prosim o kontrolu logu jen prevence

Zpráva

#76 Příspěvek od **Márty84** » 04 srp 2013 14:53

Loutka · #77 Příspěvek od **Loutka** » 05 srp 2013 21:46

info.txt logfile of random's system information tool 1.09 2013-08-05 22:45:38

======Uninstall list======

Adobe Reader 9.3 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A93000000001}
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Catalyst Install Manager-->msiexec /q/x{03520551-508E-EDCA-4A14-90C706A54A41} REBOOT=ReallySuppress
AMD Media Foundation Decoders-->MsiExec.exe /X{3D2D0DB9-5199-4A77-B6D3-646693FAE63C}
Ashampoo Burning Studio 2010-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2010\unins000.exe"
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Catalyst Control Center - Branding-->MsiExec.exe /I{C33240AB-1F4B-4DE2-B1C7-54E0A182BB5D}
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP HD Webcam Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe" -runfromtemp -l0x0405 -removeonly
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Qualcomm Atheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\Setup.exe" -runfromtemp -removeonly
Realtek Ethernet Controller All-In-One Windows Driver-->C:\Program Files (x86)\InstallShield Installation Information\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}\setup.exe -runfromtemp -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\setup.exe" -runfromtemp -l0x0405 -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Total Commander Ultima Prime 4.6.0.0-->"C:\Program Files (x86)\TC UP\un_TC UP.exe"

======System event log======

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Distributed Link Tracking Client byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Desktop Window Manager Session Manager byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Power byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20101121035831.093172-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Diagnostic Policy Service byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20101121035831.093172-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247F27-25
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20130804221819.000000-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20130804221814.000000-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 3
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20130804221809.697691-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247F27-25
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 2
Source Name: Microsoft-Windows-EventSystem
Time Written: 20130804221809.000000-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 1532
Message: Služba Profil uživatele byla zastavena.

Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101121035831.124372-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 37L4247F27-25
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130804221752.631261-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247F27-25$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x1d0
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130804221752.631261-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x318cd
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130804221745.392849-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130804221742.928044-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130804221742.818844-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\TC UP\PLUGINS\Library
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"AMDAPPSDKROOT"=c:\Program Files (x86)\AMD APP\

-----------------EOF-----------------

Loutka · #78 Příspěvek od **Loutka** » 05 srp 2013 21:47

Logfile of random's system information tool 1.09 (written by random/random)
Run by Home at 2013-08-05 22:45:06
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 435 GB (71%) free of 610 GB
Total RAM: 4030 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:45:36, on 5.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Home.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE7C5A90-09E0-4AF2-98B4-F67BAFB91782}: NameServer = 192.168.150.237,194.228.2.1
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7180 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 31420768
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
\??\C:\Windows\system32\conhost.exe "-102519301-367479893-318305293207979521-384743072-3785707431456920844-1778782018
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"taskhost.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
C:\Windows\system32\AUDIODG.EXE 0x85c
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2060 CREDAT:203009
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Home\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-08-31 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-08-31 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-08-31 416024]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-09-20 1664000]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-01-10 3011824]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-09-16 115048]
"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-13 343168]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-08-31 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-08-05 22:45:06 ----D---- C:\rsit
2013-08-05 22:45:06 ----D---- C:\Program Files\trend micro
2013-08-05 15:23:34 ----N---- C:\Windows\system32\athihvui.dll
2013-08-05 15:23:34 ----N---- C:\Windows\system32\athihvs.dll
2013-08-05 15:23:34 ----D---- C:\Windows\system32\nn-NO
2013-08-05 15:23:34 ----D---- C:\Windows\Options
2013-08-05 15:23:34 ----A---- C:\Windows\system32\drivers\athrx.sys
2013-08-05 15:23:26 ----D---- C:\Program Files (x86)\Cisco
2013-08-05 15:23:25 ----D---- C:\Program Files (x86)\Qualcomm Atheros
2013-08-05 15:22:38 ----D---- C:\ProgramData\Qualcomm Atheros
2013-08-05 15:21:47 ----N---- C:\Windows\EricssonMobileBroadbandVer.dll
2013-08-05 15:21:36 ----D---- C:\Users\Home\AppData\Roaming\Hewlett-Packard
2013-08-05 15:21:36 ----D---- C:\Program Files (x86)\Hewlett-Packard
2013-08-05 15:21:35 ----D---- C:\Users\Home\AppData\Roaming\hpqLog
2013-08-05 15:21:35 ----D---- C:\ProgramData\Hewlett-Packard
2013-08-05 15:21:05 ----D---- C:\Program Files\Synaptics
2013-08-05 15:20:05 ----A---- C:\Windows\SYSWOW64\vsnp2uvc.dll
2013-08-05 15:20:05 ----A---- C:\Windows\SYSWOW64\rsnp2uvc.dll
2013-08-05 15:20:05 ----A---- C:\Windows\system32\vsnp2uvc.dll
2013-08-05 15:20:05 ----A---- C:\Windows\system32\rsnp2uvc.dll
2013-08-05 15:20:05 ----A---- C:\Windows\system32\drivers\snp2uvc.sys
2013-08-05 15:20:05 ----A---- C:\Windows\system32\csnp2uvc.dll
2013-08-05 15:20:05 ----A---- C:\Windows\snuvcdsm.exe
2013-08-05 15:20:05 ----A---- C:\Windows\snp2uvc.src
2013-08-05 15:20:05 ----A---- C:\Windows\snp2uvc.ini
2013-08-05 15:19:45 ----A---- C:\Windows\SYSWOW64\sigfile.exe
2013-08-05 15:19:09 ----A---- C:\Windows\system32\stlang64.dll
2013-08-05 15:19:09 ----A---- C:\Windows\system32\IDTNX.dll
2013-08-05 15:19:09 ----A---- C:\Windows\system32\IDTNJ.exe
2013-08-05 15:19:09 ----A---- C:\Windows\system32\IDTNHP.dll
2013-08-05 15:19:09 ----A---- C:\Windows\system32\IDTNGUI.exe
2013-08-05 15:19:09 ----A---- C:\Windows\system32\HPToneCtrls64.dll
2013-08-05 15:19:09 ----A---- C:\Windows\system32\AESTEC64.dll
2013-08-05 15:19:09 ----A---- C:\Windows\system32\AESTCo64.dll
2013-08-05 15:19:09 ----A---- C:\Windows\system32\AESTAR64.dll
2013-08-05 15:19:09 ----A---- C:\Windows\system32\AESTAC64.dll
2013-08-05 15:19:09 ----A---- C:\Windows\sttray64.exe
2013-08-05 15:19:08 ----D---- C:\Windows\system32\SRSLabs
2013-08-05 15:18:27 ----A---- C:\Windows\system32\stcplx64.dll
2013-08-05 15:18:27 ----A---- C:\Windows\system32\drivers\stwrt64.sys
2013-08-05 15:18:26 ----N---- C:\Windows\system32\stapi64.dll
2013-08-05 15:18:26 ----A---- C:\Windows\system32\stapo64.dll
2013-08-05 15:18:26 ----A---- C:\Windows\system32\st646428.dll
2013-08-05 15:18:23 ----D---- C:\Program Files\IDT
2013-08-05 15:17:10 ----D---- C:\Users\Home\AppData\Roaming\ATI
2013-08-05 15:17:10 ----D---- C:\ProgramData\ATI
2013-08-05 15:14:30 ----A---- C:\Windows\SYSWOW64\winver.exe
2013-08-05 15:14:30 ----A---- C:\Windows\SYSWOW64\user32.dll
2013-08-05 15:14:30 ----A---- C:\Windows\SYSWOW64\systemcpl.dll
2013-08-05 15:14:30 ----A---- C:\Windows\SYSWOW64\sppcomapi.dll
2013-08-05 15:14:30 ----A---- C:\Windows\SYSWOW64\slmgr.vbs
2013-08-05 15:13:05 ----D---- C:\Program Files (x86)\AMD APP
2013-08-05 15:13:02 ----D---- C:\Program Files\Common Files\ATI Technologies
2013-08-05 15:12:02 ----A---- C:\Windows\SYSWOW64\atipblup.dat
2013-08-05 15:12:02 ----A---- C:\Windows\system32\atipblup.dat
2013-08-05 15:11:04 ----A---- C:\Windows\system32\RTNUninst64.dll
2013-08-05 15:11:04 ----A---- C:\Windows\system32\RtNicProp64.dll
2013-08-05 15:11:04 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2013-08-05 15:11:01 ----D---- C:\Program Files (x86)\Realtek
2013-08-05 15:10:08 ----D---- C:\Program Files (x86)\ATI Technologies
2013-08-05 15:09:56 ----D---- C:\Program Files\ATI Technologies
2013-08-05 15:09:53 ----D---- C:\Program Files\ATI
2013-08-05 15:07:22 ----D---- C:\Users\Home\AppData\Roaming\Ashampoo
2013-08-05 15:05:28 ----D---- C:\Users\Home\AppData\Roaming\HEXelon
2013-08-05 15:04:22 ----D---- C:\Program Files (x86)\TC UP
2013-08-05 15:01:00 ----D---- C:\ProgramData\ashampoo
2013-08-05 15:00:49 ----D---- C:\ProgramData\page
2013-08-05 15:00:48 ----D---- C:\Program Files (x86)\Ashampoo
2013-08-05 14:58:18 ----D---- C:\ProgramData\Adobe
2013-08-05 14:58:08 ----D---- C:\Program Files (x86)\Adobe
2013-08-05 14:52:52 ----D---- C:\Windows\SYSWOW64\Wat
2013-08-05 14:52:52 ----D---- C:\Windows\system32\Wat
2013-08-05 14:51:55 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-08-05 14:51:49 ----D---- C:\Windows\system32\2C0A
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0C0A
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0C04
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0816
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0804
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0424
2013-08-05 14:51:49 ----D---- C:\Windows\system32\041F
2013-08-05 14:51:49 ----D---- C:\Windows\system32\041E
2013-08-05 14:51:49 ----D---- C:\Windows\system32\041D
2013-08-05 14:51:49 ----D---- C:\Windows\system32\041B
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0419
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0416
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0415
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0414
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0413
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0412
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0411
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0410
2013-08-05 14:51:49 ----D---- C:\Windows\system32\040E
2013-08-05 14:51:49 ----D---- C:\Windows\system32\040D
2013-08-05 14:51:49 ----D---- C:\Windows\system32\040C
2013-08-05 14:51:49 ----D---- C:\Windows\system32\040B
2013-08-05 14:51:49 ----D---- C:\Windows\system32\040A
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0408
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0407
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0406
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0405
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0404
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0401
2013-08-05 14:51:47 ----D---- C:\Program Files (x86)\Renesas Electronics
2013-08-05 14:51:31 ----D---- C:\Program Files (x86)\Microsoft Works
2013-08-05 14:51:12 ----D---- C:\Windows\PCHEALTH
2013-08-05 14:51:12 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-08-05 14:49:33 ----D---- C:\Program Files\Microsoft Office
2013-08-05 14:48:49 ----SHD---- C:\Windows\Installer
2013-08-05 14:48:38 ----D---- C:\Program Files (x86)\Microsoft Office
2013-08-05 14:48:37 ----D---- C:\ProgramData\Microsoft Help
2013-08-05 14:48:07 ----RHD---- C:\MSOCache
2013-08-05 14:46:25 ----A---- C:\Windows\SYSWOW64\CSVer.dll
2013-08-05 14:42:49 ----A---- C:\Windows\system32\drivers\IntelMEFWVer.dll
2013-08-05 14:42:47 ----A---- C:\Windows\SYSWOW64\log.txt
2013-08-05 14:42:24 ----D---- C:\Program Files (x86)\Intel
2013-08-05 14:42:16 ----D---- C:\Intel
2013-08-05 14:42:09 ----D---- C:\swsetup
2013-08-05 14:10:49 ----A---- C:\Windows\system32\FntCache.dll
2013-08-05 14:10:49 ----A---- C:\Windows\system32\d2d1.dll
2013-08-05 14:10:48 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2013-08-05 14:04:28 ----D---- C:\Users\Home\AppData\Roaming\Synaptics
2013-08-05 13:38:12 ----A---- C:\Windows\system32\MRT.exe
2013-08-05 13:31:45 ----A---- C:\Windows\system32\Wdfres.dll
2013-08-05 13:31:45 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2013-08-05 13:31:45 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-08-05 13:25:00 ----A---- C:\Windows\system32\browserchoice.exe
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\wextract.exe
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\url.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\occache.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\msrating.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\msls31.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\mshta.exe
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\inseng.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\icardie.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2013-08-05 13:23:18 ----A---- C:\Windows\SYSWOW64\admparse.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\wininet.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\wextract.exe
2013-08-05 13:23:18 ----A---- C:\Windows\system32\webcheck.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\vbscript.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\urlmon.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\url.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-08-05 13:23:18 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-05 13:23:18 ----A---- C:\Windows\system32\pngfilt.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\occache.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\msrating.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\msls31.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\mshtmler.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\mshtmled.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\mshtml.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\mshta.exe
2013-08-05 13:23:18 ----A---- C:\Windows\system32\msfeedssync.exe
2013-08-05 13:23:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\msfeeds.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\licmgr10.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\jsproxy.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\jscript9.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\jscript.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\inseng.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\imgutil.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\iexpress.exe
2013-08-05 13:23:18 ----A---- C:\Windows\system32\ieUnatt.exe
2013-08-05 13:23:18 ----A---- C:\Windows\system32\ieui.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\iesysprep.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\iesetup.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\iertutil.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\iernonce.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\iepeers.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\ieframe.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\iedkcs32.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\ieapfltr.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\ieapfltr.dat
2013-08-05 13:23:18 ----A---- C:\Windows\system32\ieakui.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\ieaksie.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\ieakeng.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\ie4uinit.exe
2013-08-05 13:23:18 ----A---- C:\Windows\system32\icardie.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\dxtrans.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\dxtmsft.dll
2013-08-05 13:23:18 ----A---- C:\Windows\system32\admparse.dll
2013-08-05 13:17:22 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2013-08-05 13:17:22 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2013-08-05 13:17:22 ----A---- C:\Windows\system32\fontsub.dll
2013-08-05 13:17:22 ----A---- C:\Windows\system32\atmlib.dll
2013-08-05 13:17:21 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2013-08-05 13:17:21 ----A---- C:\Windows\system32\atmfd.dll
2013-08-05 13:16:36 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2013-08-05 13:16:36 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2013-08-05 13:16:35 ----A---- C:\Windows\system32\WUDFSvc.dll
2013-08-05 13:16:35 ----A---- C:\Windows\system32\WUDFPlatform.dll
2013-08-05 13:16:33 ----A---- C:\Windows\system32\WUDFx.dll
2013-08-05 13:16:33 ----A---- C:\Windows\system32\WUDFHost.exe
2013-08-05 13:16:33 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2013-08-05 13:13:42 ----A---- C:\Windows\system32\imagehlp.dll
2013-08-05 13:13:42 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2013-08-05 13:13:41 ----A---- C:\Windows\SYSWOW64\wmi.dll
2013-08-05 13:13:41 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2013-08-05 13:13:41 ----A---- C:\Windows\system32\wmi.dll
2013-08-05 13:05:11 ----D---- C:\Program Files\Google
2013-08-05 13:02:10 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2013-08-05 13:02:10 ----A---- C:\Windows\system32\xmllite.dll
2013-08-05 13:02:00 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-08-05 13:02:00 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-08-05 13:02:00 ----A---- C:\Windows\system32\cdd.dll
2013-08-05 13:01:59 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2013-08-05 13:01:59 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2013-08-05 13:01:59 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2013-08-05 13:01:59 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2013-08-05 13:01:59 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2013-08-05 13:01:59 ----A---- C:\Windows\system32\odbctrac.dll
2013-08-05 13:01:59 ----A---- C:\Windows\system32\odbccu32.dll
2013-08-05 13:01:59 ----A---- C:\Windows\system32\odbccr32.dll
2013-08-05 13:01:59 ----A---- C:\Windows\system32\odbccp32.dll
2013-08-05 13:01:55 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2013-08-05 13:01:55 ----A---- C:\Windows\system32\poqexec.exe
2013-08-05 13:01:46 ----A---- C:\Windows\SYSWOW64\dhcpcsvc6.dll
2013-08-05 13:01:46 ----A---- C:\Windows\SYSWOW64\dhcpcore6.dll
2013-08-05 13:01:46 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2013-08-05 13:01:46 ----A---- C:\Windows\system32\dhcpcore6.dll
2013-08-05 13:01:43 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2013-08-05 13:01:43 ----A---- C:\Windows\system32\mstscax.dll
2013-08-05 13:01:42 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2013-08-05 13:01:42 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2013-08-05 13:01:42 ----A---- C:\Windows\system32\tsgqec.dll
2013-08-05 13:01:42 ----A---- C:\Windows\system32\aaclient.dll
2013-08-05 13:01:38 ----A---- C:\Windows\explorer.exe
2013-08-05 13:01:37 ----A---- C:\Windows\SYSWOW64\explorer.exe
2013-08-05 13:01:37 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-08-05 13:01:36 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-08-05 13:01:34 ----A---- C:\Windows\SYSWOW64\tzres.dll
2013-08-05 13:01:34 ----A---- C:\Windows\system32\tzres.dll
2013-08-05 13:01:26 ----A---- C:\Windows\SYSWOW64\sbe.dll
2013-08-05 13:01:26 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2013-08-05 13:01:26 ----A---- C:\Windows\system32\sbe.dll
2013-08-05 13:01:26 ----A---- C:\Windows\system32\CPFilters.dll
2013-08-05 13:01:22 ----A---- C:\Windows\SYSWOW64\quartz.dll
2013-08-05 13:01:22 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2013-08-05 13:01:22 ----A---- C:\Windows\system32\quartz.dll
2013-08-05 13:01:22 ----A---- C:\Windows\system32\qdvd.dll
2013-08-05 13:01:19 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2013-08-05 13:01:19 ----A---- C:\Windows\system32\ntshrui.dll
2013-08-05 13:01:18 ----A---- C:\Windows\system32\tquery.dll
2013-08-05 13:01:17 ----A---- C:\Windows\SYSWOW64\tquery.dll
2013-08-05 13:01:17 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2013-08-05 13:01:17 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2013-08-05 13:01:17 ----A---- C:\Windows\system32\SearchIndexer.exe
2013-08-05 13:01:17 ----A---- C:\Windows\system32\mssrch.dll
2013-08-05 13:01:16 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2013-08-05 13:01:16 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2013-08-05 13:01:16 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2013-08-05 13:01:16 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2013-08-05 13:01:16 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2013-08-05 13:01:16 ----A---- C:\Windows\SYSWOW64\mssph.dll
2013-08-05 13:01:16 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2013-08-05 13:01:16 ----A---- C:\Windows\system32\SearchFilterHost.exe
2013-08-05 13:01:16 ----A---- C:\Windows\system32\mssvp.dll
2013-08-05 13:01:16 ----A---- C:\Windows\system32\mssphtb.dll
2013-08-05 13:01:16 ----A---- C:\Windows\system32\mssph.dll
2013-08-05 13:01:16 ----A---- C:\Windows\system32\msscntrs.dll
2013-08-05 13:01:14 ----A---- C:\Windows\system32\shell32.dll
2013-08-05 13:01:13 ----A---- C:\Windows\SYSWOW64\shell32.dll
2013-08-05 13:01:12 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2013-08-05 13:01:12 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-08-05 13:01:12 ----A---- C:\Windows\system32\shdocvw.dll
2013-08-05 13:01:12 ----A---- C:\Windows\system32\consent.exe
2013-08-05 13:01:12 ----A---- C:\Windows\system32\authui.dll
2013-08-05 13:01:12 ----A---- C:\Windows\system32\appinfo.dll
2013-08-05 13:01:06 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2013-08-05 13:01:06 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2013-08-05 13:01:06 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2013-08-05 13:01:05 ----A---- C:\Windows\SYSWOW64\webio.dll
2013-08-05 13:01:05 ----A---- C:\Windows\system32\webio.dll
2013-08-05 13:01:03 ----A---- C:\Windows\system32\wwansvc.dll
2013-08-05 13:01:03 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-08-05 13:01:03 ----A---- C:\Windows\system32\drivers\ntfs.sys
2013-08-05 13:01:01 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2013-08-05 13:01:01 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2013-08-05 13:00:53 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2013-08-05 13:00:53 ----A---- C:\Windows\system32\XpsPrint.dll
2013-08-05 13:00:52 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2013-08-05 13:00:52 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2013-08-05 13:00:52 ----A---- C:\Windows\system32\mfc42u.dll
2013-08-05 13:00:52 ----A---- C:\Windows\system32\mfc42.dll
2013-08-05 13:00:48 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2013-08-05 13:00:48 ----A---- C:\Windows\system32\drivers\ndis.sys
2013-08-05 13:00:46 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2013-08-05 13:00:46 ----A---- C:\Windows\system32\d3d10level9.dll
2013-08-05 13:00:45 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-08-05 13:00:45 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-08-05 13:00:45 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-08-05 13:00:45 ----A---- C:\Windows\system32\sspisrv.dll
2013-08-05 13:00:45 ----A---- C:\Windows\system32\sspicli.dll
2013-08-05 13:00:45 ----A---- C:\Windows\system32\schannel.dll
2013-08-05 13:00:45 ----A---- C:\Windows\system32\secur32.dll
2013-08-05 13:00:45 ----A---- C:\Windows\system32\lsass.exe
2013-08-05 13:00:45 ----A---- C:\Windows\system32\lsasrv.dll
2013-08-05 13:00:45 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-08-05 13:00:45 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-08-05 13:00:45 ----A---- C:\Windows\system32\drivers\cng.sys
2013-08-05 13:00:44 ----A---- C:\Windows\system32\rdrmemptylst.exe
2013-08-05 13:00:44 ----A---- C:\Windows\system32\rdpwsx.dll
2013-08-05 13:00:44 ----A---- C:\Windows\system32\rdpcorekmts.dll
2013-08-05 13:00:43 ----A---- C:\Windows\system32\drivers\usb8023.sys
2013-08-05 13:00:39 ----A---- C:\Windows\system32\msxml6.dll
2013-08-05 13:00:38 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2013-08-05 13:00:38 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2013-08-05 13:00:38 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2013-08-05 13:00:38 ----A---- C:\Windows\system32\msxml3r.dll
2013-08-05 13:00:38 ----A---- C:\Windows\system32\msxml3.dll
2013-08-05 13:00:36 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2013-08-05 13:00:36 ----A---- C:\Windows\SYSWOW64\netevent.dll
2013-08-05 13:00:36 ----A---- C:\Windows\SYSWOW64\netcorehc.dll
2013-08-05 13:00:36 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2013-08-05 13:00:36 ----A---- C:\Windows\system32\nlasvc.dll
2013-08-05 13:00:36 ----A---- C:\Windows\system32\nlaapi.dll
2013-08-05 13:00:36 ----A---- C:\Windows\system32\netevent.dll
2013-08-05 13:00:36 ----A---- C:\Windows\system32\netcorehc.dll
2013-08-05 13:00:36 ----A---- C:\Windows\system32\ncsi.dll
2013-08-05 13:00:36 ----A---- C:\Windows\system32\iphlpsvc.dll
2013-08-05 13:00:36 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2013-08-05 13:00:36 ----A---- C:\Windows\system32\drivers\netio.sys
2013-08-05 13:00:31 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2013-08-05 13:00:31 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2013-08-05 13:00:31 ----A---- C:\Windows\system32\dnsrslvr.dll
2013-08-05 13:00:31 ----A---- C:\Windows\system32\dnscacheugc.exe
2013-08-05 13:00:31 ----A---- C:\Windows\system32\dnsapi.dll
2013-08-05 13:00:30 ----A---- C:\Windows\system32\profsvc.dll
2013-08-05 13:00:29 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2013-08-05 13:00:16 ----A---- C:\Windows\system32\dpnet.dll
2013-08-05 13:00:15 ----A---- C:\Windows\SYSWOW64\dpnet.dll
2013-08-05 13:00:14 ----A---- C:\Windows\SYSWOW64\qedit.dll
2013-08-05 13:00:14 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-08-05 13:00:14 ----A---- C:\Windows\system32\qedit.dll
2013-08-05 13:00:14 ----A---- C:\Windows\system32\ncrypt.dll
2013-08-05 13:00:13 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2013-08-05 13:00:13 ----A---- C:\Windows\system32\wintrust.dll
2013-08-05 13:00:12 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-08-05 13:00:12 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-08-05 13:00:10 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-08-05 13:00:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-08-05 13:00:10 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-08-05 13:00:10 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-08-05 13:00:10 ----A---- C:\Windows\system32\winsrv.dll
2013-08-05 13:00:09 ----A---- C:\Windows\SYSWOW64\user.exe
2013-08-05 13:00:08 ----A---- C:\Windows\system32\OxpsConverter.exe
2013-08-05 12:59:52 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2013-08-05 12:59:52 ----A---- C:\Windows\system32\d3d10_1.dll
2013-08-05 12:59:51 ----A---- C:\Windows\system32\drivers\srvnet.sys
2013-08-05 12:59:51 ----A---- C:\Windows\system32\drivers\srv2.sys
2013-08-05 12:59:51 ----A---- C:\Windows\system32\drivers\srv.sys
2013-08-05 12:59:50 ----A---- C:\Windows\SYSWOW64\usp10.dll
2013-08-05 12:59:50 ----A---- C:\Windows\system32\usp10.dll
2013-08-05 12:59:48 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2013-08-05 12:59:48 ----A---- C:\Windows\SYSWOW64\gameux.dll
2013-08-05 12:59:48 ----A---- C:\Windows\system32\Wpc.dll
2013-08-05 12:59:48 ----A---- C:\Windows\system32\gameux.dll
2013-08-05 12:59:38 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2013-08-05 12:59:38 ----A---- C:\Windows\system32\psisdecd.dll
2013-08-05 12:59:37 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2013-08-05 12:59:24 ----A---- C:\Windows\system32\drivers\afd.sys
2013-08-05 12:59:14 ----A---- C:\Windows\system32\drivers\partmgr.sys
2013-08-05 12:59:13 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2013-08-05 12:59:13 ----A---- C:\Windows\system32\kerberos.dll
2013-08-05 12:59:11 ----A---- C:\Windows\system32\msi.dll
2013-08-05 12:59:09 ----A---- C:\Windows\SYSWOW64\msi.dll
2013-08-05 12:58:57 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-08-05 12:58:57 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-08-05 12:58:57 ----A---- C:\Windows\system32\wow64win.dll
2013-08-05 12:58:57 ----A---- C:\Windows\system32\KernelBase.dll
2013-08-05 12:58:57 ----A---- C:\Windows\system32\kernel32.dll
2013-08-05 12:58:57 ----A---- C:\Windows\system32\conhost.exe
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-05 12:58:56 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-05 12:58:56 ----A---- C:\Windows\system32\wow64cpu.dll
2013-08-05 12:58:56 ----A---- C:\Windows\system32\wow64.dll
2013-08-05 12:58:56 ----A---- C:\Windows\system32\ntvdm64.dll
2013-08-05 12:58:36 ----A---- C:\Windows\SYSWOW64\synceng.dll
2013-08-05 12:58:36 ----A---- C:\Windows\system32\synceng.dll
2013-08-05 12:58:35 ----A---- C:\Windows\system32\winresume.exe
2013-08-05 12:58:35 ----A---- C:\Windows\system32\winload.exe
2013-08-05 12:58:35 ----A---- C:\Windows\system32\kdusb.dll
2013-08-05 12:58:35 ----A---- C:\Windows\system32\kdcom.dll
2013-08-05 12:58:35 ----A---- C:\Windows\system32\kd1394.dll
2013-08-05 12:58:32 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-08-05 12:58:32 ----A---- C:\Windows\system32\win32spl.dll
2013-08-05 12:58:31 ----A---- C:\Windows\system32\win32k.sys
2013-08-05 12:58:27 ----A---- C:\Windows\system32\taskhost.exe
2013-08-05 12:58:25 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2013-08-05 12:58:25 ----A---- C:\Windows\system32\cryptdlg.dll
2013-08-05 12:58:19 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2013-08-05 12:58:19 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2013-08-05 12:58:19 ----A---- C:\Windows\SYSWOW64\devobj.dll
2013-08-05 12:58:19 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2013-08-05 12:58:19 ----A---- C:\Windows\system32\umpnpmgr.dll
2013-08-05 12:58:17 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2013-08-05 12:58:17 ----A---- C:\Windows\SYSWOW64\browcli.dll
2013-08-05 12:58:17 ----A---- C:\Windows\system32\netapi32.dll
2013-08-05 12:58:17 ----A---- C:\Windows\system32\browser.dll
2013-08-05 12:58:17 ----A---- C:\Windows\system32\browcli.dll
2013-08-05 12:58:16 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2013-08-05 12:58:16 ----A---- C:\Windows\system32\prevhost.exe
2013-08-05 12:58:15 ----A---- C:\Windows\system32\drivers\fvevol.sys
2013-08-05 12:58:14 ----A---- C:\Windows\SYSWOW64\srclient.dll
2013-08-05 12:58:14 ----A---- C:\Windows\system32\srcore.dll
2013-08-05 12:58:14 ----A---- C:\Windows\system32\FXSCOVER.exe
2013-08-05 12:58:11 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2013-08-05 12:58:11 ----A---- C:\Windows\system32\inetcomm.dll
2013-08-05 12:58:10 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2013-08-05 12:58:10 ----A---- C:\Windows\system32\msvcrt.dll
2013-08-05 12:58:08 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-08-05 12:58:08 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-08-05 12:58:08 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-08-05 12:58:08 ----A---- C:\Windows\SYSWOW64\certutil.exe
2013-08-05 12:58:08 ----A---- C:\Windows\SYSWOW64\certenc.dll
2013-08-05 12:58:08 ----A---- C:\Windows\system32\cryptsvc.dll
2013-08-05 12:58:08 ----A---- C:\Windows\system32\cryptnet.dll
2013-08-05 12:58:08 ----A---- C:\Windows\system32\crypt32.dll
2013-08-05 12:58:08 ----A---- C:\Windows\system32\certutil.exe
2013-08-05 12:58:08 ----A---- C:\Windows\system32\certenc.dll
2013-08-05 12:58:00 ----A---- C:\Windows\system32\localspl.dll
2013-08-05 12:57:55 ----A---- C:\Windows\system32\drivers\bowser.sys
2013-08-05 12:57:54 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2013-08-05 12:57:54 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2013-08-05 12:57:54 ----A---- C:\Windows\system32\oleaut32.dll
2013-08-05 12:57:54 ----A---- C:\Windows\system32\oleacc.dll
2013-08-05 12:57:53 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2013-08-05 12:57:53 ----A---- C:\Windows\system32\EncDec.dll
2013-08-05 12:57:52 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-08-05 12:57:51 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-08-05 12:57:51 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-08-05 12:57:51 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2013-08-05 12:57:51 ----A---- C:\Windows\system32\smss.exe
2013-08-05 12:57:51 ----A---- C:\Windows\system32\csrsrv.dll
2013-08-05 12:57:43 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2013-08-05 12:57:43 ----A---- C:\Windows\system32\DWrite.dll
2013-08-05 12:57:42 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2013-08-05 12:57:42 ----A---- C:\Windows\system32\cdosys.dll
2013-08-05 12:57:37 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-08-05 12:57:37 ----A---- C:\Windows\system32\ntdll.dll
2013-08-05 12:57:36 ----A---- C:\Windows\system32\spoolsv.exe
2013-08-05 12:57:36 ----A---- C:\Windows\splwow64.exe
2013-08-05 12:54:32 ----D---- C:\Program Files (x86)\Google
2013-08-05 12:54:31 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-08-05 12:54:30 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-08-05 12:54:24 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-08-05 12:54:23 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-08-05 12:54:22 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-08-05 12:54:21 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-08-05 12:54:19 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-08-05 12:54:15 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-08-05 12:54:14 ----A---- C:\Windows\system32\aswBoot.exe
2013-08-05 12:51:28 ----A---- C:\Windows\avastSS.scr
2013-08-05 12:51:12 ----D---- C:\Program Files\AVAST Software
2013-08-05 12:47:22 ----D---- C:\ProgramData\AVAST Software
2013-08-05 12:45:07 ----A---- C:\Windows\SYSWOW64\packager.dll
2013-08-05 12:45:07 ----A---- C:\Windows\system32\packager.dll
2013-08-05 12:42:13 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2013-08-05 12:42:13 ----A---- C:\Windows\system32\rdpcore.dll
2013-08-05 12:42:13 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2013-08-05 12:26:43 ----A---- C:\Windows\system32\wups2.dll
2013-08-05 12:26:43 ----A---- C:\Windows\system32\wuauclt.exe
2013-08-05 12:26:42 ----A---- C:\Windows\system32\wucltux.dll
2013-08-05 12:26:42 ----A---- C:\Windows\system32\wuaueng.dll
2013-08-05 12:26:35 ----A---- C:\Windows\system32\wups.dll
2013-08-05 12:26:35 ----A---- C:\Windows\system32\wudriver.dll
2013-08-05 12:26:35 ----A---- C:\Windows\system32\wuapi.dll
2013-08-05 12:26:14 ----A---- C:\Windows\system32\wuwebv.dll
2013-08-05 12:26:14 ----A---- C:\Windows\system32\wuapp.exe
2013-08-05 01:16:58 ----D---- C:\Windows\Panther
2013-08-05 00:29:14 ----D---- C:\Users\Home\AppData\Roaming\Identities
2013-08-05 00:29:02 ----SD---- C:\Users\Home\AppData\Roaming\Microsoft
2013-08-05 00:29:02 ----D---- C:\Users\Home\AppData\Roaming\Media Center Programs
2013-08-05 00:28:56 ----SHD---- C:\Recovery
2013-08-05 00:28:56 ----SHD---- C:\ProgramData\Šablony
2013-08-05 00:28:56 ----SHD---- C:\ProgramData\Plocha
2013-08-05 00:28:56 ----SHD---- C:\ProgramData\Oblíbené položky
2013-08-05 00:28:56 ----SHD---- C:\ProgramData\Nabídka Start
2013-08-05 00:28:56 ----SHD---- C:\ProgramData\Dokumenty
2013-08-05 00:28:56 ----SHD---- C:\ProgramData\Data aplikací
2013-08-05 00:20:25 ----D---- C:\Windows\SoftwareDistribution
2013-08-05 00:18:13 ----D---- C:\Windows\Prefetch
2013-08-05 00:17:25 ----ASH---- C:\pagefile.sys
2013-08-05 00:17:23 ----SHD---- C:\System Volume Information
2013-08-05 00:17:23 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2013-08-05 22:45:09 ----D---- C:\Windows\Temp
2013-08-05 22:45:06 ----RD---- C:\Program Files
2013-08-05 22:15:39 ----D---- C:\Windows\Microsoft.NET
2013-08-05 22:15:38 ----RSD---- C:\Windows\assembly
2013-08-05 22:11:03 ----D---- C:\Windows\system32\config
2013-08-05 22:04:53 ----D---- C:\Windows\System32
2013-08-05 22:04:53 ----D---- C:\Windows\inf
2013-08-05 22:04:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-05 15:23:34 ----D---- C:\Windows\system32\zh-TW
2013-08-05 15:23:34 ----D---- C:\Windows\system32\zh-CN
2013-08-05 15:23:34 ----D---- C:\Windows\system32\tr-TR
2013-08-05 15:23:34 ----D---- C:\Windows\system32\sv-SE
2013-08-05 15:23:34 ----D---- C:\Windows\system32\ru-RU
2013-08-05 15:23:34 ----D---- C:\Windows\system32\pt-PT
2013-08-05 15:23:34 ----D---- C:\Windows\system32\pl-PL
2013-08-05 15:23:34 ----D---- C:\Windows\system32\nl-NL
2013-08-05 15:23:34 ----D---- C:\Windows\system32\ko-KR
2013-08-05 15:23:34 ----D---- C:\Windows\system32\ja-JP
2013-08-05 15:23:34 ----D---- C:\Windows\system32\it-IT
2013-08-05 15:23:34 ----D---- C:\Windows\system32\hu-HU
2013-08-05 15:23:34 ----D---- C:\Windows\system32\fr-FR
2013-08-05 15:23:34 ----D---- C:\Windows\system32\fi-FI
2013-08-05 15:23:34 ----D---- C:\Windows\system32\es-ES
2013-08-05 15:23:34 ----D---- C:\Windows\system32\el-GR
2013-08-05 15:23:34 ----D---- C:\Windows\system32\de-DE
2013-08-05 15:23:34 ----D---- C:\Windows\system32\da-DK
2013-08-05 15:20:12 ----D---- C:\Windows\twain_32
2013-08-05 15:14:08 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-08-05 15:14:08 ----D---- C:\Windows\system32\cs-CZ
2013-08-05 15:13:02 ----D---- C:\Program Files\Common Files
2013-08-05 15:10:51 ----D---- C:\Windows\SysWOW64
2013-08-05 15:10:45 ----D---- C:\Windows\SYSWOW64\en-US
2013-08-05 15:10:44 ----D---- C:\Windows\system32\en-US
2013-08-05 15:04:35 ----D---- C:\Windows\SYSWOW64\drivers
2013-08-05 15:04:22 ----RD---- C:\Program Files (x86)
2013-08-05 15:01:00 ----HD---- C:\ProgramData
2013-08-05 14:59:09 ----D---- C:\Windows\winsxs
2013-08-05 14:58:08 ----D---- C:\Program Files (x86)\Common Files
2013-08-05 14:53:01 ----D---- C:\Windows\system32\wdi
2013-08-05 14:51:49 ----D---- C:\Windows\system32\0409
2013-08-05 14:51:15 ----RSD---- C:\Windows\Fonts
2013-08-05 14:51:13 ----SD---- C:\ProgramData\Microsoft
2013-08-05 14:51:12 ----D---- C:\Windows
2013-08-05 14:50:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-08-05 14:49:28 ----D---- C:\Windows\ShellNew
2013-08-05 14:41:18 ----D---- C:\Windows\system32\drivers\UMDF
2013-08-05 14:28:52 ----D---- C:\Windows\system32\restore
2013-08-05 14:11:35 ----D---- C:\Windows\system32\catroot2
2013-08-05 14:11:35 ----D---- C:\Windows\system32\catroot
2013-08-05 13:58:55 ----D---- C:\Windows\system32\drivers
2013-08-05 13:58:54 ----D---- C:\Windows\ehome
2013-08-05 13:58:54 ----D---- C:\Windows\AppPatch
2013-08-05 13:58:54 ----D---- C:\Program Files\Common Files\System
2013-08-05 13:58:53 ----D---- C:\Windows\system32\wbem
2013-08-05 13:58:53 ----D---- C:\Windows\system32\drivers\cs-CZ
2013-08-05 13:58:53 ----D---- C:\Program Files (x86)\Windows Defender
2013-08-05 13:58:52 ----D---- C:\Program Files\Windows Defender
2013-08-05 13:58:52 ----D---- C:\Program Files\Internet Explorer
2013-08-05 13:58:52 ----D---- C:\Program Files (x86)\Internet Explorer
2013-08-05 13:58:50 ----D---- C:\Windows\SYSWOW64\migration
2013-08-05 13:58:49 ----D---- C:\Windows\system32\migration
2013-08-05 13:58:49 ----D---- C:\Windows\PolicyDefinitions
2013-08-05 13:58:35 ----D---- C:\Windows\system32\Boot
2013-08-05 13:58:34 ----D---- C:\Program Files\Windows Journal
2013-08-05 13:56:49 ----D---- C:\Windows\system32\DriverStore
2013-08-05 13:38:15 ----D---- C:\Windows\debug
2013-08-05 13:24:27 ----D---- C:\Windows\Logs
2013-08-05 12:54:45 ----D---- C:\Windows\Tasks
2013-08-05 12:54:45 ----D---- C:\Windows\system32\Tasks
2013-08-05 12:30:37 ----D---- C:\Windows\system32\NDF
2013-08-05 00:31:54 ----D---- C:\Windows\system32\CodeIntegrity
2013-08-05 00:29:12 ----SHD---- C:\$Recycle.Bin
2013-08-05 00:29:01 ----RD---- C:\Users
2013-08-05 00:28:56 ----D---- C:\Program Files\Windows NT
2013-08-05 00:28:02 ----D---- C:\Windows\rescache
2013-08-05 00:20:40 ----D---- C:\Windows\system32\sysprep

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 65336]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-08-05 189936]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 72016]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-08-05 1030952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-08-05 378944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 64288]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-10-13 10496000]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-10-13 326656]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-12-20 3837440]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-08-31 12306848]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-04-12 708200]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-10-03 1864328]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-09-20 543744]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-01-10 468720]
S1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-21 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-21 80384]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-10-13 204288]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-05 116648]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-08-08 325912]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2012-09-20 323072]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-08 2656536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-05 116648]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-08-05 1255736]

-----------------EOF-----------------

#79 Příspěvek od **Márty84** » 06 srp 2013 00:04

Vidim, ze log je z normalniho rezimu. Nabiha bez problemu?

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

Loutka · #80 Příspěvek od **Loutka** » 06 srp 2013 07:16

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Home [Práva správce]
Mód : Kontrola -- Datum : 08/06/2013 08:14:31
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{DE7C5A90-09E0-4AF2-98B4-F67BAFB91782} : NameServer (192.168.150.237,194.228.2.1) -> NALEZENO
[DNS] HKLM\[...]\CS001\[...]\{DE7C5A90-09E0-4AF2-98B4-F67BAFB91782} : NameServer (192.168.150.237,194.228.2.1) -> NALEZENO
[DNS] HKLM\[...]\CS002\[...]\{DE7C5A90-09E0-4AF2-98B4-F67BAFB91782} : NameServer (192.168.150.237,194.228.2.1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-60HXZT1 ATA Device +++++
--- User ---
[MBR] 1eb6a6977efc970306a19cfb9ec9e845
[BSP] d4065d26e0ae07e47fc70680adf8d2e7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_08062013_081431.txt >>

#81 Příspěvek od **Márty84** » 06 srp 2013 08:51

Márty84 píše:Vidim, ze log je z normalniho rezimu. Nabiha bez problemu?

Vypada to dobre

Predtim
User = LL1 ... OK!
User != LL2 ... KO!

Ted
User = LL1 ... OK!
User = LL2 ... OK!

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.

Jeste zkusime ten druhy program, ktery to detekoval.

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe , ulozte ho na plochu a spustte jako spravce.
Kliknete na Report
Za chvili vyskoci log s nazvem MBRScan.txt, ten mi sem zkopirujte.

Loutka · #82 Příspěvek od **Loutka** » 06 srp 2013 09:58

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT           : Normal Boot
DATE           : 2013/08/06 (ISO 8601) at 10:58:31
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD6400BPVT-60HXZT1 (01.01A01)
BUS_TYPE       : (0x0B)  S-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	596.2 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : 1EB6A6977EFC970306A19CFB9EC9E845
MBR_SHA1  : CBEB1F5C25D481014EB97988F764C9F944891325

Device\Harddisk0\Partition1	100.0 Mo  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	596.1 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x02FF4000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B9C000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C7A000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CDD000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00D3B000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E7E000
SIZE    : 776.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F40000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F50000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FA7000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00FB0000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00FBA000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FED000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00E15000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00E1E000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00E2A000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00E3F000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x00E59000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x010F4000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x0111E000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x01129000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01139000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01144000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01190000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0125C000
SIZE    : 1.63 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0105E000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x0121B000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x0122C000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01459000
SIZE    : 968.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x0154B000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x015AB000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 2.00 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x011A4000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01449000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01846000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01880000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01892000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hpdskflt.sys => Invisible on the disk
ADDRESS : 0x0189B000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x018A5000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x018DF000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x018F5000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswVmm.sys => Invisible on the disk
ADDRESS : 0x01925000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswRvrt.sys => Invisible on the disk
ADDRESS : 0x01955000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x019A0000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswSnx.SYS => Invisible on the disk
ADDRESS : 0x03E95000
SIZE    : 1024.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x03F95000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x03F9E000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x03FA5000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x03FB3000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x03FD8000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x03FE8000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x03FF1000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x03E00000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x03E09000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x03E14000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x03E25000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x03E47000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswTdi.SYS => Invisible on the disk
ADDRESS : 0x03E54000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x0405F000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswrdr2.sys => Invisible on the disk
ADDRESS : 0x040E8000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x040FC000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x04141000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x0414A000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x04170000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x04186000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x04195000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x041B0000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x04000000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x04051000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x041C4000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x041CF000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x041DE000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x03E66000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswSP.SYS => Invisible on the disk
ADDRESS : 0x04269000
SIZE    : 392.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x042CB000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x042F1000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the disk
ADDRESS : 0x04307000
SIZE    : 340.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atikmdag.sys => Invisible on the disk
ADDRESS : 0x04809000
SIZE    : 10.33 Mo

DRIVER  : C:\Windows\system32\DRIVERS\igdpmd64.sys => Invisible on the disk
ADDRESS : 0x05635000
SIZE    : 11.74 Mo

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x0525E000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x05352000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x05600000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x05611000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x05398000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x0435C000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\sdbus.sys => Invisible on the disk
ADDRESS : 0x04380000
SIZE    : 128.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\athrx.sys => Invisible on the disk
ADDRESS : 0x0640F000
SIZE    : 3.82 Mo

DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x067E0000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x0686A000
SIZE    : 700.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x06919000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x06937000
SIZE    : 480.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x069AF000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x069B1000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x069C0000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Accelerometer.sys => Invisible on the disk
ADDRESS : 0x069CF000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x069DC000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x069E1000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x069EA000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x06800000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x06816000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x0683A000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x043A0000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x06846000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x043CF000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x04200000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x06861000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x0421A000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x067ED000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x06A4C000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x06AA6000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\stwrt64.sys => Invisible on the disk
ADDRESS : 0x06ABB000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\portcls.sys => Invisible on the disk
ADDRESS : 0x06B44000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\drmk.sys => Invisible on the disk
ADDRESS : 0x06B81000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x06BA3000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the disk
ADDRESS : 0x076CB000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000A0000
SIZE    : 3.09 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x07727000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x07733000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x07741000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk
ADDRESS : 0x0774D000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x07758000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x0776B000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\snp2uvc.sys => Invisible on the disk
ADDRESS : 0x08A2A000
SIZE    : 1.77 Mo

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x08A18000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00480000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x0768C000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\drivers\aswMonFlt.sys => Invisible on the disk
ADDRESS : 0x07788000
SIZE    : 160.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswFsBlk.SYS => Invisible on the disk
ADDRESS : 0x08BF0000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x077B0000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00780000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x08A00000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x07600000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x07653000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x07666000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x070CD000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x07196000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x071B4000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x071CC000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x07000000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0704E000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x07EBC000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x07F62000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x07F6D000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x07F9E000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x07E00000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x08C5E000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\system32\drivers\spsys.sys => Invisible on the disk
ADDRESS : 0x08CF6000
SIZE    : 452.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x48080000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A A1 FE D8 9F 00 00 80 20   em...c{.¡þØ.... 
0x000001C0   21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF   !..ß....... ...ß
0x000001D0   14 0C 07 FE FF FF 00 28 03 00 00 50 82 4A 00 00   ...þ...(...P.J..
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

#83 Příspěvek od **Márty84** » 06 srp 2013 11:50

I tohle uz vypada v pohode.

Kde je lo z RK?

Jeste zkuste uplnou kontrolu s MBAM

Loutka · #84 Příspěvek od **Loutka** » 08 srp 2013 06:37

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.08.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Home :: HOME-PC [administrátor]

Ochrana: Povolena

7.8.2013 21:50:21
MBAM-log-2013-08-08 (07-35-03).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 334737
Uplynulý čas: 27 minut, 26 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Users\Home\Desktop\záloha martin palik\instalacky\GotClip_Setup.exe (PUP.Adware.Gotclip.ScamLotto) -> Nebyla provedena žádná instrukce.

(konec)

#85 Příspěvek od **Márty84** » 08 srp 2013 08:48

Ctete vy cele me prispevky? Nebo jen to, co se vam hodi?

Jak s nalezem nalozite je na vas, pak MBAM odinstalujte.

Log z RK nemam, jestli pc startuje bez potizi jsem se taky nedozvedel, takze asi je to v poradku a muzem to uzavrit, je to tak?

Znovu pouzijte T-Cleaner a OTC a tot asi vse

Loutka · #86 Příspěvek od **Loutka** » 08 srp 2013 11:55

Aha omlouvám se po přeinstalaci jede vše v pořádku nic jsem neschledal.... Takže vyčistím Notebook a ještě jednou díky...

#87 Příspěvek od **Márty84** » 09 srp 2013 00:13

No neni zac, tentokrat nas havet docela uspesne blokovala

Mejte se a treba nekdy priste, snad s necim jednoduchym

VIRY.CZ

prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence

Re: prosim o kontrolu logu jen prevence