Kontrola po zachytenej infiltrácii

[gizmof10]

Dnes som dostal cez MSN link na ktorý som po kliknutí namiesto fotiek z oslavy dostal "darček", neviem ako sa tam dostal niekto tretí kto mi to poslal, ale teraz mi skôr ide o to že aj keď to MSE zachytil, rád by som vedel či predsa len dačo neostalo. Najprv sa ma chrome opýtal či má ten súbor stiahnuť, dal som nie ale chrome sťahuje súbory už pri tom okne takže sa do cache dostalo trochu z darčeku. Mohol by mi niekto skontrolovať či niečo neostalo? PC som kontroloval Spybotom, Spyware terminatorom a MSE, našli iba nejaké cookies a podobné blbosti.
MSE vírus označilo takto:


A tu je log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Filip at 2010-04-06 19:10:21
Microsoft Windows 7 Ultimate Service Pack 3
System drive C: has 29 GB (10%) free of 305 GB
Total RAM: 2047 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:42, on 6. 4. 2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Filip\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Voipwise.com\Voipwise\voipwise.exe
C:\Users\Filip\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe
C:\Users\Filip\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\Documents\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Filip.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Google Update] "C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MoeMonitor.exe] "C:\Users\Filip\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe"
O4 - HKCU\..\Run: [KeePass Password Safe 2] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files (x86)\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Thunderbird] "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird" -turbo
O4 - HKCU\..\Run: [Rapget.RS] C:\Users\Filip\Documents\Downloads\Rapget.RS_Public_v1.0.4.0_cz\RapgetRS.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Filip\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} - https://lms.iedu.sk/mod/hacp/runtime2/r ... ording.cab
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.4014.21/TSWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50C172A2-88EE-441A-9C5D-247BA0E84C08}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{50C172A2-88EE-441A-9C5D-247BA0E84C08}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{50C172A2-88EE-441A-9C5D-247BA0E84C08}: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11158 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2400927823-3852806677-1213962376-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2400927823-3852806677-1213962376-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2400927823-3852806677-1213962376-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2400927823-3852806677-1213962376-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2009-09-03 60928]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-25 1820040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-22 135664]
"Steam"=c:\program files (x86)\steam\steam.exe [2010-04-03 1238352]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2009-10-09 25626408]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"MoeMonitor.exe"=C:\Users\Filip\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe [2010-01-12 2149184]
"KeePass Password Safe 2"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2009-09-11 1473024]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-02-03 3037696]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-03-13 319792]
"Pidgin"=C:\Program Files (x86)\Pidgin\pidgin.exe [2010-02-16 45603]
"Voipwise"=C:\Program Files (x86)\Voipwise.com\Voipwise\Voipwise.exe [2010-03-11 9084720]
"Thunderbird"=C:\Program Files (x86)\Mozilla Thunderbird\thunderbird -turbo []
"Rapget.RS"=C:\Users\Filip\Documents\Downloads\Rapget.RS_Public_v1.0.4.0_cz\RapgetRS.exe [2009-06-19 1184936]

C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Filip\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f237b7ff-faf9-11de-a98d-00e012345678}]
shell\AutoRun\command - F:\Razor1911_Installer.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-06 19:10:22 ----D---- C:\Program Files (x86)\trend micro
2010-04-06 19:10:21 ----D---- C:\rsit
2010-04-05 20:17:45 ----D---- C:\ProgramData\TrackMania
2010-04-03 21:48:06 ----D---- C:\Users\Filip\AppData\Roaming\Braid
2010-04-02 18:44:44 ----D---- C:\ProgramData\Sun
2010-04-02 18:44:43 ----D---- C:\Program Files (x86)\Common Files\Java
2010-04-02 18:44:20 ----A---- C:\Windows\system32\javaws.exe
2010-04-02 18:44:19 ----A---- C:\Windows\system32\javaw.exe
2010-04-02 18:44:19 ----A---- C:\Windows\system32\java.exe
2010-04-02 15:00:35 ----D---- C:\ProgramData\vsosdk
2010-04-02 14:11:30 ----A---- C:\Users\Filip\AppData\Roaming\inst.exe
2010-04-02 14:11:20 ----A---- C:\Windows\system32\vp7vfw.dll
2010-04-02 14:11:20 ----A---- C:\Windows\system32\sipr3260.dll
2010-04-02 14:11:20 ----A---- C:\Windows\system32\drv43260.dll
2010-04-02 14:11:20 ----A---- C:\Windows\system32\drv33260.dll
2010-04-02 14:11:20 ----A---- C:\Windows\system32\drv23260.dll
2010-04-02 14:11:20 ----A---- C:\Windows\system32\cook3260.dll
2010-04-02 14:11:19 ----A---- C:\Windows\system32\wvc1dmod.dll
2010-04-01 20:43:51 ----D---- C:\ProgramData\FLEXnet
2010-04-01 20:30:57 ----D---- C:\Windows\system32\spool
2010-04-01 20:30:18 ----D---- C:\Program Files (x86)\Adobe Media Player
2010-04-01 20:28:15 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2010-04-01 09:14:21 ----D---- C:\Program Files (x86)\EMDB
2010-03-31 10:23:50 ----A---- C:\Windows\system32\rmoc3260.dll
2010-03-31 10:23:50 ----A---- C:\Windows\system32\pndx5032.dll
2010-03-31 10:23:50 ----A---- C:\Windows\system32\pndx5016.dll
2010-03-31 10:23:50 ----A---- C:\Windows\system32\pncrt.dll
2010-03-31 10:23:49 ----D---- C:\Users\Filip\AppData\Roaming\Real
2010-03-31 10:23:49 ----D---- C:\ProgramData\Real
2010-03-31 10:23:49 ----D---- C:\Program Files (x86)\Real Alternative
2010-03-30 20:39:20 ----D---- C:\ProgramData\RoboForm
2010-03-30 16:53:21 ----D---- C:\Users\Filip\AppData\Roaming\KASTNER software
2010-03-30 14:53:33 ----D---- C:\Program Files (x86)\XTB-Trader
2010-03-29 16:49:18 ----D---- C:\Users\Filip\AppData\Roaming\NVIDIA
2010-03-29 16:40:13 ----A---- C:\Windows\system32\OpenCL.dll
2010-03-29 16:40:13 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-03-29 16:40:11 ----A---- C:\Windows\system32\nvoglv32.dll
2010-03-29 16:40:11 ----A---- C:\Windows\system32\nvencodemft.dll
2010-03-29 16:40:11 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-03-29 16:40:10 ----A---- C:\Windows\system32\nvcuvid.dll
2010-03-29 16:40:10 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-03-29 16:40:08 ----A---- C:\Windows\system32\nvcuda.dll
2010-03-29 16:40:08 ----A---- C:\Windows\system32\nvcompiler.dll
2010-03-29 16:40:08 ----A---- C:\Windows\system32\nvapi.dll
2010-03-29 16:16:22 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2010-03-29 15:36:29 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-03-29 15:36:29 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-03-29 15:36:29 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-03-29 15:36:29 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-03-28 14:47:33 ----D---- C:\Users\Filip\AppData\Roaming\OpenDNS Updater
2010-03-26 16:58:56 ----D---- C:\Program Files (x86)\Microsoft Games
2010-03-26 16:58:05 ----D---- C:\ProgramData\Microsoft Games
2010-03-26 16:57:20 ----D---- C:\Users\Filip\AppData\Roaming\Microsoft Game Studios
2010-03-24 19:41:40 ----D---- C:\Users\Filip\AppData\Roaming\KDE
2010-03-23 23:01:39 ----D---- C:\Users\Filip\AppData\Roaming\VSO
2010-03-23 23:01:21 ----D---- C:\Program Files (x86)\VSO
2010-03-23 18:42:47 ----A---- C:\Program Files (x86)\README_win32_ja.txt
2010-03-23 18:42:47 ----A---- C:\Program Files (x86)\README_win32_en.txt
2010-03-23 18:42:47 ----A---- C:\Program Files (x86)\pidgin-twitter.dll
2010-03-23 15:53:47 ----D---- C:\Users\Filip\AppData\Roaming\Opera
2010-03-23 15:53:34 ----D---- C:\Program Files (x86)\Opera
2010-03-22 22:08:10 ----D---- C:\ProgramData\Last.fm
2010-03-22 22:07:34 ----D---- C:\Program Files (x86)\Last.fm
2010-03-22 21:47:00 ----D---- C:\Users\Filip\AppData\Roaming\Instantbird
2010-03-22 21:35:27 ----D---- C:\Program Files (x86)\GTK2-Runtime
2010-03-20 18:10:35 ----D---- C:\Users\Filip\AppData\Roaming\Bioshock2
2010-03-20 18:08:42 ----D---- C:\Windows\system32\xlive
2010-03-20 18:08:42 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-03-20 17:45:21 ----D---- C:\Program Files (x86)\BioShock 2
2010-03-19 13:55:54 ----D---- C:\Users\Filip\AppData\Roaming\Ubisoft
2010-03-19 13:55:54 ----D---- C:\ProgramData\Ubisoft
2010-03-17 19:40:59 ----D---- C:\Program Files (x86)\TagRename
2010-03-17 15:28:36 ----A---- C:\Windows\ODBC.INI
2010-03-17 15:28:15 ----D---- C:\Windows\system32\js
2010-03-17 15:28:15 ----D---- C:\Windows\system32\images
2010-03-17 15:28:15 ----D---- C:\Windows\system32\html
2010-03-17 15:28:15 ----D---- C:\Windows\system32\css
2010-03-17 15:28:15 ----D---- C:\Program Files (x86)\Business Objects
2010-03-17 15:24:18 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2010-03-17 15:24:02 ----D---- C:\Program Files (x86)\Microsoft Device Emulator
2010-03-17 15:23:13 ----D---- C:\Program Files (x86)\Windows Mobile 5.0 SDK R2
2010-03-17 15:22:50 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2010-03-17 15:16:52 ----D---- C:\ProgramData\PreEmptive Solutions
2010-03-17 15:14:25 ----D---- C:\Windows\symbols
2010-03-17 15:14:10 ----D---- C:\Windows\system32\1033
2010-03-17 15:12:52 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2010-03-17 15:12:52 ----D---- C:\Program Files (x86)\Microsoft SDKs
2010-03-17 15:12:52 ----D---- C:\Program Files (x86)\HTML Help Workshop
2010-03-17 15:12:52 ----D---- C:\Program Files (x86)\Common Files\Merge Modules
2010-03-17 15:12:52 ----D---- C:\Program Files (x86)\CE Remote Tools
2010-03-17 15:10:54 ----D---- C:\Program Files (x86)\Microsoft Web Designer Tools
2010-03-16 20:56:21 ----D---- C:\Users\Filip\AppData\Roaming\GameRanger
2010-03-16 17:24:55 ----D---- C:\MinGW
2010-03-16 16:45:44 ----D---- C:\Program Files (x86)\Adobe
2010-03-16 14:24:54 ----D---- C:\Users\Filip\AppData\Roaming\Nokia
2010-03-16 14:24:07 ----D---- C:\Qt
2010-03-13 17:35:21 ----D---- C:\Program Files (x86)\Codemasters
2010-03-13 17:34:08 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-03-13 12:56:29 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2010-03-12 19:57:50 ----D---- C:\Program Files (x86)\Microsoft Research
2010-03-12 16:25:59 ----D---- C:\Program Files (x86)\VirtualDJ
2010-03-11 18:22:41 ----D---- C:\Users\Filip\AppData\Roaming\Voipwise
2010-03-11 18:22:13 ----D---- C:\Program Files (x86)\Voipwise.com
2010-03-08 18:01:45 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-03-08 18:01:42 ----A---- C:\Windows\system32\PnkBstrA.exe
2010-03-08 18:01:42 ----A---- C:\Windows\system32\pbsvc_bc2.exe
2010-03-08 17:51:43 ----D---- C:\Program Files (x86)\Electronic Arts
2010-03-07 11:21:49 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

[gizmof10]

======List of files/folders modified in the last 1 months======

2010-04-06 19:11:15 ----D---- C:\Windows\Temp
2010-04-06 19:10:22 ----RD---- C:\Program Files (x86)
2010-04-06 19:05:52 ----D---- C:\Users\Filip\AppData\Roaming\.purple
2010-04-06 19:03:57 ----D---- C:\Users\Filip\AppData\Roaming\Skype
2010-04-06 15:50:50 ----D---- C:\Program Files (x86)\Spyware Terminator
2010-04-06 15:50:46 ----D---- C:\Users\Filip\AppData\Roaming\Spyware Terminator
2010-04-06 15:49:43 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-04-06 15:37:53 ----SHD---- C:\System Volume Information
2010-04-06 15:32:21 ----D---- C:\Windows
2010-04-06 15:17:50 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-04-06 11:21:08 ----D---- C:\Users\Filip\AppData\Roaming\uTorrent
2010-04-06 11:04:43 ----D---- C:\Program Files (x86)\Common Files\Steam
2010-04-06 11:03:50 ----D---- C:\ProgramData\Spyware Terminator
2010-04-06 11:03:35 ----D---- C:\Program Files (x86)\Steam
2010-04-06 11:03:11 ----D---- C:\Users\Filip\AppData\Roaming\Dropbox
2010-04-06 11:02:32 ----D---- C:\ProgramData\NVIDIA
2010-04-06 10:27:05 ----D---- C:\Users\Filip\AppData\Roaming\KeePass
2010-04-05 20:17:45 ----HD---- C:\ProgramData
2010-04-05 09:46:07 ----D---- C:\Windows\Prefetch
2010-04-05 09:45:59 ----D---- C:\Program Files (x86)\World of Warcraft
2010-04-04 20:14:40 ----D---- C:\Windows\System32
2010-04-04 20:14:40 ----D---- C:\Windows\inf
2010-04-03 22:27:51 ----D---- C:\Users\Filip\AppData\Roaming\vlc
2010-04-03 17:49:07 ----SHD---- C:\Windows\Installer
2010-04-02 19:56:38 ----SHD---- C:\Config.Msi
2010-04-02 19:12:46 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-04-02 19:12:22 ----D---- C:\Program Files (x86)\Gabest
2010-04-02 19:12:21 ----D---- C:\Windows\SysWOW64
2010-04-02 19:11:32 ----RD---- C:\Program Files
2010-04-02 19:07:52 ----D---- C:\Program Files (x86)\Elcom
2010-04-02 19:06:09 ----D---- C:\Program Files (x86)\Common Files\Common Share
2010-04-02 19:04:06 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-04-02 19:03:55 ----D---- C:\Users\Filip\AppData\Roaming\Adobe
2010-04-02 19:03:24 ----D---- C:\Program Files (x86)\Common Files
2010-04-02 19:02:40 ----D---- C:\ProgramData\Adobe
2010-04-02 18:57:39 ----D---- C:\Windows\system32\drivers
2010-04-02 18:51:56 ----D---- C:\Program Files (x86)\CCleaner
2010-04-02 18:44:06 ----D---- C:\Program Files (x86)\Java
2010-04-02 12:28:42 ----D---- C:\Users\Filip\AppData\Roaming\dvdcss
2010-04-01 20:33:39 ----RSD---- C:\Windows\Fonts
2010-04-01 10:11:12 ----SHD---- C:\$Recycle.Bin
2010-03-31 07:48:57 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2010-03-30 16:40:25 ----SD---- C:\Users\Filip\AppData\Roaming\Microsoft
2010-03-29 16:42:58 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-03-29 16:42:57 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-03-29 15:35:47 ----RSD---- C:\Windows\assembly
2010-03-29 07:32:15 ----AD---- C:\ProgramData\TEMP
2010-03-28 18:48:33 ----RD---- C:\Users
2010-03-28 14:51:08 ----D---- C:\Users\Filip\AppData\Roaming\Audacity
2010-03-28 09:52:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-03-28 09:45:24 ----D---- C:\Windows\debug
2010-03-26 16:58:16 ----SD---- C:\ProgramData\Microsoft
2010-03-23 23:08:25 ----D---- C:\Users\Filip\AppData\Roaming\MyPhoneExplorer
2010-03-23 22:09:29 ----D---- C:\Users\Filip\AppData\Roaming\Thunderbird
2010-03-23 18:26:22 ----D---- C:\Users\Filip\AppData\Roaming\gtk-2.0
2010-03-22 22:08:10 ----D---- C:\Program Files (x86)\Windows Media Player
2010-03-22 21:55:32 ----D---- C:\Program Files (x86)\Pidgin
2010-03-22 07:57:00 ----D---- C:\Windows\Microsoft.NET
2010-03-21 23:17:07 ----D---- C:\ProgramData\Microsoft Help
2010-03-20 13:12:53 ----D---- C:\Games
2010-03-19 21:33:37 ----D---- C:\Windows\winsxs
2010-03-19 21:19:57 ----D---- C:\ALFA
2010-03-17 15:26:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-17 15:25:45 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-03-17 15:25:40 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-03-17 15:24:58 ----D---- C:\Windows\registration
2010-03-17 15:22:50 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-03-17 15:14:42 ----D---- C:\Program Files (x86)\MSBuild
2010-03-16 08:51:59 ----A---- C:\Windows\system32\nvd3dum.dll
2010-03-13 17:28:03 ----D---- C:\Program Files (x86)\uTorrent
2010-03-13 13:39:20 ----D---- C:\Windows\AppPatch
2010-03-13 13:32:42 ----D---- C:\Program Files (x86)\Microsoft Works
2010-03-13 13:31:18 ----D---- C:\Program Files (x86)\Common Files\System
2010-03-13 13:31:18 ----A---- C:\Windows\win.ini
2010-03-13 13:00:24 ----D---- C:\Windows\Downloaded Program Files
2010-03-09 04:28:20 ----A---- C:\Windows\system32\deploytk.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys []
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys []
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys []
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys []
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys []
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys []
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys []
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys []
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x64.sys []
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys []
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys []
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys []
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys []
R3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys []
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys []
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BTHMODEM;Bluetooth Modem Communications Driver; C:\Windows\system32\DRIVERS\bthmodem.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 CompositeBus;Composite Bus Enumerator Driver; C:\Windows\system32\DRIVERS\CompositeBus.sys []
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys []
R3 gHidPnp;USB Device Enhanced Function Driver; C:\Windows\System32\Drivers\gHidPnp.Sys []
R3 gMouUsb;USB Mouse Device Drv; C:\Windows\system32\DRIVERS\gMouUsb.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys []
R3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\Windows\system32\DRIVERS\hidusb.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys []
R3 monitor;Microsoft Monitor Class Function Driver Service; C:\Windows\system32\DRIVERS\monitor.sys []
R3 mouhid;Mouse HID Driver; C:\Windows\system32\DRIVERS\mouhid.sys []
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys []
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys []
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys []
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys []
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys []
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys []
R3 RDPDISPM;RDPDISPM; C:\Windows\system32\DRIVERS\rdpdispm.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys []
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys []
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys []
R3 umbus;UMBus Enumerator Driver; C:\Windows\system32\DRIVERS\umbus.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbehci.sys []
R3 usbhub;Microsoft USB Standard Hub Driver; C:\Windows\system32\DRIVERS\usbhub.sys []
R3 USBSTOR;USB Mass Storage Driver; C:\Windows\system32\DRIVERS\USBSTOR.SYS []
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys []
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2010-01-11 38944]
S2 Angelnt;Angelnt; C:\Windows\System32\Drivers\ANGELNT.SYS [2010-01-18 51072]
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys []
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys []
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys []
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys []
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys []
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys []
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys []
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys []
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys []
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys []
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys []
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys []
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys []
S3 ayaw2099;ayaw2099; C:\Windows\system32\drivers\ayaw2099.sys []
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys []
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys []
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys []
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys []
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys []
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys []
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
S3 Compbatt;Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys []
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys []
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys []
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys []
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys []
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys []
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys []
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys []
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys []
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys []
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys []
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys []
S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys []
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys []
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys []
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys []
S3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys []
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys []
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys []
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys []
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys []
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys []
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys []
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys []
S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys []
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys []
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys []
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys []
S3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys []
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys []
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys []
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys []
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys []
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys []
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys []
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys []
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys []
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys []
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys []
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys []
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys []
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys []
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys []
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys []
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys []
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys []
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys []
S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys []
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys []
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys []
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys []
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys []
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys []
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys []
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys []
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys []
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys []
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys []
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys []
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys []
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys []
S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys []
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys []
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys []
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys []
S4 ws2ifsl;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\Windows\system32\drivers\ws2ifsl.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-03-25 1814920]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-12-09 17416]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NMSAccessU;NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-03-08 75064]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-02-03 488960]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 156016]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 wlcrasvc;Live Mesh Remote Desktop; C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-01-12 51024]
R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe []
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-14 428032]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe []
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-04-06 386856]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe []
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe []
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2009-07-14 696832]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 127488]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42840]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 856384]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe []
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 194048]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe []
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe []
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe []
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-07 4466688]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 116560]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

[motji]

Dobrý večer

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


Smažte cache Opery/Firefoxu bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/

- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
- zatrhněte Select All a pak klikněte na Empty Selected

pozor - přijdete o všechna hesla uložená ve FF /Opere!

- Na záložce main zaškrtněte All users temp a potvrdte Empty selected


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[gizmof10]

Od dnešného dňa sťahujem len freeware a kupujem !
Tie prvé 3 som otestoval cez virusscan.jotti.org a CPsecure/Sophos tam našli Troj.Downloader.W32.CodecPack.epq/Sus/UnkPacker. To druhé skončilo horšie, našťastie som ti nikdy nepoužil. http://virusscan.jotti.org/sk/scanresul ... 8cd87ea2da . No a tretie tiež not-a-virus.Keygen.XilisoftVideoConverter/Riskware.Keygen.XilisoftVideoConverter!IK .

Tu sú ešte ďalšie:
1. http://www.virustotal.com/analisis/826a ... 1270571398
2. http://www.virustotal.com/analisis/0a5c ... 1270578546
3. http://www.virustotal.com/analisis/c26e ... 1270429792
Tie leteli preč z pc raketovou rýchlosťou, ostatné 2 neviem.

No a log
Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org

Verzia databázy: 3961

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6. 4. 2010 22:03:30
mbam-log-2010-04-06 (22-03-30).txt

Typ kontroly: Úplná kontrola (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objektov kontrolovaných: 293089
Uplynulý čas: 1 hod, 1 min, 37 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 1
Infikované priečinky: 0
Infikované súbory: 4

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\Users\Filip\Downloads\TMPGenc.Authoring.Works.v4.0.7.32.Incl.Keyfilemaker-EMBRACE\keygen.exe (Malware.Packer.Gen) -> No action taken.
C:\Users\Filip\Downloads\VMware.Workstation.v7.0.0.203739.Incl.Keymaker-EMBRACE\keygen.exe (Trojan.Agent.CK) -> No action taken.
C:\Users\Filip\Downloads\Xilisoft.Video.Converter.Ultimate.V5.1.37.0120.AT4RE.DM999\Keygen-AT4RE.exe (Trojan.Agent.CK) -> No action taken.
C:\Program Files (x86)\pidgin-twitter.dll (Spyware.OnlineGames) -> No action taken.

[motji]

Keygeny smažte.
Otestujte prosím ještě tento
C:\Program Files (x86)\pidgin-twitter.dll a pokud tam bude nález, v mbamu smažte všechno

[gizmof10]

http://www.virustotal.com/analisis/90b0 ... 1270585246
Keygeni leteli preč okamžite, toto je čísté, takže už len ten zápis v registroch?

[motji]

Ano

[gizmof10]

Ok, vďaka. Zrejme bolo treba ten súbor spustiť a ja som ho ani nedosťahoval.

[motji]

Ale pro jistotu vyčistěte dočasné soubory CCleanerem, a pokud by se objevily problémy s počítačem, ozvěte se .
Není zač