kontrola PC po odstranení virusu "Policia SR"

[Jochanan]

Zdravím. Včera mi PC zablokoval vírus "polícia SR vám zamkla PC". Mám Windows XP. Zablokoval mi dokonca aj núdzový režim. Odstránil som ho cez núdzovy režim - DOS. Vrátil som bod obnovy do predošleho dňa. PC som vyčitil, ale chcel by som ešte pozrieť logy. Vďaka.

Len neviem, ktorý program mám použiť na vytvorenie logu. Ktorý je najvhodnejší.

[Rudy]

Také zdravím!
Dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

[Jochanan]

Prepáčte za oneskorenie. Tu je log.
Logfile of random's system information tool 1.09 (written by random/random)
Run by PC at 2012-12-30 18:04:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 78 GB (76%) free of 102 GB
Total RAM: 3326 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:05:46, on 30.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17115)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC\Desktop\RSIT.exe
C:\Program Files\trend micro\PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://socialgames.splashtop.com/redire ... 83&l=sk-SK
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -b
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7119 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\lknzdyni.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-13 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-13 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2010-01-18 33714176]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 98304]
"Six Engine"=C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03 5756544]
"BCU"=C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [2010-03-05 411864]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-12-11 384800]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"RemoteControl11"=C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe [2012-09-18 236656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2012-12-06 322352]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-11-09 17877168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 159744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe"="C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe:*:Enabled:CyberLink PowerDVD 11.0"
"C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe"="C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe:*:Enabled:CyberLink PowerDVD 11.0 RC Service"
"C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe"="C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe:*:Enabled:CyberLink Media Server"
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe"="C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe:*:Enabled:CyberLink PowerDVD 11.0"
"C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe"="C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe:*:Enabled:CyberLink PowerDVD 11.0 RC Service"
"C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe"="C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe:*:Enabled:CyberLink Media Server"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-12-30 18:04:48 ----D---- C:\rsit
2012-12-30 18:04:48 ----D---- C:\Program Files\trend micro
2012-12-29 22:04:05 ----D---- C:\Documents and Settings\PC\Application Data\Malwarebytes
2012-12-29 22:03:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-12-29 22:01:19 ----A---- C:\TDSSKiller.2.8.15.0_29.12.2012_22.01.19_log.txt
2012-12-29 21:56:50 ----A---- C:\AdwCleaner[S1].txt
2012-12-29 21:56:21 ----A---- C:\AdwCleaner[R1].txt
2012-12-29 17:43:00 ----D---- C:\WINDOWS\CSC
2012-12-29 17:38:14 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-12-29 17:37:29 ----A---- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js
2012-12-27 21:36:38 ----A---- C:\WINDOWS\system32\drivers\appliand.sys
2012-12-27 21:36:33 ----D---- C:\Program Files\Applian Technologies
2012-12-27 21:34:44 ----D---- C:\Documents and Settings\All Users\Application Data\Applian
2012-12-27 04:45:52 ----D---- C:\WINDOWS\WBEM
2012-12-27 04:41:31 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe
2012-12-27 04:41:31 ----N---- C:\WINDOWS\system32\msfeedssync.exe
2012-12-27 04:41:31 ----N---- C:\WINDOWS\system32\ieui.dll
2012-12-27 04:41:31 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2012-12-27 04:41:31 ----A---- C:\WINDOWS\system32\msfeeds.dll
2012-12-27 04:41:31 ----A---- C:\WINDOWS\system32\ieudinit.exe
2012-12-27 04:41:31 ----A---- C:\WINDOWS\system32\iertutil.dll
2012-12-27 04:41:31 ----A---- C:\WINDOWS\system32\ieframe.dll
2012-12-27 04:41:30 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2012-12-27 04:41:30 ----A---- C:\WINDOWS\system32\icardie.dll
2012-12-26 11:37:34 ----D---- C:\Program Files\netmeeting
2012-12-26 11:35:49 ----SD---- C:\found.001
2012-12-23 01:46:17 ----D---- C:\Program Files\CyberLink
2012-12-22 03:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$
2012-12-20 23:22:21 ----D---- C:\WINDOWS\Sun
2012-12-19 14:39:04 ----A---- C:\WINDOWS\GraphEdt.INI
2012-12-18 23:46:57 ----D---- C:\Documents and Settings\All Users\Application Data\Protexis
2012-12-18 23:46:19 ----A---- C:\WINDOWS\system32\drivers\regi.sys
2012-12-18 23:46:00 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2012-12-18 23:45:57 ----D---- C:\WINDOWS\Logs
2012-12-17 03:40:59 ----D---- C:\Documents and Settings\All Users\Application Data\PDVD
2012-12-17 03:38:30 ----D---- C:\Documents and Settings\All Users\Application Data\install_clap
2012-12-16 17:35:32 ----D---- C:\Program Files\CyberLink(2)
2012-12-16 03:20:33 ----D---- C:\WINDOWS\system32\sk-SK
2012-12-16 03:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2012-12-16 03:10:44 ----D---- C:\WINDOWS\ie7updates
2012-12-16 03:09:05 ----HDC---- C:\WINDOWS\ie7
2012-12-16 03:08:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2012-12-16 03:08:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2012-12-14 19:57:00 ----D---- C:\Documents and Settings\PC\Application Data\Replay Media Catcher 4
2012-12-13 23:28:43 ----SD---- C:\found.000
2012-12-13 03:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2012-12-13 03:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2012-12-13 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2012-12-13 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842$
2012-12-13 03:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2012-12-13 03:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2761465$
2012-12-13 00:54:34 ----D---- C:\Program Files\Common Files\Java
2012-12-13 00:54:34 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2012-12-13 00:54:28 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2012-12-13 00:54:28 ----A---- C:\WINDOWS\system32\javaws.exe
2012-12-13 00:54:28 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-12-13 00:54:18 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2012-12-13 00:54:18 ----A---- C:\WINDOWS\system32\javaw.exe
2012-12-13 00:54:18 ----A---- C:\WINDOWS\system32\java.exe
2012-12-13 00:54:09 ----D---- C:\Program Files\Java
2012-12-13 00:53:40 ----D---- C:\Documents and Settings\PC\Application Data\Sun
2012-12-13 00:51:52 ----D---- C:\Program Files\Common Files\i4j_jres
2012-12-11 03:40:09 ----D---- C:\Documents and Settings\All Users\Application Data\Mozilla
2012-12-11 03:40:08 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-12-08 20:11:48 ----A---- C:\WINDOWS\system32\muweb.dll
2012-12-08 20:11:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2012-12-08 19:21:19 ----D---- C:\Program Files\OpenXML-ODF Translator
2012-12-08 17:48:02 ----D---- C:\Program Files\Foxit Software
2012-12-08 16:32:34 ----D---- C:\Documents and Settings\PC\Application Data\Skype
2012-12-08 16:32:28 ----RD---- C:\Program Files\Skype
2012-12-08 16:32:28 ----D---- C:\Program Files\Common Files\Skype
2012-12-08 16:32:19 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2012-12-08 02:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2012-12-08 02:41:05 ----D---- C:\Documents and Settings\PC\Application Data\DVDFab
2012-12-08 02:40:27 ----D---- C:\Documents and Settings\All Users\Application Data\dvdfab
2012-12-08 02:39:01 ----D---- C:\Program Files\DVDFab 8 Qt
2012-12-07 03:46:58 ----D---- C:\WINDOWS\system32\XPSViewer
2012-12-07 03:46:56 ----D---- C:\Program Files\MSBuild
2012-12-07 03:46:52 ----D---- C:\Program Files\Reference Assemblies
2012-12-07 03:46:35 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2012-12-07 03:46:35 ----N---- C:\WINDOWS\system32\prntvpt.dll
2012-12-07 03:46:34 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2012-12-07 03:05:26 ----D---- C:\Documents and Settings\PC\Application Data\Ashampoo
2012-12-07 03:05:18 ----D---- C:\Documents and Settings\All Users\Application Data\ashampoo
2012-12-07 03:05:13 ----D---- C:\Program Files\Ashampoo
2012-12-06 17:18:46 ----D---- C:\torrenty
2012-12-06 17:14:29 ----D---- C:\Program Files\uTorrent
2012-12-06 17:13:59 ----D---- C:\Documents and Settings\PC\Application Data\uTorrent
2012-12-06 16:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2012-12-06 16:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2012-12-06 16:50:51 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2012-12-06 16:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2012-12-06 16:50:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2012-12-06 16:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2012-12-06 16:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2012-12-06 16:50:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2012-12-06 16:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2012-12-06 16:50:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2012-12-06 16:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2012-12-06 16:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2012-12-06 16:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2012-12-06 16:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-12-06 16:50:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-12-06 16:50:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-12-06 16:50:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2012-12-06 16:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-12-06 16:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2012-12-06 16:49:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2012-12-06 16:49:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2012-12-06 16:49:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2012-12-06 16:49:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2012-12-06 16:49:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2012-12-06 16:49:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2012-12-06 16:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2012-12-06 16:49:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-12-06 16:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2012-12-06 16:49:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2012-12-06 16:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2012-12-06 16:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2012-12-06 16:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2012-12-06 16:49:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2012-12-06 16:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-12-06 16:48:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2012-12-06 16:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
2012-12-06 16:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2012-12-06 16:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2012-12-06 16:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2012-12-06 16:48:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2012-12-06 16:48:04 ----A---- C:\WINDOWS\system32\MRT.exe
2012-12-06 16:48:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2012-12-06 16:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2012-12-06 16:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2012-12-06 16:47:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2012-12-06 16:47:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2012-12-06 16:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2012-12-06 16:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2012-12-06 16:47:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2012-12-06 16:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2012-12-06 16:47:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2012-12-06 16:47:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2012-12-06 16:47:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2012-12-06 16:47:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2012-12-06 16:47:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2012-12-06 16:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2012-12-06 16:47:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-12-06 16:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2012-12-06 16:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2756822$
2012-12-06 16:46:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2012-12-06 16:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2012-12-06 16:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2012-12-06 16:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2012-12-06 16:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2012-12-06 16:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2012-12-06 16:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2012-12-06 16:46:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2012-12-06 16:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2012-12-06 16:46:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2012-12-06 16:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2012-12-06 16:46:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2012-12-06 16:46:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-12-06 16:46:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2012-12-06 16:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2012-12-06 16:46:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2012-12-06 16:46:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2012-12-06 16:45:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-12-06 16:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2012-12-06 16:45:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2012-12-06 16:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2012-12-06 16:45:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2012-12-06 16:45:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2012-12-06 16:45:33 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2012-12-06 16:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2012-12-06 16:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2012-12-06 16:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219-v2$
2012-12-06 16:45:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2012-12-06 16:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2012-12-06 16:45:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2012-12-06 16:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2012-12-06 16:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2012-12-06 16:45:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2012-12-06 16:45:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135-v2$
2012-12-06 16:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2012-12-06 16:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2012-12-06 16:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2012-12-06 16:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$
2012-12-06 16:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2761226$
2012-12-06 16:44:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2012-12-06 16:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2012-12-06 16:44:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2012-12-06 16:44:26 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2012-12-06 16:44:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2744842$
2012-12-06 16:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2544521$
2012-12-06 16:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2012-12-06 16:44:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2012-12-06 16:44:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2012-12-06 16:44:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2012-12-06 16:43:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2012-12-06 16:43:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-12-06 16:43:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-12-06 16:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2012-12-06 16:24:40 ----D---- C:\Program Files\VS Revo Group
2012-12-06 16:10:10 ----D---- C:\Program Files\PANDORA.TV
2012-12-06 16:09:54 ----D---- C:\Program Files\The KMPlayer
2012-12-06 15:57:25 ----D---- C:\WINDOWS\system32\NtmsData
2012-12-06 15:53:43 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-12-06 15:53:32 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2012-12-06 03:27:42 ----D---- C:\WINDOWS\system32\PreInstall
2012-12-06 03:27:40 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2012-12-06 03:27:40 ----HD---- C:\WINDOWS\$hf_mig$
2012-12-06 02:48:18 ----D---- C:\Documents and Settings\PC\Application Data\CyberLink
2012-12-06 02:41:42 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2012-12-06 02:41:39 ----D---- C:\Program Files\Common Files\CyberLink
2012-12-06 02:40:56 ----A---- C:\WINDOWS\system32\msxml3a.dll
2012-12-06 02:40:56 ----A---- C:\WINDOWS\system32\msvcr71.dll
2012-12-06 02:40:56 ----A---- C:\WINDOWS\system32\msvcp71.dll
2012-12-06 02:40:31 ----D---- C:\Documents and Settings\All Users\Application Data\Temp
2012-12-05 21:01:26 ----D---- C:\Documents and Settings\PC\Application Data\Help
2012-12-05 20:47:00 ----D---- C:\Program Files\Microsoft Works
2012-12-05 20:46:50 ----D---- C:\Program Files\Microsoft Visual Studio
2012-12-05 20:46:50 ----D---- C:\Program Files\Common Files\DESIGNER
2012-12-05 20:46:40 ----D---- C:\Program Files\Microsoft.NET
2012-12-05 20:45:07 ----D---- C:\WINDOWS\SHELLNEW
2012-12-05 20:45:01 ----D---- C:\Program Files\Microsoft Office
2012-12-05 20:45:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-12-05 20:44:48 ----RD---- C:\MSOCache
2012-12-05 17:22:26 ----D---- C:\Documents and Settings\PC\Application Data\WinRAR
2012-12-05 17:22:23 ----D---- C:\Program Files\WinRAR
2012-12-04 22:59:47 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2012-12-04 22:26:52 ----D---- C:\Documents and Settings\PC\Application Data\Macromedia
2012-12-04 22:26:52 ----D---- C:\Documents and Settings\PC\Application Data\Adobe
2012-12-04 22:23:58 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-04 22:13:32 ----D---- C:\Documents and Settings\PC\Application Data\Avira
2012-12-04 22:00:02 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2012-12-04 22:00:02 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2012-12-04 22:00:02 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2012-12-04 22:00:02 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2012-12-04 22:00:01 ----D---- C:\Program Files\Avira
2012-12-04 22:00:01 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2012-12-04 21:53:08 ----D---- C:\WINDOWS\Prefetch
2012-12-04 21:48:25 ----N---- C:\WINDOWS\system32\msxml6r.dll
2012-12-04 21:48:25 ----N---- C:\WINDOWS\system32\msxml6.dll
2012-12-04 21:48:18 ----N---- C:\WINDOWS\system32\smtpapi.dll
2012-12-04 21:48:18 ----N---- C:\WINDOWS\system32\rwnh.dll
2012-12-04 21:48:18 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2012-12-04 21:48:18 ----N---- C:\WINDOWS\system32\comsdupd.exe
2012-12-04 21:48:18 ----N---- C:\WINDOWS\system32\aaclient.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\eapsvc.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\eapqec.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\eappprxy.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\eapphost.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\eappgnui.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\eappcfg.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\eapolqec.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\dot3ui.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\dot3svc.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\dot3msm.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\dot3api.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\dimsroam.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\credssp.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\azroles.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2012-12-04 21:48:17 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\s3gnb.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\rasqec.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\qutil.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\qcliprov.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\qagentrt.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\qagent.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\onex.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\napstat.exe
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\napmontr.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\napipsec.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\mssha.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\mmcperf.exe
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\mmcex.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\kmsvc.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\kbdpash.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2012-12-04 21:48:16 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\wmphoto.dll
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\wlanapi.dll
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\verclsid.exe
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\tspkg.dll
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\tsgqec.dll
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\slserv.exe
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\slrundll.exe
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\slgen.dll
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\slextspk.dll
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\slcoinst.dll
2012-12-04 21:48:15 ----N---- C:\WINDOWS\system32\setupn.exe
2012-12-04 21:48:14 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2012-12-04 21:48:14 ----N---- C:\WINDOWS\system32\xmllite.dll
2012-12-04 21:48:14 ----N---- C:\WINDOWS\slrundll.exe
2012-12-04 21:48:14 ----D---- C:\WINDOWS\system32\scripting
2012-12-04 21:48:14 ----D---- C:\WINDOWS\system32\en-us
2012-12-04 21:48:14 ----D---- C:\WINDOWS\l2schemas
2012-12-04 21:48:13 ----D---- C:\WINDOWS\system32\en
2012-12-04 21:48:13 ----D---- C:\WINDOWS\system32\bits
2012-12-04 21:47:34 ----D---- C:\WINDOWS\ServicePackFiles
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2012-12-04 21:46:37 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2012-12-04 21:46:37 ----D---- C:\WINDOWS\network diagnostic
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2012-12-04 21:46:36 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2012-12-04 21:46:35 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2012-12-04 21:46:35 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2012-12-04 21:46:35 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2012-12-04 21:46:35 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2012-12-04 21:46:35 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2012-12-04 21:46:35 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2012-12-04 21:46:35 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2012-12-04 21:46:35 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2012-12-04 21:46:35 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2012-12-04 21:46:35 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2012-12-04 21:45:51 ----N---- C:\WINDOWS\system32\spmsg.dll
2012-12-04 21:45:49 ----A---- C:\WINDOWS\002878_.tmp
2012-12-04 21:44:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2012-12-04 20:43:35 ----D---- C:\Documents and Settings\PC\Application Data\Mozilla
2012-12-04 20:43:32 ----D---- C:\Program Files\Mozilla Firefox
2012-12-04 19:10:21 ----A---- C:\WINDOWS\system32\drivers\usbstor.sys
2012-12-04 18:25:47 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2012-12-04 18:24:09 ----A---- C:\WINDOWS\hpdj3740.ini
2012-12-04 18:20:38 ----SHD---- C:\RECYCLER
2012-12-04 18:19:47 ----A---- C:\WINDOWS\system32\h323log.txt
2012-12-04 18:17:30 ----HD---- C:\dvmexp
2012-12-04 18:16:37 ----D---- C:\ASUS.000
2012-12-04 18:16:17 ----D---- C:\ASUS.SYS
2012-12-04 18:11:14 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2012-12-04 18:10:42 ----D---- C:\Documents and Settings\PC\Application Data\DeviceVm
2012-12-04 18:10:42 ----D---- C:\Documents and Settings\All Users\Application Data\DeviceVm
2012-12-04 18:10:37 ----D---- C:\Program Files\DeviceVM
2012-12-04 18:10:34 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2012-12-04 18:09:47 ----A---- C:\WINDOWS\system32\usbui.dll
2012-12-04 18:09:27 ----A---- C:\WINDOWS\system32\drivers\wmiacpi.sys
2012-12-04 18:08:39 ----SHD---- C:\WINDOWS\Installer
2012-12-04 18:08:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-12-04 18:08:38 ----D---- C:\Program Files\Common Files\ODBC
2012-12-04 18:08:38 ----A---- C:\WINDOWS\ODBCINST.INI
2012-12-04 18:08:36 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-12-04 18:08:35 ----RD---- C:\Program Files
2012-12-04 18:08:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-12-04 18:08:35 ----D---- C:\Program Files\Common Files
2012-12-04 18:08:31 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2012-12-04 18:08:31 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2012-12-04 18:08:31 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbdur.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbdru.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2012-12-04 18:08:29 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2012-12-04 18:08:27 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2012-12-04 18:08:27 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2012-12-04 18:08:27 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2012-12-04 18:08:27 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2012-12-04 18:08:27 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2012-12-04 18:08:27 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2012-12-04 18:08:27 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2012-12-04 18:08:26 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2012-12-04 18:08:26 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2012-12-04 18:08:26 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2012-12-04 18:08:26 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2012-12-04 18:08:26 ----RA---- C:\WINDOWS\system32\kbdest.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdro.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2012-12-04 18:08:24 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2012-12-04 18:08:20 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-12-04 18:08:20 ----A---- C:\WINDOWS\system32\irclass.dll
2012-12-04 18:08:20 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2012-12-04 18:08:20 ----A---- C:\WINDOWS\system32\dgsetup.dll
2012-12-04 18:08:20 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2012-12-04 18:08:18 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2012-12-04 18:08:18 ----A---- C:\WINDOWS\TASKMAN.EXE
2012-12-04 18:08:18 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2012-12-04 18:08:18 ----A---- C:\WINDOWS\system32\batt.dll
2012-12-04 18:08:17 ----A---- C:\WINDOWS\system32\storprop.dll
2012-12-04 18:08:17 ----A---- C:\WINDOWS\notepad.exe
2012-12-04 18:08:11 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2012-12-04 18:08:09 ----RA---- C:\WINDOWS\SET8.tmp
2012-12-04 18:08:07 ----RA---- C:\WINDOWS\SET4.tmp
2012-12-04 18:08:06 ----RA---- C:\WINDOWS\SET3.tmp
2012-12-04 18:08:02 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-04 18:08:02 ----D---- C:\WINDOWS\system32\CatRoot
2012-12-04 18:07:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-12-04 18:07:36 ----D---- C:\Documents and Settings
2012-12-04 18:07:35 ----SHD---- C:\System Volume Information
2012-12-04 18:07:35 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-12-04 18:06:25 ----RSH---- C:\boot.ini
2012-12-04 18:06:08 ----RA---- C:\WINDOWS\system32\drivers\AsIO.sys
2012-12-04 18:06:08 ----RA---- C:\WINDOWS\system32\AsIO.dll
2012-12-04 18:06:07 ----D---- C:\Program Files\ASUS
2012-12-04 18:06:07 ----A---- C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2012-12-04 18:06:07 ----A---- C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2012-12-04 18:05:37 ----A---- C:\WINDOWS\system32\drivers\AmdPPM.sys
2012-12-04 18:05:36 ----D---- C:\Program Files\AMD
2012-12-04 18:05:22 ----D---- C:\Documents and Settings\PC\Application Data\InstallShield
2012-12-04 18:02:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-12-04 18:02:31 ----RSD---- C:\WINDOWS\Fonts
2012-12-04 18:02:31 ----RD---- C:\WINDOWS\Web
2012-12-04 18:02:31 ----HD---- C:\WINDOWS\inf
2012-12-04 18:02:31 ----D---- C:\WINDOWS\WinSxS
2012-12-04 18:02:31 ----D---- C:\WINDOWS\twain_32
2012-12-04 18:02:31 ----D---- C:\WINDOWS\Temp
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\wins
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\wbem
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\usmt
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\spool
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\ShellExt
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\Setup
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\ras
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\oobe
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\npp
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\mui
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\inetsrv
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\IME
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\icsxml
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\ias
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\export
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\drivers\etc
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\drivers\disdn
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\drivers
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\dhcp
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\config
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\3com_dmi
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\3076
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\2052
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\1054
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\1042
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\1041
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\1037
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\1033
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\1031
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\1028
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32\1025
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system32
2012-12-04 18:02:31 ----D---- C:\WINDOWS\system
2012-12-04 18:02:31 ----D---- C:\WINDOWS\security
2012-12-04 18:02:31 ----D---- C:\WINDOWS\Resources
2012-12-04 18:02:31 ----D---- C:\WINDOWS\repair
2012-12-04 18:02:31 ----D---- C:\WINDOWS\Provisioning
2012-12-04 18:02:31 ----D---- C:\WINDOWS\pchealth
2012-12-04 18:02:31 ----D---- C:\WINDOWS\PeerNet
2012-12-04 18:02:31 ----D---- C:\WINDOWS\NLDRV
2012-12-04 18:02:31 ----D---- C:\WINDOWS\mui
2012-12-04 18:02:31 ----D---- C:\WINDOWS\msapps
2012-12-04 18:02:31 ----D---- C:\WINDOWS\msagent
2012-12-04 18:02:31 ----D---- C:\WINDOWS\Media
2012-12-04 18:02:31 ----D---- C:\WINDOWS\java
2012-12-04 18:02:31 ----D---- C:\WINDOWS\ime
2012-12-04 18:02:31 ----D---- C:\WINDOWS\Help
2012-12-04 18:02:31 ----D---- C:\WINDOWS\ehome
2012-12-04 18:02:31 ----D---- C:\WINDOWS\Driver Cache
2012-12-04 18:02:31 ----D---- C:\WINDOWS\Debug
2012-12-04 18:02:31 ----D---- C:\WINDOWS\Cursors
2012-12-04 18:02:31 ----D---- C:\WINDOWS\Connection Wizard
2012-12-04 18:02:31 ----D---- C:\WINDOWS\Config
2012-12-04 18:02:31 ----D---- C:\WINDOWS\AppPatch
2012-12-04 18:02:31 ----D---- C:\WINDOWS\addins
2012-12-04 18:02:31 ----D---- C:\WINDOWS
2012-12-04 18:02:30 ----ASH---- C:\pagefile.sys
2012-12-04 17:58:44 ----RA---- C:\WINDOWS\system32\RTNUninst32.dll
2012-12-04 17:58:44 ----RA---- C:\WINDOWS\system32\RtNicProp32.dll
2012-12-04 17:58:44 ----RA---- C:\WINDOWS\system32\drivers\Rtenicxp.sys
2012-12-04 17:58:25 ----D---- C:\Program Files\Realtek
2012-12-04 17:56:11 ----D---- C:\Documents and Settings\PC\Application Data\ATI
2012-12-04 17:56:11 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2012-12-04 17:53:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-12-04 17:53:24 ----RA---- C:\WINDOWS\system32\ativva6x.dat
2012-12-04 17:53:24 ----RA---- C:\WINDOWS\system32\ativva5x.dat
2012-12-04 17:53:24 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2012-12-04 17:53:24 ----RA---- C:\WINDOWS\system32\atiicdxx.dat
2012-12-04 17:53:24 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2012-12-04 17:53:22 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2012-12-04 17:53:22 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2012-12-04 17:53:22 ----A---- C:\WINDOWS\system32\atitvo32.dll
2012-12-04 17:53:22 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\ATIODCLI.exe
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\atimpc32.dll
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\aticalrt.dll
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\aticaldd.dll
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\atibtmon.exe
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2012-12-04 17:53:21 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2012-12-04 17:53:20 ----A---- C:\WINDOWS\system32\drivers\ati2erec.dll
2012-12-04 17:53:20 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2012-12-04 17:53:20 ----A---- C:\WINDOWS\system32\atioglxx.dll
2012-12-04 17:53:20 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2012-12-04 17:53:19 ----A---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2012-12-04 17:53:19 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2012-12-04 17:53:19 ----A---- C:\WINDOWS\system32\ATIODE.exe
2012-12-04 17:53:19 ----A---- C:\WINDOWS\system32\atikvmag.dll
2012-12-04 17:53:19 ----A---- C:\WINDOWS\system32\aticalcl.dll
2012-12-04 17:53:19 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2012-12-04 17:53:19 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2012-12-04 17:53:19 ----A---- C:\WINDOWS\system32\ati3duag.dll
2012-12-04 17:53:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-12-04 17:52:25 ----RSD---- C:\WINDOWS\assembly
2012-12-04 17:52:16 ----D---- C:\WINDOWS\Microsoft.NET
2012-12-04 17:51:11 ----D---- C:\Program Files\ATI
2012-12-04 17:50:25 ----D---- C:\Program Files\ATI Technologies
2012-12-04 17:48:41 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2012-12-04 17:48:40 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2012-12-04 17:48:38 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2012-12-04 17:48:37 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2012-12-04 17:48:36 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2012-12-04 17:47:38 ----RA---- C:\WINDOWS\system32\drivers\AtiHdmi.sys
2012-12-04 17:46:06 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2012-12-04 17:45:11 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2012-12-04 17:45:11 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2012-12-04 17:45:10 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2012-12-04 17:45:09 ----A---- C:\WINDOWS\system32\drivers\mspqm.sys
2012-12-04 17:45:09 ----A---- C:\WINDOWS\system32\drivers\mspclock.sys
2012-12-04 17:44:26 ----RA---- C:\WINDOWS\system32\drivers\viahduaa.sys
2012-12-04 17:44:26 ----RA---- C:\WINDOWS\system32\Audio3D.dll
2012-12-04 17:44:26 ----RA---- C:\WINDOWS\system32\A3D.dll
2012-12-04 17:44:25 ----A---- C:\WINDOWS\system32\ksuser.dll
2012-12-04 17:44:25 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2012-12-04 17:44:17 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2012-12-04 17:44:15 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2012-12-04 17:43:51 ----N---- C:\WINDOWS\system32\difxapi.dll
2012-12-04 17:43:50 ----D---- C:\Program Files\VIA
2012-12-04 17:40:10 ----D---- C:\Program Files\InstallShield Installation Information
2012-12-04 17:40:00 ----D---- C:\Program Files\Common Files\InstallShield
2012-12-04 17:39:00 ----RA---- C:\WINDOWS\system32\drivers\ASACPI.sys
2012-12-04 17:38:51 ----A---- C:\WINDOWS\Language_trs.ini
2012-12-04 17:38:50 ----RA---- C:\WINDOWS\DAOD.exe
2012-12-04 17:38:40 ----A---- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2012-12-04 17:38:40 ----A---- C:\WINDOWS\Ascd_tmp.ini
2012-12-04 17:33:11 ----A---- C:\WINDOWS\system32\WMErrSKY.dll
2012-12-04 17:33:10 ----D---- C:\WINDOWS\system32\1051
2012-12-04 17:32:56 ----D---- C:\temp
2012-12-04 17:31:25 ----D---- C:\Documents and Settings\PC\Application Data\Identities
2012-12-04 17:31:24 ----D---- C:\Program Files\Uninstall Information
2012-12-04 17:31:21 ----ASH---- C:\Documents and Settings\PC\Application Data\desktop.ini
2012-12-04 17:31:20 ----SD---- C:\Documents and Settings\PC\Application Data\Microsoft
2012-12-04 17:29:20 ----D---- C:\WINDOWS\SoftwareDistribution
2012-12-04 17:29:18 ----SD---- C:\WINDOWS\system32\Microsoft
2012-12-04 17:29:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-12-04 17:26:35 ----AS---- C:\WINDOWS\bootstat.dat
2012-12-04 17:25:14 ----D---- C:\WINDOWS\system32\xircom
2012-12-04 17:25:14 ----D---- C:\Program Files\xerox
2012-12-04 17:25:14 ----D---- C:\Program Files\microsoft frontpage
2012-12-04 17:25:03 ----RAS---- C:\MSDOS.SYS
2012-12-04 17:25:03 ----RAS---- C:\IO.SYS
2012-12-04 17:25:03 ----A---- C:\WINDOWS\control.ini
2012-12-04 17:25:03 ----A---- C:\CONFIG.SYS
2012-12-04 17:25:03 ----A---- C:\AUTOEXEC.BAT
2012-12-04 17:24:54 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-12-04 17:24:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-12-04 17:24:22 ----RD---- C:\WINDOWS\Offline Web Pages
2012-12-04 17:24:16 ----D---- C:\Program Files\WindowsUpdate
2012-12-04 17:24:00 ----D---- C:\WINDOWS\system32\DirectX
2012-12-04 17:23:42 ----A---- C:\WINDOWS\system32\atrace.dll
2012-12-04 17:23:39 ----A---- C:\WINDOWS\system32\desktop.ini
2012-12-04 17:23:39 ----A---- C:\WINDOWS\desktop.ini
2012-12-04 17:23:33 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2012-12-04 17:23:32 ----D---- C:\Program Files\Common Files\Services
2012-12-04 17:23:32 ----A---- C:\WINDOWS\system32\acctres.dll
2012-12-04 17:23:30 ----SD---- C:\WINDOWS\Tasks
2012-12-04 17:23:30 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2012-12-04 17:23:29 ----D---- C:\Program Files\Common Files\MSSoap
2012-12-04 17:23:25 ----D---- C:\WINDOWS\srchasst
2012-12-04 17:23:24 ----D---- C:\WINDOWS\system32\Macromed
2012-12-04 17:23:22 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-12-04 17:23:21 ----A---- C:\WINDOWS\system32\wups.dll
2012-12-04 17:23:21 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-12-04 17:23:21 ----A---- C:\WINDOWS\system32\wuauserv.dll
2012-12-04 17:23:21 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2012-12-04 17:23:21 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-12-04 17:23:21 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-12-04 17:23:21 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-12-04 17:23:21 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-12-04 17:23:21 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2012-12-04 17:23:20 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2012-12-04 17:23:20 ----A---- C:\WINDOWS\system32\qmgr.dll
2012-12-04 17:23:20 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2012-12-04 17:23:16 ----D---- C:\Program Files\Movie Maker
2012-12-04 17:23:13 ----A---- C:\WINDOWS\system32\safrslv.dll
2012-12-04 17:23:13 ----A---- C:\WINDOWS\system32\safrdm.dll
2012-12-04 17:23:13 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2012-12-04 17:23:13 ----A---- C:\WINDOWS\system32\racpldlg.dll
2012-12-04 17:23:09 ----A---- C:\WINDOWS\system32\fltmc.exe
2012-12-04 17:23:09 ----A---- C:\WINDOWS\system32\fltlib.dll
2012-12-04 17:23:09 ----A---- C:\WINDOWS\system32\drivers\fltmgr.sys
2012-12-04 17:23:08 ----D---- C:\WINDOWS\system32\Restore
2012-12-04 17:23:08 ----A---- C:\WINDOWS\system32\srsvc.dll
2012-12-04 17:23:08 ----A---- C:\WINDOWS\system32\srrstr.dll
2012-12-04 17:23:08 ----A---- C:\WINDOWS\system32\srclient.dll
2012-12-04 17:23:08 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2012-12-04 17:23:08 ----A---- C:\WINDOWS\system32\ils.dll
2012-12-04 17:23:08 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2012-12-04 17:23:07 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2012-12-04 17:23:07 ----A---- C:\WINDOWS\system32\msconf.dll
2012-12-04 17:23:07 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-12-04 17:23:07 ----A---- C:\WINDOWS\system32\mnmdd.dll
2012-12-04 17:23:05 ----A---- C:\WINDOWS\system32\msoert2.dll
2012-12-04 17:23:05 ----A---- C:\WINDOWS\system32\msoeacct.dll
2012-12-04 17:23:04 ----A---- C:\WINDOWS\system32\inetres.dll
2012-12-04 17:23:03 ----A---- C:\WINDOWS\system32\inetcomm.dll
2012-12-04 17:23:02 ----D---- C:\Program Files\Outlook Express
2012-12-04 17:23:02 ----A---- C:\WINDOWS\system32\schedsvc.dll
2012-12-04 17:23:01 ----A---- C:\WINDOWS\system32\mstinit.exe
2012-12-04 17:23:01 ----A---- C:\WINDOWS\system32\mstask.dll
2012-12-04 17:23:01 ----A---- C:\WINDOWS\system32\isign32.dll
2012-12-04 17:23:01 ----A---- C:\WINDOWS\system32\inetcfg.dll
2012-12-04 17:23:01 ----A---- C:\WINDOWS\system32\icwphbk.dll
2012-12-04 17:23:01 ----A---- C:\WINDOWS\system32\icwdial.dll
2012-12-04 17:22:56 ----D---- C:\Program Files\Common Files\System
2012-12-04 17:22:55 ----D---- C:\Program Files\Internet Explorer
2012-12-04 17:22:39 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2012-12-04 17:22:32 ----D---- C:\Program Files\ComPlus Applications
2012-12-04 17:22:30 ----A---- C:\WINDOWS\vbaddin.ini
2012-12-04 17:22:30 ----A---- C:\WINDOWS\vb.ini
2012-12-04 17:22:27 ----D---- C:\WINDOWS\Registration
2012-12-04 17:22:22 ----D---- C:\Program Files\Windows Media Player
2012-12-04 17:22:22 ----D---- C:\Program Files\Online Services
2012-12-04 17:22:16 ----D---- C:\Program Files\Messenger
2012-12-04 17:22:13 ----D---- C:\Program Files\MSN Gaming Zone
2012-12-04 17:22:13 ----A---- C:\WINDOWS\system32\write.exe
2012-12-04 17:22:06 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-12-04 17:22:06 ----A---- C:\WINDOWS\system32\hticons.dll
2012-12-04 17:22:06 ----A---- C:\WINDOWS\system32\avwav.dll
2012-12-04 17:22:06 ----A---- C:\WINDOWS\system32\avmeter.dll
2012-12-04 17:22:05 ----A---- C:\WINDOWS\system32\winchat.exe
2012-12-04 17:22:05 ----A---- C:\WINDOWS\system32\avtapi.dll
2012-12-04 17:22:00 ----A---- C:\WINDOWS\system32\getuname.dll
2012-12-04 17:21:59 ----A---- C:\WINDOWS\system32\winmine.exe
2012-12-04 17:21:59 ----A---- C:\WINDOWS\system32\sol.exe
2012-12-04 17:21:59 ----A---- C:\WINDOWS\system32\charmap.exe
2012-12-04 17:21:59 ----A---- C:\WINDOWS\system32\calc.exe
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\tslabels.ini
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\tskill.exe
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\tscon.exe
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\shadow.exe
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\rwinsta.exe
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\reset.exe
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\regini.exe
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-12-04 17:21:58 ----A---- C:\WINDOWS\system32\freecell.exe
2012-12-04 17:21:57 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2012-12-04 17:21:57 ----A---- C:\WINDOWS\system32\qwinsta.exe
2012-12-04 17:21:57 ----A---- C:\WINDOWS\system32\qappsrv.exe
2012-12-04 17:21:57 ----A---- C:\WINDOWS\system32\msg.exe
2012-12-04 17:21:57 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2012-12-04 17:21:57 ----A---- C:\WINDOWS\system32\logoff.exe
2012-12-04 17:21:57 ----A---- C:\WINDOWS\system32\cdmodem.dll
2012-12-04 17:21:56 ----A---- C:\WINDOWS\system32\stclient.dll
2012-12-04 17:21:56 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2012-12-04 17:21:56 ----A---- C:\WINDOWS\system32\mtxex.dll
2012-12-04 17:21:56 ----A---- C:\WINDOWS\system32\mtxdm.dll
2012-12-04 17:21:56 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2012-12-04 17:21:56 ----A---- C:\WINDOWS\system32\comsnap.dll
2012-12-04 17:21:56 ----A---- C:\WINDOWS\system32\comrepl.dll
2012-12-04 17:21:56 ----A---- C:\WINDOWS\system32\comaddin.dll
2012-12-04 17:21:52 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2012-12-04 17:21:36 ----D---- C:\Program Files\MSN
2012-12-04 17:21:36 ----A---- C:\WINDOWS\system32\accwiz.exe
2012-12-04 17:21:35 ----D---- C:\Program Files\Windows NT
2012-12-04 17:21:35 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-12-04 17:21:35 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-12-04 17:21:35 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-12-04 17:21:35 ----A---- C:\WINDOWS\system32\hypertrm.dll
2012-12-04 17:21:34 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2012-12-04 17:21:34 ----A---- C:\WINDOWS\system32\spider.exe
2012-12-04 17:21:34 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2012-12-04 17:21:34 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2012-12-04 17:21:34 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-12-04 17:21:34 ----A---- C:\WINDOWS\system32\clipbrd.exe
2012-12-04 17:21:33 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2012-12-04 17:21:33 ----A---- C:\WINDOWS\system32\sessmgr.exe
2012-12-04 17:21:33 ----A---- C:\WINDOWS\system32\remotepg.dll
2012-12-04 17:21:33 ----A---- C:\WINDOWS\system32\rdshost.exe
2012-12-04 17:21:33 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2012-12-04 17:21:33 ----A---- C:\WINDOWS\system32\rdchost.dll
2012-12-04 17:21:33 ----A---- C:\WINDOWS\system32\mstscax.dll
2012-12-04 17:21:33 ----A---- C:\WINDOWS\system32\mstsc.exe
2012-12-04 17:21:32 ----D---- C:\WINDOWS\system32\MsDtc
2012-12-04 17:21:32 ----A---- C:\WINDOWS\system32\termsrv.dll
2012-12-04 17:21:32 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2012-12-04 17:21:32 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2012-12-04 17:21:32 ----A---- C:\WINDOWS\system32\rdpclip.exe
2012-12-04 17:21:32 ----A---- C:\WINDOWS\system32\qprocess.exe
2012-12-04 17:21:32 ----A---- C:\WINDOWS\system32\mtxoci.dll
2012-12-04 17:21:32 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2012-12-04 17:21:32 ----A---- C:\WINDOWS\system32\icaapi.dll
2012-12-04 17:21:32 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2012-12-04 17:21:31 ----A---- C:\WINDOWS\system32\xolehlp.dll
2012-12-04 17:21:31 ----A---- C:\WINDOWS\system32\msdtctm.dll
2012-12-04 17:21:31 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2012-12-04 17:21:31 ----A---- C:\WINDOWS\system32\msdtclog.dll
2012-12-04 17:21:31 ----A---- C:\WINDOWS\system32\msdtc.exe
2012-12-04 17:21:30 ----D---- C:\WINDOWS\system32\Com
2012-12-04 17:21:30 ----A---- C:\WINDOWS\system32\colbact.dll
2012-12-04 17:21:30 ----A---- C:\WINDOWS\system32\clbcatex.dll
2012-12-04 17:21:30 ----A---- C:\WINDOWS\system32\catsrvut.dll
2012-12-04 17:21:30 ----A---- C:\WINDOWS\system32\catsrvps.dll
2012-12-04 17:21:30 ----A---- C:\WINDOWS\system32\catsrv.dll
2012-12-04 17:21:29 ----A---- C:\WINDOWS\system32\comuid.dll
2012-12-04 17:21:29 ----A---- C:\WINDOWS\system32\comsvcs.dll
2012-12-04 17:21:29 ----A---- C:\WINDOWS\system32\clbcatq.dll
2012-12-04 17:21:23 ----A---- C:\WINDOWS\system32\servdeps.dll
2012-12-04 17:21:23 ----A---- C:\WINDOWS\system32\mmfutil.dll
2012-12-04 17:21:23 ----A---- C:\WINDOWS\system32\licwmi.dll
2012-12-04 17:21:23 ----A---- C:\WINDOWS\system32\cmprops.dll
2012-12-04 17:21:17 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2012-12-04 17:21:17 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 month======

2012-12-16 13:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll
2012-12-04 18:08:35 ----A---- C:\WINDOWS\system.ini
2012-12-04 17:25:03 ----A---- C:\WINDOWS\win.ini
2012-12-04 17:24:46 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2009-08-04 11296]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-12-11 134336]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-11-16 36552]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2012-08-27 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/12/23 01:47:14]; \??\C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-12-11 83944]
R2 ntk_PowerDVD;ntk_PowerDVD; \??\C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys []
R2 regi;regi; \??\C:\WINDOWS\system32\drivers\regi.sys []
R3 appliandMP;appliandMP; C:\WINDOWS\system32\DRIVERS\appliand.sys [2011-06-26 28256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 4614144]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2010-01-28 95232]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-03-08 220112]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2010-01-11 2106880]
S3 appliand;Applian Network Service; C:\WINDOWS\system32\DRIVERS\appliand.sys [2011-06-26 28256]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-12-11 109344]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2012-09-18 85104]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2012-09-19 78352]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2012-09-19 295440]
R2 DvmMDES;DeviceVM Meta Data Export Service; C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-12-13 161768]
R2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 250808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-11 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Ještě porosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Jochanan]

Log z ComboFixu

Kód: Vybrat vše

ComboFix 12-12-30.01 - PC 30.12.2012  19:08:26.1.3 - x86
Systém Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2589 [GMT 1:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.ilg
c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\Setup.ilg
c:\windows\system32\MUI\041b\tourstart.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-11-28 to 2012-12-30  )))))))))))))))))))))))))))))))
.
.
2012-12-30 17:04 . 2012-12-30 17:05	--------	d-----w-	C:\rsit
2012-12-26 10:35 . 2012-12-26 10:35	--------	d-----w-	C:\found.001
2012-12-13 22:28 . 2012-12-13 22:28	--------	d-----w-	C:\found.000
2012-12-06 16:18 . 2012-12-30 11:27	--------	d-----w-	C:\torrenty
2012-12-05 19:44 . 2012-12-05 19:44	--------	d-----r-	C:\MSOCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-03 22:56	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-03 21:17	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2004-08-03 22:56	375296	----a-w-	c:\windows\system32\dpnet.dll
2012-11-01 03:30 . 2007-08-13 17:34	268288	----a-w-	c:\windows\system32\iertutil(2).dll
2012-11-01 03:30 . 2004-08-03 22:56	1830912	------w-	c:\windows\system32\inetcpl.cpl
2012-11-01 03:30 . 2004-08-03 22:56	832512	----a-w-	c:\windows\system32\wininet.dll
2012-11-01 03:30 . 2004-08-03 22:56	78336	----a-w-	c:\windows\system32\ieencode.dll
2012-11-01 03:30 . 2004-08-03 22:56	17408	----a-w-	c:\windows\system32\corpol.dll
2012-10-31 11:33 . 2004-08-03 22:56	667136	----a-w-	c:\windows\system32\wininet(6).dll
2012-10-31 11:33 . 2004-08-03 22:56	667136	----a-w-	c:\windows\system32\wininet(5).dll
2012-10-31 11:33 . 2004-08-03 22:56	667136	----a-w-	c:\windows\system32\wininet(4).dll
2012-10-31 11:33 . 2004-08-03 22:56	667136	----a-w-	c:\windows\system32\wininet(3).dll
2012-10-31 11:33 . 2004-08-03 22:56	633344	----a-w-	c:\windows\system32\urlmon(6).dll
2012-10-31 11:33 . 2004-08-03 22:56	633344	----a-w-	c:\windows\system32\urlmon(5).dll
2012-10-31 11:33 . 2004-08-03 22:56	633344	----a-w-	c:\windows\system32\urlmon(4).dll
2012-10-31 11:33 . 2004-08-03 22:56	633344	----a-w-	c:\windows\system32\urlmon(3).dll
2012-10-31 11:33 . 2004-08-03 22:56	37888	----a-w-	c:\windows\system32\url(6).dll
2012-10-31 11:33 . 2004-08-03 22:56	37888	----a-w-	c:\windows\system32\url(5).dll
2012-10-31 11:33 . 2004-08-03 22:56	37888	----a-w-	c:\windows\system32\url(4).dll
2012-10-31 11:33 . 2004-08-03 22:56	37888	----a-w-	c:\windows\system32\url(3).dll
2012-10-31 11:33 . 2004-08-03 22:56	449536	----a-w-	c:\windows\system32\mshtmled(5).dll
2012-10-31 11:33 . 2004-08-03 22:56	449536	----a-w-	c:\windows\system32\mshtmled(4).dll
2012-10-31 11:33 . 2004-08-03 22:56	449536	----a-w-	c:\windows\system32\mshtmled(3).dll
2012-10-31 11:33 . 2004-08-03 22:56	449536	----a-w-	c:\windows\system32\mshtmled(2).dll
2012-10-02 18:04 . 2004-08-03 22:56	58368	----a-w-	c:\windows\system32\synceng.dll
2012-02-16 15:16 . 2012-12-11 02:44	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-06 322352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-01-18 33714176]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2012-09-18 236656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PowerDVD11.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PDVD11Serv.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\Common\\MediaServer\\CLMSServerForPDVD11.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [4.12.2012 22:00 36552]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/12/23 01:47];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [19.9.2012 15:43 87536]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4.12.2012 22:00 85280]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [5.3.2010 10:15 235752]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [23.12.2012 1:46 85104]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [23.12.2012 1:46 78352]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [23.12.2012 1:46 295440]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [16.10.2009 10:42 319488]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [23.12.2012 1:46 71664]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [6.12.2012 16:10 625304]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [18.12.2012 23:46 13880]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [27.12.2012 21:36 28256]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [4.12.2012 17:44 2106880]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [27.12.2012 21:36 28256]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-04 17:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://socialgames.splashtop.com/redirectGames/?oem=asusegbcu00&os=Windows&p=M4A88T-M&pv=1.0.12&v=1&flv=&c=1051&t=1c461a2b8459f9d9700c74b8f9074983&l=sk-SK
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.5.18.5 10.5.18.2 195.80.171.4
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\lknzdyni.default\
FF - prefs.js: browser.search.selectedEngine - Atlas
FF - ExtSQL: 2012-12-07 03:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 19:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\System32\dimsntfy.dll
.
Completion time: 2012-12-30  19:11:51
ComboFix-quarantined-files.txt  2012-12-30 18:11
.
Pre-Run: 81 384 026 112 bytes free
Post-Run: 81 567 834 112 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 4EB9C13CFAF31C8D99007E5DB33F8BF8

[Rudy]

CF ještě domazal pár zbytků. PC by již měl být čistý.

[Jochanan]

Ďakujem pekne. Všetko dobré v novom roku.

[Rudy]

Vše nejlepší v novém roce i vám a nemáte zač!