e2c70d8 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ec5ea555-3755-4992-a2c2-9de7698c5aab
taskeng.exe {9DBD595A-B0C2-4082-AD67-DC490FD30512}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
"C:\Windows\RAVCpl64.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Users\C0R3\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 636 640 648 65536 644
"C:\Program Files (x86)\WinRAR\RarExtLoader.exe" RarLdrTitle209531#RarExtMapFile209531
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\C0R3\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2339401156-3218567862-1111171233-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2339401156-3218567862-1111171233-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2010-03-25 1548096]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1584184]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-01-29 5682688]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
"Google Update"=C:\Users\C0R3\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 136176]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2011-08-22 1242448]
"ICQ"=C:\Program Files (x86)\ICQ7.6\ICQ.exe [2011-08-22 127040]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-08-23 18:40:25 ----A---- C:\Windows\dd_NET_Framework35_LangPack_MSI6274.txt
2011-08-23 18:40:04 ----A---- C:\Windows\dd_depcheck_NETFX_EXP_35.txt
2011-08-23 18:39:51 ----A---- C:\Windows\uxeventlog.txt
2011-08-23 18:39:51 ----A---- C:\Windows\dd_dotnetfx35error_lp.txt
2011-08-23 18:39:50 ----A---- C:\Windows\dd_dotnetfx35install_lp.txt
2011-08-23 18:07:17 ----A---- C:\Windows\SYSWOW64\msshsq.dll
2011-08-23 18:07:17 ----A---- C:\Windows\system32\msshsq.dll
2011-08-23 17:50:49 ----A---- C:\Windows\system32\winhttp.dll
2011-08-23 17:50:48 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2011-08-23 17:50:21 ----A---- C:\Windows\SYSWOW64\sscore.dll
2011-08-23 17:50:21 ----A---- C:\Windows\system32\sscore.dll
2011-08-23 17:50:21 ----A---- C:\Windows\system32\srvsvc.dll
2011-08-23 17:50:20 ----A---- C:\Windows\SYSWOW64\netevent.dll
2011-08-23 17:50:20 ----A---- C:\Windows\system32\netevent.dll
2011-08-23 12:39:48 ----D---- C:\rsit
2011-08-23 12:39:48 ----D---- C:\Program Files\trend micro
2011-08-23 10:57:03 ----A---- C:\Windows\system32\wsepno.dll
2011-08-23 10:57:02 ----A---- C:\Windows\system32\msshooks.dll
2011-08-23 10:57:02 ----A---- C:\Windows\system32\msscb.dll
2011-08-23 10:57:01 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2011-08-23 10:57:01 ----A---- C:\Windows\SYSWOW64\msscb.dll
2011-08-23 10:57:01 ----A---- C:\Windows\SYSWOW64\mimefilt.dll
2011-08-23 10:57:01 ----A---- C:\Windows\system32\xmlfilter.dll
2011-08-23 10:57:01 ----A---- C:\Windows\system32\rtffilt.dll
2011-08-23 10:57:01 ----A---- C:\Windows\system32\propdefs.dll
2011-08-23 10:57:01 ----A---- C:\Windows\system32\mimefilt.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\thawbrkr.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\propsys.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\propdefs.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\offfilt.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\msstrc.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\korwbrkr.dll
2011-08-23 10:56:59 ----A---- C:\Windows\SYSWOW64\chsbrkr.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\thawbrkr.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\srchadmin.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\propsys.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\offfilt.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\nlhtml.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\mssprxy.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\mssitlb.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\korwbrkr.dll
2011-08-23 10:56:59 ----A---- C:\Windows\system32\chsbrkr.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\xmlfilter.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\rtffilt.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\nlhtml.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-08-23 10:56:58 ----A---- C:\Windows\SYSWOW64\chtbrkr.dll
2011-08-23 10:56:58 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-08-23 10:56:58 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-08-23 10:56:58 ----A---- C:\Windows\system32\msstrc.dll
2011-08-23 10:56:58 ----A---- C:\Windows\system32\msscntrs.dll
2011-08-23 10:56:58 ----A---- C:\Windows\system32\chtbrkr.dll
2011-08-23 10:56:57 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-08-23 10:56:57 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-08-23 10:56:57 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-08-23 10:56:57 ----A---- C:\Windows\system32\tquery.dll
2011-08-23 10:56:57 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-08-23 10:56:57 ----A---- C:\Windows\system32\mssvp.dll
2011-08-23 10:56:57 ----A---- C:\Windows\system32\mssrch.dll
2011-08-23 10:56:57 ----A---- C:\Windows\system32\mssphtb.dll
2011-08-23 10:56:57 ----A---- C:\Windows\system32\mssph.dll
2011-08-23 10:49:19 ----D---- C:\Program Files (x86)\MSXML 4.0
2011-08-23 10:40:16 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2011-08-23 10:40:16 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2011-08-23 10:40:16 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2011-08-23 10:40:16 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2011-08-23 10:40:16 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2011-08-23 10:40:16 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-08-23 10:40:16 ----A---- C:\Windows\system32\PresentationHost.exe
2011-08-23 10:40:16 ----A---- C:\Windows\system32\netfxperf.dll
2011-08-23 10:40:16 ----A---- C:\Windows\system32\mscoree.dll
2011-08-23 10:40:16 ----A---- C:\Windows\system32\dfshim.dll
2011-08-23 10:36:28 ----D---- C:\ProgramData\ATI
2011-08-23 10:21:46 ----A---- C:\Windows\system32\drivers\AtiPcie.sys
2011-08-23 10:17:11 ----D---- C:\Users\C0R3\AppData\Roaming\ATI
2011-08-23 10:12:36 ----D---- C:\Program Files (x86)\ATI Technologies
2011-08-23 10:11:32 ----A---- C:\Windows\system32\drivers\amdide64.sys
2011-08-23 10:10:59 ----D---- C:\Program Files\Common Files\ATI Technologies
2011-08-23 10:10:28 ----A---- C:\Windows\SYSWOW64\atiumdva.dat
2011-08-23 10:10:28 ----A---- C:\Windows\system32\ATIDEMGX.dll
2011-08-23 10:10:27 ----A---- C:\Windows\system32\atiumd6a.dat
2011-08-23 10:09:13 ----D---- C:\Program Files\ATI Technologies
2011-08-23 10:09:11 ----D---- C:\Program Files\ATI
2011-08-23 08:53:47 ----A---- C:\Windows\SYSWOW64\Apphlpdm.dll
2011-08-23 08:53:47 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-08-23 08:53:46 ----A---- C:\Windows\SYSWOW64\GameUXLegacyGDFs.dll
2011-08-23 08:53:46 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-08-23 08:35:14 ----A---- C:\ProgramData\NTUSER.DAT
2011-08-22 23:50:48 ----D---- C:\Windows\SYSWOW64\WindowsPowerShell
2011-08-22 23:50:47 ----D---- C:\Windows\system32\WindowsPowerShell
2011-08-22 22:53:50 ----D---- C:\ProgramData\Sun
2011-08-22 22:26:13 ----A---- C:\Windows\system32\icardres.dll
2011-08-22 22:26:12 ----A---- C:\Windows\SYSWOW64\PresentationNative_v0300.dll
2011-08-22 22:26:12 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2011-08-22 22:26:12 ----A---- C:\Windows\SYSWOW64\icardres.dll
2011-08-22 22:26:12 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2011-08-22 22:26:12 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2011-08-22 22:26:12 ----A---- C:\Windows\system32\infocardapi.dll
2011-08-22 22:26:12 ----A---- C:\Windows\system32\icardagt.exe
2011-08-22 22:26:08 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2011-08-22 22:26:08 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-08-22 22:21:43 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-08-22 22:21:43 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-08-22 22:21:43 ----A---- C:\Windows\SYSWOW64\java.exe
2011-08-22 22:21:43 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-08-22 22:18:35 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2011-08-22 22:18:35 ----A---- C:\Windows\system32\mscorier.dll
2011-08-22 22:18:33 ----A---- C:\Windows\system32\mscories.dll
2011-08-22 22:18:32 ----A---- C:\Windows\SYSWOW64\mscories.dll
2011-08-22 22:16:19 ----A---- C:\Windows\system32\browserchoice.exe
2011-08-22 22:12:22 ----A---- C:\Windows\SYSWOW64\nshhttp.dll
2011-08-22 22:12:22 ----A---- C:\Windows\system32\nshhttp.dll
2011-08-22 22:12:20 ----A---- C:\Windows\system32\httpapi.dll
2011-08-22 22:12:20 ----A---- C:\Windows\system32\drivers\http.sys
2011-08-22 22:12:19 ----A---- C:\Windows\SYSWOW64\httpapi.dll
2011-08-22 22:06:59 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-08-22 22:06:59 ----A---- C:\Windows\system32\psisdecd.dll
2011-08-22 22:04:44 ----A---- C:\Windows\SYSWOW64\winrsmgr.dll
2011-08-22 22:04:44 ----A---- C:\Windows\system32\winrsmgr.dll
2011-08-22 22:04:43 ----A---- C:\Windows\system32\wsmplpxy.dll
2011-08-22 22:04:43 ----A---- C:\Windows\system32\winrssrv.dll
2011-08-22 22:04:41 ----A---- C:\Windows\SYSWOW64\wsmplpxy.dll
2011-08-22 22:04:41 ----A---- C:\Windows\SYSWOW64\winrssrv.dll
2011-08-22 22:04:38 ----A---- C:\Windows\SYSWOW64\pwrshplugin.dll
2011-08-22 22:04:38 ----A---- C:\Windows\system32\pwrshplugin.dll
2011-08-22 22:04:37 ----A---- C:\Windows\system32\wsmprovhost.exe
2011-08-22 22:04:37 ----A---- C:\Windows\system32\winrshost.exe
2011-08-22 22:04:37 ----A---- C:\Windows\system32\winrs.exe
2011-08-22 22:04:35 ----A---- C:\Windows\SYSWOW64\WsmRes.dll
2011-08-22 22:04:35 ----A---- C:\Windows\SYSWOW64\wecutil.exe
2011-08-22 22:04:35 ----A---- C:\Windows\SYSWOW64\wecapi.dll
2011-08-22 22:04:35 ----A---- C:\Windows\system32\WsmRes.dll
2011-08-22 22:04:35 ----A---- C:\Windows\system32\wevtfwd.dll
2011-08-22 22:04:35 ----A---- C:\Windows\system32\wecutil.exe
2011-08-22 22:04:35 ----A---- C:\Windows\system32\wecsvc.dll
2011-08-22 22:04:35 ----A---- C:\Windows\system32\wecapi.dll
2011-08-22 22:04:34 ----A---- C:\Windows\SYSWOW64\wsmprovhost.exe
2011-08-22 22:04:34 ----A---- C:\Windows\SYSWOW64\winrshost.exe
2011-08-22 22:04:34 ----A---- C:\Windows\SYSWOW64\winrs.exe
2011-08-22 22:04:34 ----A---- C:\Windows\SYSWOW64\wevtfwd.dll
2011-08-22 22:04:32 ----A---- C:\Windows\SYSWOW64\winrm.vbs
2011-08-22 22:04:32 ----A---- C:\Windows\system32\winrm.vbs
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\WsmAuto.dll
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\WSManMigrationPlugin.dll
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\WSManHTTPConfig.exe
2011-08-22 22:04:31 ----A---- C:\Windows\SYSWOW64\winrscmd.dll
2011-08-22 22:04:31 ----A---- C:\Windows\system32\WsmWmiPl.dll
2011-08-22 22:04:31 ----A---- C:\Windows\system32\WsmAuto.dll
2011-08-22 22:04:31 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2011-08-22 22:04:31 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2011-08-22 22:04:31 ----A---- C:\Windows\system32\winrscmd.dll
2011-08-22 22:04:30 ----A---- C:\Windows\system32\WsmSvc.dll
2011-08-22 21:57:45 ----N---- C:\Windows\system32\MpSigStub.exe
2011-08-22 21:49:09 ----A---- C:\Windows\SYSWOW64\gameux.dll
2011-08-22 21:49:09 ----A---- C:\Windows\system32\gameux.dll
2011-08-22 21:49:05 ----A---- C:\Windows\system32\mshtml.dll
2011-08-22 21:49:03 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-22 21:49:02 ----A---- C:\Windows\system32\ieframe.dll
2011-08-22 21:49:01 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2011-08-22 21:49:01 ----A---- C:\Windows\system32\ieapfltr.dat
2011-08-22 21:48:59 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-22 21:48:59 ----A---- C:\Windows\system32\wininet.dll
2011-08-22 21:48:59 ----A---- C:\Windows\system32\urlmon.dll
2011-08-22 21:48:58 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-22 21:48:58 ----A---- C:\Windows\system32\mstime.dll
2011-08-22 21:48:57 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-22 21:48:57 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-08-22 21:48:57 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-22 21:48:56 ----A---- C:\Windows\SYSWOW64\occache.dll
2011-08-22 21:48:56 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-22 21:48:56 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-22 21:48:56 ----A---- C:\Windows\system32\occache.dll
2011-08-22 21:48:56 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-22 21:48:55 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-22 21:48:55 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-08-22 21:48:55 ----A---- C:\Windows\system32\iertutil.dll
2011-08-22 21:48:55 ----A---- C:\Windows\system32\iepeers.dll
2011-08-22 21:48:55 ----A---- C:\Windows\system32\iedkcs32.dll
2011-08-22 21:48:54 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-08-22 21:48:54 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2011-08-22 21:48:54 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2011-08-22 21:48:54 ----A---- C:\Windows\system32\ieUnatt.exe
2011-08-22 21:48:54 ----A---- C:\Windows\system32\ieapfltr.dll
2011-08-22 21:48:54 ----A---- C:\Windows\system32\ieaksie.dll
2011-08-22 21:48:53 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-22 21:48:53 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2011-08-22 21:48:53 ----A---- C:\Windows\SYSWOW64\ieencode.dll
2011-08-22 21:48:53 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-22 21:48:53 ----A---- C:\Windows\system32\ieencode.dll
2011-08-22 21:48:50 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2011-08-22 21:48:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-22 21:48:27 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2011-08-22 21:48:27 ----A---- C:\Windows\system32\ntdll.dll
2011-08-22 21:48:23 ----A---- C:\Windows\system32\rpcss.dll
2011-08-22 21:48:23 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-08-22 21:48:21 ----A---- C:\Windows\SYSWOW64\sdohlp.dll
2011-08-22 21:48:21 ----A---- C:\Windows\SYSWOW64\iasrecst.dll
2011-08-22 21:48:21 ----A---- C:\Windows\SYSWOW64\iashost.exe
2011-08-22 21:48:21 ----A---- C:\Windows\SYSWOW64\iasdatastore.dll
2011-08-22 21:48:21 ----A---- C:\Windows\SYSWOW64\iasads.dll
2011-08-22 21:48:21 ----A---- C:\Windows\system32\sdohlp.dll
2011-08-22 21:48:21 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-08-22 21:48:21 ----A---- C:\Windows\system32\iasrecst.dll
2011-08-22 21:48:21 ----A---- C:\Windows\system32\iashost.exe
2011-08-22 21:48:21 ----A---- C:\Windows\system32\iasdatastore.dll
2011-08-22 21:48:21 ----A---- C:\Windows\system32\iasads.dll
2011-08-22 21:48:13 ----A---- C:\Windows\SYSWOW64\netiohlp.dll
2011-08-22 21:48:13 ----A---- C:\Windows\system32\netiohlp.dll
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\TCPSVCS.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\ROUTE.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\NETSTAT.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\MRINFO.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\HOSTNAME.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\finger.exe
2011-08-22 21:48:12 ----A---- C:\Windows\SYSWOW64\ARP.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\TCPSVCS.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\ROUTE.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\NETSTAT.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\MRINFO.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\HOSTNAME.EXE
2011-08-22 21:48:12 ----A---- C:\Windows\system32\finger.exe
2011-08-22 21:48:12 ----A---- C:\Windows\system32\ARP.EXE
2011-08-22 21:47:39 ----A---- C:\Windows\SYSWOW64\shsvcs.dll
2011-08-22 21:47:39 ----A---- C:\Windows\system32\shsvcs.dll
2011-08-22 21:47:32 ----A---- C:\Windows\system32\wmp.dll
2011-08-22 21:47:26 ----A---- C:\Windows\SYSWOW64\wmp.dll
2011-08-22 21:47:24 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2011-08-22 21:47:23 ----A---- C:\Windows\system32\wmploc.DLL
2011-08-22 21:46:57 ----A---- C:\Windows\SYSWOW64\unregmp2.exe
2011-08-22 21:46:57 ----A---- C:\Windows\system32\unregmp2.exe
2011-08-22 21:46:36 ----A---- C:\Windows\system32\kerberos.dll
2011-08-22 21:46:35 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-08-22 21:46:19 ----A---- C:\Windows\SYSWOW64\apilogen.dll
2011-08-22 21:46:19 ----A---- C:\Windows\SYSWOW64\amxread.dll
2011-08-22 21:46:19 ----A---- C:\Windows\system32\apilogen.dll
2011-08-22 21:46:19 ----A---- C:\Windows\system32\amxread.dll
2011-08-22 21:46:13 ----A---- C:\Windows\system32\shell32.dll
2011-08-22 21:46:10 ----A---- C:\Windows\SYSWOW64\shell32.dll
2011-08-22 21:46:10 ----A---- C:\Windows\system32\shlwapi.dll
2011-08-22 21:46:09 ----A---- C:\Windows\SYSWOW64\shlwapi.dll
2011-08-22 21:46:05 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-22 21:46:05 ----A---- C:\Windows\system32\tzres.dll
2011-08-22 21:45:54 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-08-22 21:45:54 ----A---- C:\Windows\system32\oleaut32.dll
2011-08-22 21:45:53 ----A---- C:\Windows\SYSWOW64\schannel.dll
2011-08-22 21:45:53 ----A---- C:\Windows\system32\schannel.dll
2011-08-22 21:45:48 ----A---- C:\Windows\system32\ci.dll
2011-08-22 21:45:47 ----A---- C:\Windows\SYSWOW64\srclient.dll
2011-08-22 21:45:47 ----A---- C:\Windows\SYSWOW64\kbd106n.dll
2011-08-22 21:45:47 ----A---- C:\Windows\system32\srdelayed.exe
2011-08-22 21:45:47 ----A---- C:\Windows\system32\srcore.dll
2011-08-22 21:45:47 ----A---- C:\Windows\system32\srclient.dll
2011-08-22 21:45:47 ----A---- C:\Windows\system32\rstrui.exe
2011-08-22 21:45:47 ----A---- C:\Windows\system32\kbd106n.dll
2011-08-22 21:45:38 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2011-08-22 21:45:38 ----A---- C:\Windows\system32\rtutils.dll
2011-08-22 21:45:32 ----A---- C:\Windows\SYSWOW64\NlsLexicons0007.dll
2011-08-22 21:45:32 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2011-08-22 21:45:31 ----A---- C:\Windows\SYSWOW64\NlsLexicons0009.dll
2011-08-22 21:45:31 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2011-08-22 21:45:02 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2011-08-22 21:45:01 ----A---- C:\Windows\SYSWOW64\NaturalLanguage6.dll
2011-08-22 21:44:11 ----A---- C:\Windows\system32\WMVCORE.DLL
2011-08-22 21:44:10 ----A---- C:\Windows\SYSWOW64\WMVCORE.DLL
2011-08-22 21:44:10 ----A---- C:\Windows\system32\mf.dll
2011-08-22 21:44:09 ----A---- C:\Windows\SYSWOW64\mf.dll
2011-08-22 21:44:05 ----A---- C:\Windows\system32\drivers\afd.sys
2011-08-22 21:44:00 ----A---- C:\Windows\system32\rpcrt4.dll
2011-08-22 21:43:59 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2011-08-22 21:43:56 ----A---- C:\Windows\SYSWOW64\wshext.dll
2011-08-22 21:43:56 ----A---- C:\Windows\SYSWOW64\wscript.exe
2011-08-22 21:43:56 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2011-08-22 21:43:56 ----A---- C:\Windows\SYSWOW64\scrobj.dll
2011-08-22 21:43:56 ----A---- C:\Windows\SYSWOW64\cscript.exe
2011-08-22 21:43:56 ----A---- C:\Windows\system32\wshext.dll
2011-08-22 21:43:56 ----A---- C:\Windows\system32\wscript.exe
2011-08-22 21:43:56 ----A---- C:\Windows\system32\scrrun.dll
2011-08-22 21:43:56 ----A---- C:\Windows\system32\scrobj.dll
2011-08-22 21:43:56 ----A---- C:\Windows\system32\cscript.exe
2011-08-22 21:43:54 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-08-22 21:43:54 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-08-22 21:43:54 ----A---- C:\Windows\system32\vbscript.dll
2011-08-22 21:43:54 ----A---- C:\Windows\system32\jscript.dll
2011-08-22 21:43:51 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-22 21:43:50 ----A---- C:\Windows\system32\mfc42u.dll
2011-08-22 21:43:49 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2011-08-22 21:43:49 ----A---- C:\Windows\system32\mfc42.dll
2011-08-22 21:43:48 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2011-08-22 21:43:46 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2011-08-22 21:43:46 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2011-08-22 21:43:46 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-08-22 21:43:46 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-08-22 21:43:46 ----A---- C:\Windows\system32\fontsub.dll
2011-08-22 21:43:46 ----A---- C:\Windows\system32\atmlib.dll
2011-08-22 21:43:46 ----A---- C:\Windows\system32\atmfd.dll
2011-08-22 21:43:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2011-08-22 21:43:43 ----A---- C:\Windows\system32\msxml3.dll
2011-08-22 21:43:37 ----A---- C:\Windows\SYSWOW64\WSDApi.dll
2011-08-22 21:43:37 ----A---- C:\Windows\system32\WSDApi.dll
2011-08-22 21:43:36 ----A---- C:\Windows\SYSWOW64\quartz.dll
2011-08-22 21:43:36 ----A---- C:\Windows\system32\quartz.dll
2011-08-22 21:43:33 ----A---- C:\Windows\system32\comctl32.dll
2011-08-22 21:43:32 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2011-08-22 21:43:30 ----A---- C:\Windows\SYSWOW64\rastls.dll
2011-08-22 21:43:30 ----A---- C:\Windows\SYSWOW64\raschap.dll
2011-08-22 21:43:30 ----A---- C:\Windows\system32\rastls.dll
2011-08-22 21:43:30 ----A---- C:\Windows\system32\raschap.dll
2011-08-22 21:43:29 ----A---- C:\Windows\system32\emdmgmt.dll
2011-08-22 21:43:28 ----A---- C:\Windows\SYSWOW64\dataclen.dll
2011-08-22 21:43:28 ----A---- C:\Windows\system32\drivers\nwifi.sys
2011-08-22 21:43:28 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-08-22 21:43:28 ----A---- C:\Windows\system32\dataclen.dll
2011-08-22 21:43:28 ----A---- C:\Windows\system32\cdd.dll
2011-08-22 21:43:27 ----A---- C:\Windows\SYSWOW64\atl.dll
2011-08-22 21:43:27 ----A---- C:\Windows\system32\atl.dll
2011-08-22 21:43:25 ----A---- C:\Windows\SYSWOW64\connect.dll
2011-08-22 21:43:25 ----A---- C:\Windows\system32\connect.dll
2011-08-22 21:43:07 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2011-08-22 21:43:07 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-08-22 21:43:07 ----A---- C:\Windows\system32\RMActivate.exe
2011-08-22 21:43:06 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2011-08-22 21:43:06 ----A---- C:\Windows\SYSWOW64\secproc.dll
2011-08-22 21:43:06 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2011-08-22 21:43:06 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2011-08-22 21:43:06 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2011-08-22 21:43:06 ----A---- C:\Windows\system32\secproc_isv.dll
2011-08-22 21:43:06 ----A---- C:\Windows\system32\secproc.dll
2011-08-22 21:43:06 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-08-22 21:43:06 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-08-22 21:43:05 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2011-08-22 21:43:05 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2011-08-22 21:43:05 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2011-08-22 21:43:05 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-08-22 21:43:05 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-08-22 21:43:05 ----A---- C:\Windows\system32\msdrm.dll
2011-08-22 21:42:59 ----A---- C:\Windows\SYSWOW64\WMNetMgr.dll
2011-08-22 21:42:59 ----A---- C:\Windows\system32\WMNetMgr.dll
2011-08-22 21:42:58 ----A---- C:\Windows\SYSWOW64\logagent.exe
2011-08-22 21:42:58 ----A---- C:\Windows\system32\logagent.exe
2011-08-22 21:42:44 ----A---- C:\Windows\SYSWOW64\wmpdxm.dll
2011-08-22 21:42:44 ----A---- C:\Windows\system32\wmpdxm.dll
2011-08-22 21:42:43 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2011-08-22 21:42:43 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2011-08-22 21:42:43 ----A---- C:\Windows\system32\spwmp.dll
2011-08-22 21:42:43 ----A---- C:\Windows\system32\dxmasf.dll
2011-08-22 21:42:38 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2011-08-22 21:42:38 ----A---- C:\Windows\system32\msxml6.dll
2011-08-22 21:42:32 ----A---- C:\Windows\system32\drivers\srv.sys
2011-08-22 21:42:30 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-08-22 21:42:30 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-08-22 21:42:29 ----A---- C:\Windows\SYSWOW64\mfc40u.dll
2011-08-22 21:42:29 ----A---- C:\Windows\SYSWOW64\mfc40.dll
2011-08-22 21:42:27 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-08-22 21:42:27 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-22 21:42:27 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-08-22 21:42:25 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-22 21:42:25 ----A---- C:\Windows\system32\kernel32.dll
2011-08-22 21:42:23 ----A---- C:\Windows\system32\ole32.dll
2011-08-22 21:42:22 ----A---- C:\Windows\SYSWOW64\ole32.dll
2011-08-22 21:42:20 ----A---- C:\Windows\system32\win32k.sys
2011-08-22 21:42:18 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2011-08-22 21:42:18 ----A---- C:\Windows\system32\wdigest.dll
2011-08-22 21:42:18 ----A---- C:\Windows\system32\msv1_0.dll
2011-08-22 21:42:18 ----A---- C:\Windows\system32\lsasrv.dll
2011-08-22 21:42:17 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2011-08-22 21:42:17 ----A---- C:\Windows\SYSWOW64\secur32.dll
2011-08-22 21:42:17 ----A---- C:\Windows\system32\secur32.dll
2011-08-22 21:42:17 ----A---- C:\Windows\system32\lsass.exe
2011-08-22 21:42:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2011-08-22 21:42:11 ----A---- C:\Windows\system32\tsbyuv.dll
2011-08-22 21:42:11 ----A---- C:\Windows\system32\msyuv.dll
2011-08-22 21:42:11 ----A---- C:\Windows\system32\msvidc32.dll
2011-08-22 21:42:11 ----A---- C:\Windows\system32\msrle32.dll
2011-08-22 21:42:11 ----A---- C:\Windows\system32\mciavi32.dll
2011-08-22 21:42:11 ----A---- C:\Windows\system32\iyuv_32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\tsbyuv.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\msyuv.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\msvidc32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\msvfw32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\msrle32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\mciavi32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\iyuv_32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\avifil32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\SYSWOW64\avicap32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\system32\avifil32.dll
2011-08-22 21:42:10 ----A---- C:\Windows\system32\avicap32.dll
2011-08-22 21:42:09 ----A---- C:\Windows\system32\msvfw32.dll
2011-08-22 21:42:08 ----A---- C:\Windows\SYSWOW64\explorer.exe
2011-08-22 21:42:08 ----A---- C:\Windows\explorer.exe
2011-08-22 21:42:06 ----A---- C:\Windows\system32\mstscax.dll
2011-08-22 21:42:05 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2011-08-22 21:42:05 ----A---- C:\Windows\system32\mstsc.exe
2011-08-22 21:42:04 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2011-08-22 21:42:02 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-08-22 21:41:59 ----A---- C:\Windows\system32\winsrv.dll
2011-08-22 21:41:59 ----A---- C:\Windows\system32\csrsrv.dll
2011-08-22 21:41:51 ----A---- C:\Windows\system32\winresume.exe
2011-08-22 21:41:51 ----A---- C:\Windows\system32\winload.exe
2011-08-22 21:41:51 ----A---- C:\Windows\system32\setbcdlocale.dll
2011-08-22 21:41:51 ----A---- C:\Windows\system32\kdusb.dll
2011-08-22 21:41:51 ----A---- C:\Windows\system32\kdcom.dll
2011-08-22 21:41:51 ----A---- C:\Windows\system32\kd1394.dll
2011-08-22 21:41:48 ----A---- C:\Windows\SYSWOW64\odbc32.dll
2011-08-22 21:41:48 ----A---- C:\Windows\system32\odbc32.dll
2011-08-22 21:41:30 ----A---- C:\Windows\SYSWOW64\xolehlp.dll
2011-08-22 21:41:30 ----A---- C:\Windows\SYSWOW64\msdtcprx.dll
2011-08-22 21:41:30 ----A---- C:\Windows\system32\xolehlp.dll
2011-08-22 21:41:30 ----A---- C:\Windows\system32\msdtcprx.dll
2011-08-22 21:41:28 ----A---- C:\Windows\SYSWOW64\wlanmsm.dll
2011-08-22 21:41:28 ----A---- C:\Windows\SYSWOW64\L2SecHC.dll
2011-08-22 21:41:28 ----A---- C:\Windows\system32\wlansec.dll
2011-08-22 21:41:28 ----A---- C:\Windows\system32\wlanmsm.dll
2011-08-22 21:41:28 ----A---- C:\Windows\system32\L2SecHC.dll
2011-08-22 21:41:27 ----A---- C:\Windows\SYSWOW64\wlansec.dll
2011-08-22 21:41:27 ----A---- C:\Windows\system32\wlansvc.dll
2011-08-22 21:41:27 ----A---- C:\Windows\system32\wlanhlp.dll
2011-08-22 21:41:27 ----A---- C:\Windows\system32\wlanapi.dll
2011-08-22 21:41:26 ----A---- C:\Windows\SYSWOW64\wmpeffects.dll
2011-08-22 21:41:26 ----A---- C:\Windows\system32\wmpeffects.dll
2011-08-22 21:41:22 ----A---- C:\Windows\SYSWOW64\localspl.dll
2011-08-22 21:41:22 ----A---- C:\Windows\system32\localspl.dll
2011-08-22 21:41:19 ----A---- C:\Windows\SYSWOW64\wshqos.dll
2011-08-22 21:41:19 ----A---- C:\Windows\SYSWOW64\traffic.dll
2011-08-22 21:41:19 ----A---- C:\Windows\SYSWOW64\pacerprf.dll
2011-08-22 21:41:19 ----A---- C:\Windows\system32\wshqos.dll
2011-08-22 21:41:19 ----A---- C:\Windows\system32\traffic.dll
2011-08-22 21:41:19 ----A---- C:\Windows\system32\pacerprf.dll
2011-08-22 21:41:19 ----A---- C:\Windows\system32\drivers\pacer.sys
2011-08-22 21:41:14 ----A---- C:\Windows\system32\wkssvc.dll
2011-08-22 21:41:11 ----A---- C:\Windows\SYSWOW64\usp10.dll
2011-08-22 21:41:11 ----A---- C:\Windows\system32\usp10.dll
2011-08-22 21:41:06 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-08-22 21:41:06 ----A---- C:\Windows\system32\sbe.dll
2011-08-22 21:41:06 ----A---- C:\Windows\system32\EncDec.dll
2011-08-22 21:41:05 ----A---- C:\Windows\SYSWOW64\sbeio.dll
2011-08-22 21:41:05 ----A---- C:\Windows\SYSWOW64\sbe.dll
2011-08-22 21:41:05 ----A---- C:\Windows\system32\sbeio.dll
2011-08-22 21:41:03 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2011-08-22 21:41:03 ----A---- C:\Windows\system32\win32spl.dll
2011-08-22 21:41:02 ----A---- C:\Windows\system32\asycfilt.dll
2011-08-22 21:41:01 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2011-08-22 21:40:58 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2011-08-22 21:40:58 ----A---- C:\Windows\system32\gdi32.dll
2011-08-22 21:40:56 ----A---- C:\Windows\SYSWOW64\PortableDeviceApi.dll
2011-08-22 21:40:56 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2011-08-22 21:40:54 ----A---- C:\Windows\SYSWOW64\WMSPDMOD.DLL
2011-08-22 21:40:54 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2011-08-22 21:40:51 ----A---- C:\Windows\SYSWOW64\MP4SDECD.DLL
2011-08-22 21:40:51 ----A---- C:\Windows\system32\MP4SDECD.DLL
2011-08-22 21:40:50 ----A---- C:\Windows\SYSWOW64\msasn1.dll
2011-08-22 21:40:50 ----A---- C:\Windows\system32\msasn1.dll
2011-08-22 21:40:48 ----A---- C:\Windows\system32\inetcomm.dll
2011-08-22 21:40:47 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-08-22 21:40:46 ----A---- C:\Windows\system32\spoolsv.exe
2011-08-22 21:40:45 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2011-08-22 21:40:45 ----A---- C:\Windows\system32\t2embed.dll
2011-08-22 21:40:42 ----A---- C:\Windows\SYSWOW64\es.dll
2011-08-22 21:40:42 ----A---- C:\Windows\system32\es.dll
2011-08-22 21:40:39 ----A---- C:\Windows\system32\IPSECSVC.DLL
2011-08-22 21:40:38 ----A---- C:\Windows\SYSWOW64\winipsec.dll
2011-08-22 21:40:38 ----A---- C:\Windows\SYSWOW64\polstore.dll
2011-08-22 21:40:38 ----A---- C:\Windows\SYSWOW64\FwRemoteSvr.dll
2011-08-22 21:40:37 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2011-08-22 21:40:37 ----A---- C:\Windows\system32\wshrm.dll
2011-08-22 21:40:37 ----A---- C:\Windows\system32\drivers\rmcast.sys
2011-08-22 21:40:34 ----A---- C:\Windows\system32\sdclt.exe
2011-08-22 21:40:31 ----A---- C:\Windows\system32\consent.exe
2011-08-22 21:40:18 ----A---- C:\Windows\SYSWOW64\Faultrep.dll
2011-08-22 21:40:18 ----A---- C:\Windows\system32\Faultrep.dll
2011-08-22 21:40:17 ----A---- C:\Windows\system32\wersvc.dll
2011-08-22 21:40:16 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-08-22 21:34:59 ----A---- C:\Windows\system32\wmpmde.dll
2011-08-22 21:34:58 ----A---- C:\Windows\SYSWOW64\wmpmde.dll
2011-08-22 21:32:34 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2011-08-22 21:32:34 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-08-22 21:32:34 ----A---- C:\Windows\system32\taskschd.dll
2011-08-22 21:32:34 ----A---- C:\Windows\system32\taskeng.exe
2011-08-22 21:32:34 ----A---- C:\Windows\system32\taskcomp.dll
2011-08-22 21:32:34 ----A---- C:\Windows\system32\schedsvc.dll
2011-08-22 21:32:33 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2011-08-22 21:32:33 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2011-08-22 21:32:30 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2011-08-22 21:32:30 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2011-08-22 21:32:30 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-08-22 21:32:30 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-08-22 21:32:30 ----A---- C:\Windows\system32\dnsapi.dll
2011-08-22 21:32:10 ----A---- C:\Windows\SYSWOW64\PhotoMetadataHandler.dll
2011-08-22 21:32:10 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2011-08-22 21:32:10 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2011-08-22 21:32:09 ----A---- C:\Windows\SYSWOW64\WindowsCodecsExt.dll
2011-08-22 21:32:09 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2011-08-22 21:32:09 ----A---- C:\Windows\system32\WindowsCodecs.dll
2011-08-22 21:22:25 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2011-08-22 21:22:25 ----A---- C:\Windows\system32\netapi32.dll
2011-08-22 21:16:38 ----D---- C:\Program Files (x86)\ICQ6Toolbar
2011-08-22 21:16:32 ----D---- C:\ProgramData\ICQ
2011-08-22 21:15:54 ----D---- C:\Users\C0R3\AppData\Roaming\ICQ
2011-08-22 21:15:48 ----D---- C:\Program Files (x86)\ICQ7.6
2011-08-22 21:08:30 ----A---- C:\Windows\SYSWOW64\cabview.dll
2011-08-22 21:08:30 ----A---- C:\Windows\system32\cabview.dll
2011-08-22 21:08:29 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2011-08-22 21:08:29 ----A---- C:\Windows\system32\wintrust.dll
2011-08-22 21:07:18 ----D---- C:\Program Files (x86)\The KMPlayer
2011-08-22 21:03:15 ----D---- C:\Users\C0R3\AppData\Roaming\CyberLink
2011-08-22 21:01:48 ----D---- C:\ProgramData\CyberLink
2011-08-22 21:01:24 ----N---- C:\Windows\SYSWOW64\msxml3a.dll
2011-08-22 21:01:06 ----N---- C:\Windows\SYSWOW64\msvcr71.dll
2011-08-22 21:01:06 ----N---- C:\Windows\SYSWOW64\msvcp71.dll
2011-08-22 21:01:05 ----D---- C:\Program Files (x86)\CyberLink
2011-08-22 20:40:10 ----D---- C:\Program Files (x86)\Java
2011-08-22 20:39:14 ----D---- C:\Program Files (x86)\ESET
2011-08-22 20:28:27 ----D---- C:\Users\C0R3\AppData\Roaming\ESET
2011-08-22 20:19:37 ----D---- C:\ProgramData\KONAMI
2011-08-22 20:19:37 ----D---- C:\Program Files (x86)\KONAMI
2011-08-22 20:04:45 ----D---- C:\Program Files (x86)\Steam
2011-08-22 19:40:59 ----D---- C:\Windows\SYSWOW64\Macromed
2011-08-22 17:28:45 ----D---- C:\Users\C0R3\AppData\Roaming\Macromedia
2011-08-22 17:28:45 ----D---- C:\Users\C0R3\AppData\Roaming\Adobe
2011-08-22 17:16:29 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar
2011-08-22 17:16:04 ----A---- C:\Windows\system32\drivers\sptd.sys
2011-08-22 17:15:38 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-08-22 17:15:28 ----D---- C:\Users\C0R3\AppData\Roaming\DAEMON Tools Lite
2011-08-22 17:15:25 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-08-22 17:15:15 ----D---- C:\Users\C0R3\AppData\Roaming\WinRAR
2011-08-22 17:12:01 ----D---- C:\Program Files (x86)\WinRAR
2011-08-22 17:11:22 ----D---- C:\Users\C0R3\AppData\Roaming\Mozilla
2011-08-22 17:10:48 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-22 17:01:27 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2011-08-22 17:01:16 ----D---- C:\Windows\SYSWOW64\RTCOM
2011-08-22 17:00:48 ----A---- C:\Windows\DIFxAPI.dll
2011-08-22 17:00:46 ----A---- C:\Windows\system32\SRSWOW64.dll
2011-08-22 17:00:46 ----A---- C:\Windows\system32\SRSTSX64.dll
2011-08-22 17:00:46 ----A---- C:\Windows\system32\SRSTSH64.dll
2011-08-22 17:00:46 ----A---- C:\Windows\system32\SRSHP64.dll
2011-08-22 17:00:46 ----A---- C:\Windows\SkyTel.exe
2011-08-22 17:00:46 ----A---- C:\Windows\RtlUpd64.exe
2011-08-22 17:00:45 ----A---- C:\Windows\system32\RtPgEx64.dll
2011-08-22 17:00:45 ----A---- C:\Windows\system32\RtkAPO64.dll
2011-08-22 17:00:45 ----A---- C:\Windows\system32\RtkApi64.dll
2011-08-22 17:00:44 ----A---- C:\Windows\system32\RCoInst64.dll
2011-08-22 17:00:44 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2011-08-22 17:00:43 ----A---- C:\Windows\RAVCpl64.exe
2011-08-22 17:00:42 ----D---- C:\Program Files (x86)\Realtek
2011-08-22 17:00:41 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-22 17:00:40 ----A---- C:\Windows\HideWin.exe
2011-08-22 17:00:39 ----R---- C:\Windows\RtlExUpd.dll
2011-08-22 16:58:17 ----D---- C:\Users\C0R3\AppData\Roaming\Nero
2011-08-22 16:49:48 ----D---- C:\Program Files (x86)\NeroInstall.bak
2011-08-22 16:48:12 ----A---- C:\Windows\Irremote.ini
2011-08-22 16:46:45 ----RAS---- C:\BOOTSECT.BAK
2011-08-22 16:46:43 ----SHD---- C:\Boot
2011-08-22 16:45:54 ----D---- C:\ProgramData\Nero
2011-08-22 16:45:54 ----D---- C:\Program Files (x86)\Nero
2011-08-22 16:43:18 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-08-22 16:43:18 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-08-22 16:13:54 ----D---- C:\Program Files (x86)\Microsoft Works
2011-08-22 16:13:40 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-08-22 16:13:31 ----D---- C:\Windows\PCHEALTH
2011-08-22 16:13:31 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-08-22 16:10:57 ----D---- C:\Program Files\Microsoft Office
2011-08-22 16:10:16 ----D---- C:\ProgramData\Microsoft Help
2011-08-22 16:10:16 ----D---- C:\Program Files (x86)\Microsoft Office
2011-08-22 16:10:13 ----SHD---- C:\Windows\Installer
2011-08-22 16:09:59 ----RHD---- C:\MSOCache
2011-08-22 16:01:33 ----A---- C:\Windows\system32\wups2.dll
2011-08-22 16:01:33 ----A---- C:\Windows\system32\wucltux.dll
2011-08-22 16:01:33 ----A---- C:\Windows\system32\wuaueng.dll
2011-08-22 16:01:33 ----A---- C:\Windows\system32\wuauclt.exe
2011-08-22 16:01:19 ----A---- C:\Windows\SYSWOW64\wups.dll
2011-08-22 16:01:19 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2011-08-22 16:01:19 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2011-08-22 16:01:19 ----A---- C:\Windows\system32\wups.dll
2011-08-22 16:01:19 ----A---- C:\Windows\system32\wudriver.dll
2011-08-22 16:01:19 ----A---- C:\Windows\system32\wuapi.dll
2011-08-22 16:01:09 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2011-08-22 16:01:09 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2011-08-22 16:01:09 ----A---- C:\Windows\system32\wuwebv.dll
2011-08-22 16:01:09 ----A---- C:\Windows\system32\wuapp.exe
2011-08-22 15:59:39 ----D---- C:\Users\C0R3\AppData\Roaming\Identities
2011-08-22 15:59:30 ----D---- C:\Users\C0R3\AppData\Roaming\Media Center Programs
2011-08-22 15:59:29 ----SD---- C:\Users\C0R3\AppData\Roaming\Microsoft
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Šablony
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Plocha
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Oblíbené položky
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Nabídka Start
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Dokumenty
2011-08-22 15:57:03 ----SHD---- C:\ProgramData\Data aplikací
2011-08-22 15:56:27 ----D---- C:\Windows\Debug
2011-08-22 15:51:55 ----D---- C:\Windows\SoftwareDistribution
2011-08-22 15:47:35 ----D---- C:\Windows\Prefetch
2011-08-22 15:47:33 ----SHD---- C:\System Volume Information
2011-08-22 15:47:33 ----ASH---- C:\pagefile.sys

======List of files/folders modified in the last 1 month======

2011-08-24 09:20:39 ----D---- C:\Windows\Temp
2011-08-23 22:13:28 ----D---- C:\Windows\system32\WDI
2011-08-23 20:06:58 ----D---- C:\Windows\System32
2011-08-23 20:06:58 ----D---- C:\Windows\inf
2011-08-23 20:06:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-23 19:39:58 ----HD---- C:\ProgramData
2011-08-23 19:39:55 ----RD---- C:\Program Files
2011-08-23 19:39:53 ----D---- C:\Windows\system32\drivers
2011-08-23 19:39:53 ----D---- C:\Windows\system32\catroot
2011-08-23 18:47:03 ----D---- C:\Windows\Microsoft.NET
2011-08-23 18:43:31 ----D---- C:\Windows\rescache
2011-08-23 18:41:04 ----D---- C:\Windows
2011-08-23 18:41:00 ----RSD---- C:\Windows\assembly
2011-08-23 18:35:37 ----D---- C:\Windows\winsxs
2011-08-23 18:23:29 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-23 18:23:29 ----D---- C:\Windows\SysWOW64
2011-08-23 18:23:29 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-08-23 18:23:29 ----D---- C:\Windows\system32\cs-CZ
2011-08-23 18:05:40 ----D---- C:\Windows\system32\catroot2
2011-08-23 11:10:07 ----D---- C:\Program Files\Windows Media Player
2011-08-23 11:10:07 ----D---- C:\Program Files (x86)\Windows Media Player
2011-08-23 11:10:04 ----D---- C:\Windows\SYSWOW64\wbem
2011-08-23 11:10:04 ----D---- C:\Windows\system32\wbem
2011-08-23 11:10:02 ----D---- C:\Windows\PolicyDefinitions
2011-08-23 11:10:00 ----D---- C:\Windows\SYSWOW64\migration
2011-08-23 11:10:00 ----D---- C:\Program Files\Internet Explorer
2011-08-23 11:10:00 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-23 11:09:58 ----D---- C:\Windows\system32\migration
2011-08-23 11:09:55 ----D---- C:\Windows\ehome
2011-08-23 11:09:53 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-08-23 11:09:53 ----D---- C:\Windows\system32\manifeststore
2011-08-23 11:09:53 ----D---- C:\Windows\AppPatch
2011-08-23 11:09:44 ----D---- C:\Windows\SYSWOW64\XPSViewer
2011-08-23 10:49:19 ----RD---- C:\Program Files (x86)
2011-08-23 10:10:59 ----D---- C:\Program Files\Common Files
2011-08-23 08:47:45 ----SD---- C:\Windows\Downloaded Program Files
2011-08-22 23:51:01 ----D---- C:\Program Files\Windows Mail
2011-08-22 23:51:01 ----D---- C:\Program Files (x86)\Windows Mail
2011-08-22 23:50:59 ----D---- C:\Windows\SYSWOW64\en-US
2011-08-22 23:50:59 ----D---- C:\Windows\system32\en-US
2011-08-22 23:50:53 ----D---- C:\Windows\system32\Boot
2011-08-22 23:50:51 ----RSD---- C:\Windows\Fonts
2011-08-22 23:50:46 ----D---- C:\Program Files\Movie Maker
2011-08-22 23:19:55 ----D---- C:\Windows\Logs
2011-08-22 22:53:50 ----D---- C:\Program Files (x86)\Common Files
2011-08-22 21:06:18 ----RD---- C:\Users
2011-08-22 20:14:49 ----D---- C:\Windows\system32\LogFiles
2011-08-22 17:52:25 ----SHD---- C:\$Recycle.Bin
2011-08-22 17:15:42 ----D---- C:\Windows\system32\Tasks
2011-08-22 17:15:11 ----D---- C:\Windows\Tasks
2011-08-22 16:45:50 ----D---- C:\Windows\Cursors
2011-08-22 16:13:31 ----SD---- C:\ProgramData\Microsoft
2011-08-22 16:12:49 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-08-22 16:10:42 ----D---- C:\Windows\ShellNew
2011-08-22 16:00:58 ----D---- C:\Windows\system32\restore
2011-08-22 15:57:03 ----D---- C:\Program Files\Windows NT
2011-08-22 15:55:00 ----D---- C:\Windows\Panther
2011-08-22 15:52:22 ----D---- C:\Windows\system32\drivers\UMDF
2011-07-30 10:40:34 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide64;amdide64; C:\Windows\system32\DRIVERS\amdide64.sys [2007-10-12 10632]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 16400]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-22 834544]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-04 4598272]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-01-30 1354784]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2006-10-03 51200]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 108544]
S3 a7fnfk3q;a7fnfk3q; C:\Windows\system32\drivers\a7fnfk3q.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 6144]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 7936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-07-04 901120]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-08-22 411432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

-----------------EOF-----------------

Tady je ten log, já jsem slyšel že avast je trochu paranoidní a že nemá zrovna dobré detekční schopnosti, lae nevím co je na to pravdy. A jaký avast bys doporučil

[C0R3]

po pužití programu RogueKiller (2)

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User: C0R3 [Admin rights]
Mode: Remove -- Date : 08/24/2011 13:44:28

Bad processes: 0

Registry Entries: 0

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Možnost 3)

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User: C0R3 [Admin rights]
Mode: HOSTSFix -- Date : 08/24/2011 13:44:48

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
::1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

možnost č 4)

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User: C0R3 [Admin rights]
Mode: ProxyFix -- Date : 08/24/2011 13:45:25

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


a č 5)

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User: C0R3 [Admin rights]
Mode: DNSFix -- Date : 08/24/2011 13:45:47

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt


Je to v pořádku

[Roli]

Avast ve verzi free je velice slušný antivir a ještě se mi nestalo že by hlásil nějaké nesmysli a to dostává sakra zabrat.

Tohle fixni v HJT :

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Users\C0R3\AppData\Local\Google\Update\GoogleUpdate.exe" /c

HJT najdeš zde :

C:\Program Files\trend micro\C0R3.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

ICQ Service

NMIndexingService

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Přes Změnit odebrat programy (nebo jak to zas je ve Vistě) odinstaluj ICQ6Toolbar


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[C0R3]

tady je to

ComboFix 11-08-23.03 - C0R3 24.08.2011 14:37:40.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.4094.2221 [GMT 2:00]
Spuštěný z: c:\users\C0R3\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-24 do 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-24 12:42 . 2011-08-24 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-24 12:08 . 2011-08-24 12:08 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-08-24 12:08 . 2011-08-24 12:08 -------- d-----r- c:\program files (x86)\Skype
2011-08-24 12:08 . 2011-08-24 12:08 -------- d-----w- c:\programdata\Skype
2011-08-23 16:07 . 2010-09-20 12:14 316416 ----a-w- c:\windows\system32\msshsq.dll
2011-08-23 16:07 . 2010-09-20 09:25 231936 ----a-w- c:\windows\SysWow64\msshsq.dll
2011-08-23 15:50 . 2009-08-24 12:24 442368 ----a-w- c:\windows\system32\winhttp.dll
2011-08-23 15:50 . 2009-08-24 12:16 378368 ----a-w- c:\windows\SysWow64\winhttp.dll
2011-08-23 15:50 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E18E84C-1BB1-4822-AC1B-6011319FDF9B}\mpengine.dll
2011-08-23 15:50 . 2009-11-04 04:20 32256 ----a-w- c:\windows\system32\drivers\cs-CZ\http.sys.mui
2011-08-23 15:50 . 2010-09-06 16:24 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-08-23 15:50 . 2010-09-06 15:59 179712 ----a-w- c:\windows\system32\srvsvc.dll
2011-08-23 15:50 . 2010-09-06 15:59 12288 ----a-w- c:\windows\system32\sscore.dll
2011-08-23 15:50 . 2010-09-06 16:23 17920 ----a-w- c:\windows\SysWow64\netevent.dll
2011-08-23 15:50 . 2010-09-06 15:57 17920 ----a-w- c:\windows\system32\netevent.dll
2011-08-23 10:39 . 2011-08-24 12:32 -------- d-----w- c:\program files\trend micro
2011-08-23 10:39 . 2011-08-23 10:55 -------- d-----w- C:\rsit
2011-08-23 08:56 . 2008-05-27 05:21 181248 ----a-w- c:\windows\system32\nlhtml.dll
2011-08-23 08:49 . 2011-08-23 08:49 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-08-23 08:40 . 2009-11-08 08:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-08-23 08:40 . 2009-11-08 08:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-08-23 08:40 . 2009-11-08 08:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-23 08:40 . 2009-11-08 08:55 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-08-23 08:40 . 2009-11-08 08:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-23 08:40 . 2009-11-08 08:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-08-23 08:40 . 2009-11-08 08:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-08-23 08:40 . 2009-11-08 08:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-08-23 08:40 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-08-23 08:40 . 2009-11-08 08:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-23 08:36 . 2011-08-23 08:36 -------- d-----w- c:\programdata\ATI
2011-08-23 08:21 . 2008-04-28 13:25 16400 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2011-08-23 08:16 . 2011-08-23 08:16 0 ----a-w- c:\windows\ativpsrm.bin
2011-08-23 08:12 . 2011-08-23 08:26 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-08-23 08:11 . 2007-10-12 01:40 10632 ----a-w- c:\windows\system32\drivers\amdide64.sys
2011-08-23 08:10 . 2011-08-23 08:10 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-08-23 08:10 . 2008-07-04 03:37 421888 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-08-23 08:09 . 2011-08-23 08:24 -------- d-----w- c:\program files\ATI Technologies
2011-08-23 08:09 . 2011-08-23 08:09 -------- d-----w- c:\program files\ATI
2011-08-23 06:53 . 2011-03-03 15:06 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-08-23 06:53 . 2011-03-03 14:56 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-08-23 06:53 . 2011-03-03 13:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-08-23 06:53 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-08-22 20:53 . 2011-08-22 20:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-22 20:26 . 2008-06-20 01:16 49160 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-08-22 20:26 . 2008-06-20 01:14 37384 ----a-w- c:\windows\SysWow64\infocardcpl.cpl
2011-08-22 20:26 . 2008-06-20 01:16 11264 ----a-w- c:\windows\system32\icardres.dll
2011-08-22 20:26 . 2008-06-20 01:17 1168928 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-08-22 20:26 . 2008-06-20 01:16 167432 ----a-w- c:\windows\system32\infocardapi.dll
2011-08-22 20:26 . 2008-06-20 01:16 1383936 ----a-w- c:\windows\system32\icardagt.exe
2011-08-22 20:26 . 2008-06-20 01:14 781344 ----a-w- c:\windows\SysWow64\PresentationNative_v0300.dll
2011-08-22 20:26 . 2008-06-20 01:14 97800 ----a-w- c:\windows\SysWow64\infocardapi.dll
2011-08-22 20:26 . 2008-06-20 01:14 11264 ----a-w- c:\windows\SysWow64\icardres.dll
2011-08-22 20:26 . 2008-06-20 01:14 622080 ----a-w- c:\windows\SysWow64\icardagt.exe
2011-08-22 20:26 . 2008-06-20 01:17 126520 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-08-22 20:26 . 2008-06-20 01:14 105016 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2011-08-22 20:21 . 2011-05-04 02:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-22 20:18 . 2008-07-27 18:03 158720 ----a-w- c:\windows\SysWow64\mscorier.dll
2011-08-22 20:18 . 2008-07-27 18:01 158208 ----a-w- c:\windows\system32\mscorier.dll
2011-08-22 20:18 . 2008-07-27 18:01 76288 ----a-w- c:\windows\system32\mscories.dll
2011-08-22 20:18 . 2008-07-27 18:03 83968 ----a-w- c:\windows\SysWow64\mscories.dll
2011-08-22 20:16 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-08-22 20:12 . 2010-02-20 23:44 32768 ----a-w- c:\windows\system32\nshhttp.dll
2011-08-22 20:12 . 2010-02-20 23:39 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
2011-08-22 20:12 . 2010-02-20 23:42 33792 ----a-w- c:\windows\system32\httpapi.dll
2011-08-22 20:12 . 2010-02-20 21:40 610304 ----a-w- c:\windows\system32\drivers\http.sys
2011-08-22 20:12 . 2010-02-20 23:37 31232 ----a-w- c:\windows\SysWow64\httpapi.dll
2011-08-22 20:07 . 2010-04-14 18:33 101376 ----a-w- c:\windows\system32\MSNP.ax
2011-08-22 20:07 . 2010-04-14 17:46 80896 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-08-22 20:07 . 2008-04-23 05:05 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-08-22 20:07 . 2008-04-23 04:41 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-08-22 20:06 . 2010-04-14 18:35 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-22 20:06 . 2010-04-14 18:35 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-22 20:06 . 2010-04-14 17:47 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-08-22 20:06 . 2010-04-14 17:47 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-08-22 19:57 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-22 19:51 . 2008-04-30 05:56 589824 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-08-22 19:51 . 2008-04-30 05:36 454656 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadce.dll
2011-08-22 19:49 . 2008-03-08 04:42 1926656 ----a-w- c:\windows\system32\gameux.dll
2011-08-22 19:49 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\SysWow64\gameux.dll
2011-08-22 19:47 . 2010-09-10 16:35 168960 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2011-08-22 19:47 . 2010-09-10 15:51 171008 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-08-22 19:47 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\SysWow64\wmploc.DLL
2011-08-22 19:47 . 2010-09-10 15:52 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2011-08-22 19:45 . 2010-12-20 16:06 847872 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-22 19:44 . 2009-06-10 12:23 3547136 ----a-w- c:\windows\system32\mf.dll
2011-08-22 19:44 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\SysWow64\mf.dll
2011-08-22 19:44 . 2011-04-21 13:42 407552 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-22 19:44 . 2010-06-17 17:55 16361984 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-08-22 19:44 . 2010-06-17 16:29 150528 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-08-22 19:44 . 2009-10-14 15:24 27136 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2011-08-22 19:44 . 2009-04-23 13:18 1280512 ----a-w- c:\windows\system32\rpcrt4.dll
2011-08-22 19:42 . 2008-06-23 02:14 1245184 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-08-22 19:41 . 2011-04-20 15:16 450048 ----a-w- c:\windows\system32\winsrv.dll
2011-08-22 19:40 . 2009-10-23 17:42 714240 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-08-22 19:34 . 2010-08-20 15:56 1090048 ----a-w- c:\windows\system32\wmpmde.dll
2011-08-22 19:34 . 2010-08-20 15:21 866816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2011-08-22 19:16 . 2011-08-22 19:16 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2011-08-22 19:16 . 2011-08-22 19:16 -------- d-----w- c:\programdata\ICQ
2011-08-22 19:15 . 2011-08-22 19:22 -------- d-----w- c:\program files (x86)\ICQ7.6
2011-08-22 19:08 . 2010-01-15 00:04 98304 ----a-w- c:\windows\SysWow64\cabview.dll
2011-08-22 19:08 . 2010-01-13 18:34 104960 ----a-w- c:\windows\system32\cabview.dll
2011-08-22 19:08 . 2009-12-23 12:43 171520 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-08-22 19:08 . 2009-12-23 12:39 218112 ----a-w- c:\windows\system32\wintrust.dll
2011-08-22 19:07 . 2011-08-22 19:07 -------- d-----w- c:\program files (x86)\The KMPlayer
2011-08-22 19:01 . 2011-08-22 19:01 -------- d-----w- c:\programdata\CyberLink
2011-08-22 19:01 . 2001-03-08 16:30 24064 ------w- c:\windows\SysWow64\msxml3a.dll
2011-08-22 19:01 . 2003-03-18 18:14 499712 ------w- c:\windows\SysWow64\msvcp71.dll
2011-08-22 19:01 . 2003-02-21 02:42 348160 ------w- c:\windows\SysWow64\msvcr71.dll
2011-08-22 19:01 . 2011-08-22 19:06 -------- d-----w- c:\program files (x86)\CyberLink
2011-08-22 18:40 . 2011-08-22 20:21 -------- d-----w- c:\program files (x86)\Java
2011-08-22 18:39 . 2011-08-23 17:39 -------- d-----w- c:\program files (x86)\ESET
2011-08-22 18:36 . 2011-08-22 18:36 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-08-22 18:19 . 2011-08-23 12:10 -------- d-----w- c:\program files (x86)\KONAMI
2011-08-22 18:19 . 2011-08-22 18:19 -------- d-----w- c:\programdata\KONAMI
2011-08-22 18:04 . 2011-08-24 12:58 -------- d-----w- c:\program files (x86)\Steam
2011-08-22 17:40 . 2011-08-23 06:47 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-22 17:40 . 2011-08-22 17:40 -------- d-----w- c:\windows\SysWow64\Macromed
2011-08-22 15:51 . 2011-08-22 15:52 -------- d-----w- c:\users\Pavel
2011-08-22 15:16 . 2011-08-22 15:16 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar
2011-08-22 15:16 . 2011-08-22 15:16 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-22 15:15 . 2011-08-22 15:16 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-08-22 15:15 . 2011-08-22 15:15 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-08-22 15:01 . 2008-01-16 09:25 126464 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2011-08-22 15:01 . 2011-08-22 15:01 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-08-22 14:50 . 2011-08-22 14:50 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-22 1242448]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-08-22 127040]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339401156-3218567862-1111171233-1000Core.job
- c:\users\C0R3\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 15:15]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339401156-3218567862-1111171233-1000UA.job
- c:\users\C0R3\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 15:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-29 5682688]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
mLocal Page = %SystemRoot%\system32\blank.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\C0R3\AppData\Roaming\Mozilla\Firefox\Profiles\cy141fld.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://atlas.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Celkový čas: 2011-08-24 15:02:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-24 13:02
.
Před spuštěním: Volných bajtů: 211 015 094 272
Po spuštění: Volných bajtů: 210 816 397 312
.
- - End Of File - - 4BBE2CD6A41753EBC42B36C905E1A4D9

Ještě se něco dělá dál nebo už je to v pořádku

[Roli]

Ještě to promažeme, ComboFix není automat.

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::
c:\program files (x86)\ICQ6Toolbar
c:\program files (x86)\ESET

FireFox::
FF - ProfilePath - c:\users\C0R3\AppData\Roaming\Mozilla\Firefox\Profiles\cy141fld.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[C0R3]

Objevila se mi na ploše ikona s dokumentama můžu jí smazat

Tady je ten log, do jedné zprávy se to nevešlo tak sem to udělal takto vyhovuje

Kód: Vybrat vše

http://www.edisk.cz/stahni/02929/ComboFix.txt_390.97KB.html

[Roli]

Objevila se mi na ploše ikona s dokumentama můžu jí smazat

Nevím co v té složce je tak se tam podívej a sám rozhodni co s ní.


Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Dále použij Mbam z mého podpisu, při výběru skenu vyber volbu kompletní a pak mi sem z něj dej log, předem nic nemazat !!!

[C0R3]

Kterou možnost mám dát v programu T-Cleaner

A pak je to vše

Díky

[Roli]

Kterou možnost mám dát v programu T-Cleaner

Tam moc možností na výběr není A pokračovat N ukončit

A pak je to vše

Nee ještě bych rád ten log z Mbam jak jsem psal.