Trojske kone v PC (nmklo.dll, NS13.tmp ...)

[Kredatus]

SPTD sa mi z tohto odkazu http://www.duplexsecure.com/download/SP ... 72-x86.exe nedari stiahnut... Mozem to preskocit, alebo mam pockat pokial bude funkcny download ?

edit: dnes mi naslo opat trojske kone...

[vyosek]

SPTD preskocte a pokracujte Deffogerem...
Ty trojske kone co to naslo jsou v pohode, jsou jen v bodech obnovy - nic aktiviho...smazneme na konci jak budeme uklizet po utilitach

[Kredatus]

Zdravim po dlhsej dobe

log MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

log GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-24 07:42:42
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\PAVELL~1\LOCALS~1\Temp\pwkiifob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

log GMER 2:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-24 13:56:24
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\PAVELL~1\LOCALS~1\Temp\pwkiifob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8D 0x8C 0xFD 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8D 0x8C 0xFD 0xA2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8D 0x8C 0xFD 0xA2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\anlpublyq@DisplayName System Task
Reg HKLM\SYSTEM\ControlSet004\Services\anlpublyq@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\anlpublyq@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\anlpublyq@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\anlpublyq@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\anlpublyq@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\anlpublyq@Description Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet004\Services\anlpublyq\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\anlpublyq\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\bcaqtdkxg@DisplayName Shell Driver
Reg HKLM\SYSTEM\ControlSet004\Services\bcaqtdkxg@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\bcaqtdkxg@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\bcaqtdkxg@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\bcaqtdkxg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\bcaqtdkxg@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\bcaqtdkxg@Description Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet004\Services\bcaqtdkxg\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\bcaqtdkxg\Parameters@ServiceDll C:\Program Files\Movie Maker\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\bhiylgwpv@DisplayName rxcse
Reg HKLM\SYSTEM\ControlSet004\Services\bhiylgwpv@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\bhiylgwpv@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\bhiylgwpv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\bhiylgwpv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\bhiylgwpv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\bhiylgwpv@Description Allows error reporting for services and applictions running in non-standard environments.
Reg HKLM\SYSTEM\ControlSet004\Services\bhiylgwpv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\bhiylgwpv\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\btbbguo@DisplayName Monitor Config
Reg HKLM\SYSTEM\ControlSet004\Services\btbbguo@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\btbbguo@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\btbbguo@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\btbbguo@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\btbbguo@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\btbbguo@Description Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet004\Services\btbbguo\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\btbbguo\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\bvflekud@DisplayName Update Driver
Reg HKLM\SYSTEM\ControlSet004\Services\bvflekud@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\bvflekud@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\bvflekud@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\bvflekud@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\bvflekud@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\bvflekud@Description Enables Windows user mode drivers.
Reg HKLM\SYSTEM\ControlSet004\Services\bvflekud\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\bvflekud\Parameters@ServiceDll C:\Program Files\Internet Explorer\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\dehjhxsq@DisplayName Helper Shell
Reg HKLM\SYSTEM\ControlSet004\Services\dehjhxsq@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\dehjhxsq@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\dehjhxsq@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\dehjhxsq@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\dehjhxsq@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\dehjhxsq@Description Provides the endpoint mapper and other miscellaneous RPC services.
Reg HKLM\SYSTEM\ControlSet004\Services\dehjhxsq\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\dehjhxsq\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\dyxudpg@DisplayName Monitor Boot
Reg HKLM\SYSTEM\ControlSet004\Services\dyxudpg@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\dyxudpg@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\dyxudpg@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\dyxudpg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\dyxudpg@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\dyxudpg@Description Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet004\Services\dyxudpg\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\dyxudpg\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\dzuylrsvo@DisplayName Task Update
Reg HKLM\SYSTEM\ControlSet004\Services\dzuylrsvo@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\dzuylrsvo@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\dzuylrsvo@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\dzuylrsvo@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\dzuylrsvo@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\dzuylrsvo@Description Provides image acquisition services for scanners and cameras.
Reg HKLM\SYSTEM\ControlSet004\Services\dzuylrsvo\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\dzuylrsvo\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\eayemk@DisplayName Driver Shell
Reg HKLM\SYSTEM\ControlSet004\Services\eayemk@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\eayemk@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\eayemk@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\eayemk@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\eayemk@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\eayemk@Description Enables Windows user mode drivers.
Reg HKLM\SYSTEM\ControlSet004\Services\eayemk\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\eayemk\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\fyjlohgow@DisplayName Microsoft Support
Reg HKLM\SYSTEM\ControlSet004\Services\fyjlohgow@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\fyjlohgow@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\fyjlohgow@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\fyjlohgow@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\fyjlohgow@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\fyjlohgow@Description Provides the interface to Apple mobile devices.
Reg HKLM\SYSTEM\ControlSet004\Services\fyjlohgow\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\fyjlohgow\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\gfozl@DisplayName System Network
Reg HKLM\SYSTEM\ControlSet004\Services\gfozl@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\gfozl@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\gfozl@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\gfozl@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\gfozl@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\gfozl@Description Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet004\Services\gfozl\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\gfozl\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\gmamyepgl@DisplayName Time Network
Reg HKLM\SYSTEM\ControlSet004\Services\gmamyepgl@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\gmamyepgl@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\gmamyepgl@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\gmamyepgl@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\gmamyepgl@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\gmamyepgl@Description Monitors system security settings and configurations.
Reg HKLM\SYSTEM\ControlSet004\Services\gmamyepgl\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\gmamyepgl\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\guxbp@DisplayName Time Manager
Reg HKLM\SYSTEM\ControlSet004\Services\guxbp@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\guxbp@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\guxbp@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\guxbp@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\guxbp@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\guxbp@Description Provides image acquisition services for scanners and cameras.
Reg HKLM\SYSTEM\ControlSet004\Services\guxbp\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\guxbp\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\hmecat@DisplayName Universal Microsoft
Reg HKLM\SYSTEM\ControlSet004\Services\hmecat@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\hmecat@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\hmecat@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\hmecat@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\hmecat@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\hmecat@Description Allows error reporting for services and applictions running in non-standard environments.
Reg HKLM\SYSTEM\ControlSet004\Services\hmecat\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\hmecat\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\ivfwo@DisplayName Center Monitor
Reg HKLM\SYSTEM\ControlSet004\Services\ivfwo@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\ivfwo@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\ivfwo@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\ivfwo@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\ivfwo@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\ivfwo@Description This service detects and monitors CUE devices on the system.
Reg HKLM\SYSTEM\ControlSet004\Services\ivfwo\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\ivfwo\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kecrr@DisplayName Driver Manager
Reg HKLM\SYSTEM\ControlSet004\Services\kecrr@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\kecrr@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\kecrr@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\kecrr@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\kecrr@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\kecrr@Description Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet004\Services\kecrr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kecrr\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\ktakx@DisplayName glurz
Reg HKLM\SYSTEM\ControlSet004\Services\ktakx@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\ktakx@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\ktakx@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\ktakx@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\ktakx@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\ktakx@Description Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet004\Services\ktakx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\ktakx\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\lhozoqx@DisplayName Helper Support
Reg HKLM\SYSTEM\ControlSet004\Services\lhozoqx@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\lhozoqx@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\lhozoqx@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\lhozoqx@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\lhozoqx@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\lhozoqx@Description Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Reg HKLM\SYSTEM\ControlSet004\Services\lhozoqx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\lhozoqx\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\mzpll@DisplayName Shell Support
Reg HKLM\SYSTEM\ControlSet004\Services\mzpll@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\mzpll@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\mzpll@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\mzpll@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\mzpll@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\mzpll@Description Provides image acquisition services for scanners and cameras.
Reg HKLM\SYSTEM\ControlSet004\Services\mzpll\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\mzpll\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\nccluok@DisplayName Monitor Time
Reg HKLM\SYSTEM\ControlSet004\Services\nccluok@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\nccluok@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\nccluok@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\nccluok@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\nccluok@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\nccluok@Description Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.
Reg HKLM\SYSTEM\ControlSet004\Services\nccluok\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\nccluok\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\nfbya@DisplayName Server Windows
Reg HKLM\SYSTEM\ControlSet004\Services\nfbya@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\nfbya@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\nfbya@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\nfbya@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\nfbya@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\nfbya@Description Provides user experience theme management.
Reg HKLM\SYSTEM\ControlSet004\Services\nfbya\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\nfbya\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\oftwyu@DisplayName Config Image
Reg HKLM\SYSTEM\ControlSet004\Services\oftwyu@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\oftwyu@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\oftwyu@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\oftwyu@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\oftwyu@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\oftwyu@Description Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Reg HKLM\SYSTEM\ControlSet004\Services\oftwyu\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\oftwyu\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\ovyhxqqyv@DisplayName fovrdf
Reg HKLM\SYSTEM\ControlSet004\Services\ovyhxqqyv@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\ovyhxqqyv@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\ovyhxqqyv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\ovyhxqqyv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\ovyhxqqyv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\ovyhxqqyv@Description Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet004\Services\ovyhxqqyv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\ovyhxqqyv\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\pycyla@DisplayName Windows Config
Reg HKLM\SYSTEM\ControlSet004\Services\pycyla@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\pycyla@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\pycyla@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\pycyla@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\pycyla@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\pycyla@Description Monitors system security settings and configurations.
Reg HKLM\SYSTEM\ControlSet004\Services\pycyla\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\pycyla\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\rbdpft@DisplayName Monitor Config
Reg HKLM\SYSTEM\ControlSet004\Services\rbdpft@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\rbdpft@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\rbdpft@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\rbdpft@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\rbdpft@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\rbdpft@Description Provides image acquisition services for scanners and cameras.
Reg HKLM\SYSTEM\ControlSet004\Services\rbdpft\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\rbdpft\Parameters@ServiceDll C:\Program Files\Internet Explorer\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8D 0x8C 0xFD 0xA2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\trarziq@DisplayName Shell Server
Reg HKLM\SYSTEM\ControlSet004\Services\trarziq@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\trarziq@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\trarziq@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\trarziq@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\trarziq@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\trarziq@Description Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet004\Services\trarziq\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\trarziq\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\vgcwuujbi@DisplayName Network Image
Reg HKLM\SYSTEM\ControlSet004\Services\vgcwuujbi@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\vgcwuujbi@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\vgcwuujbi@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\vgcwuujbi@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\vgcwuujbi@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\vgcwuujbi@Description Enables Windows user mode drivers.
Reg HKLM\SYSTEM\ControlSet004\Services\vgcwuujbi\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\vgcwuujbi\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\wazadd@DisplayName Update System
Reg HKLM\SYSTEM\ControlSet004\Services\wazadd@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\wazadd@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\wazadd@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\wazadd@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\wazadd@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\wazadd@Description Enables Windows user mode drivers.
Reg HKLM\SYSTEM\ControlSet004\Services\wazadd\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\wazadd\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\wtfgmuaij@DisplayName Task Manager
Reg HKLM\SYSTEM\ControlSet004\Services\wtfgmuaij@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\wtfgmuaij@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\wtfgmuaij@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\wtfgmuaij@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\wtfgmuaij@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\wtfgmuaij@Description Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Reg HKLM\SYSTEM\ControlSet004\Services\wtfgmuaij\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\wtfgmuaij\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\xaelr@DisplayName Config Windows
Reg HKLM\SYSTEM\ControlSet004\Services\xaelr@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\xaelr@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\xaelr@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\xaelr@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\xaelr@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\xaelr@Description Allows error reporting for services and applictions running in non-standard environments.
Reg HKLM\SYSTEM\ControlSet004\Services\xaelr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\xaelr\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\xsbwrnama@DisplayName Universal Server
Reg HKLM\SYSTEM\ControlSet004\Services\xsbwrnama@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\xsbwrnama@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\xsbwrnama@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\xsbwrnama@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\xsbwrnama@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\xsbwrnama@Description Provides image acquisition services for scanners and cameras.
Reg HKLM\SYSTEM\ControlSet004\Services\xsbwrnama\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\xsbwrnama\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\xtgjwekfi@DisplayName Microsoft Security
Reg HKLM\SYSTEM\ControlSet004\Services\xtgjwekfi@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\xtgjwekfi@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\xtgjwekfi@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\xtgjwekfi@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\xtgjwekfi@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\xtgjwekfi@Description Provides image acquisition services for scanners and cameras.
Reg HKLM\SYSTEM\ControlSet004\Services\xtgjwekfi\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\xtgjwekfi\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\yzmudlvh@DisplayName Microsoft Driver
Reg HKLM\SYSTEM\ControlSet004\Services\yzmudlvh@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\yzmudlvh@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\yzmudlvh@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\yzmudlvh@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\yzmudlvh@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\yzmudlvh@Description Allows error reporting for services and applictions running in non-standard environments.
Reg HKLM\SYSTEM\ControlSet004\Services\yzmudlvh\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\yzmudlvh\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\zedfpyuq@DisplayName Config System
Reg HKLM\SYSTEM\ControlSet004\Services\zedfpyuq@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\zedfpyuq@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\zedfpyuq@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\zedfpyuq@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\zedfpyuq@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\zedfpyuq@Description Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet004\Services\zedfpyuq\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\zedfpyuq\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\zhgsrg@DisplayName Helper Support
Reg HKLM\SYSTEM\ControlSet004\Services\zhgsrg@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\zhgsrg@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\zhgsrg@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\zhgsrg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\zhgsrg@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\zhgsrg@Description Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet004\Services\zhgsrg\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\zhgsrg\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\zkexsztj@DisplayName gtrfsenr
Reg HKLM\SYSTEM\ControlSet004\Services\zkexsztj@Type 32
Reg HKLM\SYSTEM\ControlSet004\Services\zkexsztj@Start 2
Reg HKLM\SYSTEM\ControlSet004\Services\zkexsztj@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\zkexsztj@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet004\Services\zkexsztj@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet004\Services\zkexsztj@Description Provides image acquisition services for scanners and cameras.
Reg HKLM\SYSTEM\ControlSet004\Services\zkexsztj\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\zkexsztj\Parameters@ServiceDll C:\WINDOWS\system32\dyyxn.dll
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8D 0x8C 0xFD 0xA2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8D 0x8C 0xFD 0xA2 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 0EA6FE2ED46AD9563E034412F5900D0A014E88932942A5064EEBD700D7F2437ED16CC74C6E58CE987D56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407FEBC9E127BECC74CFA9F11D93E4FB57F966FC69EB0E61591613F202719E054F72846292C40208E26436213C2579F1DA25DC39DAEA47229578E38CAB17DC90AF03576ECF290927949B102FA798A1E106A6BA23C2D795F961AA3DD3EF08FB0AA7996939EC9AD32A935F51823103EB3F33FAA6B22BDE22D7CA1E77ABC3D734EA95C11F16555C51088D2F01FB71F4E69C64B386422078A828A7AD6BB60EBBD028C269EC640BF7CE58FD1B8763C3E0D72197EE735E2B58D2786F32132925CF7CB6EA76AAEFDB6688C4F2416E0850EBB200D0BBF6A5F78FC08C9A3A8D3956D2254FC76D425446B9483E97E0607BC31146CDDE8FAF3E684DDB542DF0679FA042C62F96AF30F0C1480ED17DC3B73E1CDC1F155D387A61A8F29E56F4605612A09FC66BCA28EB0A1699D12237B1B17440FE4F055C9873A7156CBF0E837A42B61E9ED71AEFEA136A52AD5DA6B5E3F430BA3904C518ED14C381926D3565518DE2E16CEB8CE255E2D0E9601D7E44AF430AFBDCD8D5228715C0C9A8EAF7589C7647603E0172F7E2907227670BB164A3DF87F13986

---- EOF - GMER 1.0.15 ----

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• C:\WINDOWS\system32\dyyxn.dll
  C:\Program Files\Movie Maker\dyyxn.dll
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
• Kliknete na Otestovat soubor
• Vysledek analyzy sem vlozte (jako odkaz)

[Kredatus]

Dobre rano, po zadani cesty k tym dvom suborom mi VirusTotal vypiše, že subor sa nenašiel...

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Driver::
  anlpublyq
  bcaqtdkxg
  bhiylgwpv
  btbbguo
  bvflekud
  dehjhxsq
  dyxudpg
  dzuylrsvo
  eayemk
  fyjlohgow
  gfozl
  gmamyepgl
  guxbp
  hmecat
  ivfwo
  kecrr
  ktakx
  lhozoqx
  mzpll
  nccluok
  nfbya;
  oftwyu
  ovyhxqqyv
  pycyla
  rbdpft
  trarziq
  vgcwuujbi
  wazadd
  wtfgmuaij
  xaelr
  xsbwrnama
  xtgjwekfi
  yzmudlvh
  zedfpyuq
  zhgsrg
  zkexsztj

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Kredatus]

Neveim či robim niečo zle, ale opat mi po pretiahnuti vytvoreneho txt suboru na ikonku ComboFix nevyhodilo hned ziadny log, ale zacalo to opat scanovat komplet PC...

log:


ComboFix 10-08-24.0C - Pavel 26.08.2010 10:35:35.3.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.421.1033.18.1406.728 [GMT 2:00]
Running from: c:\documents and settings\Pavel Lorinc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pavel Lorinc\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANLPUBLYQ
-------\Legacy_BCAQTDKXG
-------\Legacy_BHIYLGWPV
-------\Legacy_BTBBGUO
-------\Legacy_BVFLEKUD
-------\Legacy_DEHJHXSQ
-------\Legacy_DYXUDPG
-------\Legacy_DZUYLRSVO
-------\Legacy_EAYEMK
-------\Legacy_FYJLOHGOW
-------\Legacy_GFOZL
-------\Legacy_GMAMYEPGL
-------\Legacy_GUXBP
-------\Legacy_HMECAT
-------\Legacy_IVFWO
-------\Legacy_KECRR
-------\Legacy_KTAKX
-------\Legacy_LHOZOQX
-------\Legacy_MZPLL
-------\Legacy_NCCLUOK
-------\Legacy_OFTWYU
-------\Legacy_OVYHXQQYV
-------\Legacy_PYCYLA
-------\Legacy_RBDPFT
-------\Legacy_TRARZIQ
-------\Legacy_VGCWUUJBI
-------\Legacy_WAZADD
-------\Legacy_WTFGMUAIJ
-------\Legacy_XAELR
-------\Legacy_XSBWRNAMA
-------\Legacy_XTGJWEKFI
-------\Legacy_YZMUDLVH
-------\Legacy_ZEDFPYUQ
-------\Legacy_ZHGSRG
-------\Legacy_ZKEXSZTJ
-------\Service_anlpublyq
-------\Service_bcaqtdkxg
-------\Service_bhiylgwpv
-------\Service_btbbguo
-------\Service_bvflekud
-------\Service_dehjhxsq
-------\Service_dyxudpg
-------\Service_dzuylrsvo
-------\Service_eayemk
-------\Service_fyjlohgow
-------\Service_gfozl
-------\Service_gmamyepgl
-------\Service_guxbp
-------\Service_hmecat
-------\Service_ivfwo
-------\Service_kecrr
-------\Service_ktakx
-------\Service_lhozoqx
-------\Service_mzpll
-------\Service_nccluok
-------\Service_oftwyu
-------\Service_ovyhxqqyv
-------\Service_pycyla
-------\Service_rbdpft
-------\Service_trarziq
-------\Service_vgcwuujbi
-------\Service_wazadd
-------\Service_wtfgmuaij
-------\Service_xaelr
-------\Service_xsbwrnama
-------\Service_xtgjwekfi
-------\Service_yzmudlvh
-------\Service_zedfpyuq
-------\Service_zhgsrg
-------\Service_zkexsztj


((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-18 08:31 . 2010-08-18 08:31 -------- d-----w- C:\$AVG
2010-08-18 08:30 . 2010-08-18 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-18 07:20 . 2010-08-18 07:20 -------- d-----w- c:\program files\Enigma Software Group
2010-08-18 07:20 . 2010-08-18 08:05 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-18 07:20 . 2010-08-18 07:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-16 11:12 . 2010-08-18 10:58 -------- d-----w- c:\windows\system32\scripting
2010-08-16 11:12 . 2010-08-18 10:58 -------- d-----w- c:\windows\l2schemas
2010-08-16 11:12 . 2010-08-18 11:50 -------- d-----w- c:\windows\system32\bits
2010-08-16 11:12 . 2010-08-18 10:58 -------- d-----w- c:\windows\system32\en
2010-08-16 11:07 . 2007-08-10 19:46 33656 ----a-w- c:\windows\system32\sprecovr.exe
2010-08-16 11:03 . 2010-08-18 10:49 -------- d-----w- c:\windows\EHome
2010-08-12 09:37 . 2010-08-12 09:37 -------- d-----w- c:\program files\Samsung
2010-08-12 09:37 . 2010-08-12 09:37 -------- d-----w- c:\program files\Common Files\Samsung
2010-08-09 05:22 . 2010-08-09 05:22 503808 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59ba606c-n\msvcp71.dll
2010-08-09 05:22 . 2010-08-09 05:22 499712 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59ba606c-n\jmc.dll
2010-08-09 05:22 . 2010-08-09 05:22 348160 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59ba606c-n\msvcr71.dll
2010-08-09 05:22 . 2010-08-09 05:22 61440 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-29c4746e-n\decora-sse.dll
2010-08-09 05:22 . 2010-08-09 05:22 12800 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-29c4746e-n\decora-d3d.dll
2010-07-27 09:49 . 2010-07-27 09:49 -------- d-----w- c:\program files\iPod
2010-07-27 09:42 . 2010-07-27 09:42 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 08:42 . 2008-01-04 09:02 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\Spamihilator
2010-08-26 08:19 . 2010-07-08 09:34 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\Free Download Manager
2010-08-25 11:58 . 2008-02-23 13:55 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\Skype
2010-08-25 11:58 . 2008-02-23 13:59 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\skypePM
2010-08-25 05:34 . 2009-03-11 14:32 1 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-20 09:39 . 2010-08-20 09:02 -------- d-----w- c:\program files\Mio DigiWalker
2010-08-20 09:02 . 2007-08-27 11:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 07:42 . 2007-08-28 06:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-20 06:08 . 2010-08-20 06:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-20 06:02 . 2009-04-28 11:49 -------- d-----w- c:\program files\free-downloads.net
2010-08-18 13:27 . 2008-01-07 10:14 -------- d-----w- c:\program files\Trend Micro
2010-08-18 08:30 . 2009-05-10 09:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-18 08:30 . 2009-05-10 09:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-18 08:30 . 2007-08-27 11:46 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-18 08:30 . 2009-07-29 08:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-18 08:30 . 2009-06-15 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-18 08:30 . 2009-05-10 09:37 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-18 08:30 . 2009-05-10 09:37 -------- d-----w- c:\program files\AVG
2010-08-18 07:20 . 2007-08-27 11:35 80640 ----a-w- c:\documents and settings\Pavel Lorinc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-18 06:47 . 2008-10-30 06:34 -------- d-----w- c:\program files\XTB-Trader 4
2010-08-18 06:39 . 2009-05-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-18 06:39 . 2009-05-11 12:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 13:32 . 2007-08-27 11:12 147275 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-16 13:32 . 2007-08-27 11:12 4804 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-08-12 12:37 . 2009-04-28 09:18 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\uTorrent
2010-08-12 06:06 . 2010-04-08 05:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-27 09:50 . 2008-09-26 12:54 -------- d-----w- c:\program files\iTunes
2010-07-27 09:49 . 2008-09-26 12:50 -------- d-----w- c:\program files\Common Files\Apple
2010-07-16 11:48 . 2010-07-16 11:48 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\VitySoft
2010-07-08 09:34 . 2010-07-08 09:34 -------- d-----w- c:\program files\Free Download Manager
2010-06-23 07:26 . 2008-02-15 15:03 130958 ----a-w- c:\windows\hpoins12.dat
2010-06-18 13:22 . 2010-06-18 13:22 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 14:30 . 2010-08-18 10:50 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-19_06.10.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-26 08:41 . 2010-08-26 08:41 16384 c:\windows\Temp\Perflib_Perfdata_4b4.dat
+ 2010-08-20 06:08 . 2010-04-29 13:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-08-20 06:08 . 2010-04-29 13:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2009-12-21 18:09 . 2009-12-21 18:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-21 23:57 . 2009-12-21 23:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 18:02 . 2009-12-21 18:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 21:21 . 2009-12-21 21:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll
+ 2009-12-21 21:37 . 2009-12-21 21:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 16:39 . 2009-12-21 16:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 16:27 . 2009-12-21 16:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 16:27 . 2009-12-21 16:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2009-12-11 13:57 . 2009-12-11 13:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe
+ 2009-12-21 16:35 . 2009-12-21 16:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 18:05 . 2009-12-21 18:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 16:34 . 2009-12-21 16:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 17:18 . 2009-11-09 17:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 18:02 . 2009-12-21 18:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe
+ 2009-12-21 16:43 . 2009-12-21 16:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-21 23:57 . 2009-12-21 23:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 16:15 . 2009-12-21 16:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 17:32 . 2009-12-21 17:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe
+ 2009-12-21 17:15 . 2009-12-21 17:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\19c76d.msp
+ 2010-08-20 07:42 . 2010-08-20 07:42 3940352 c:\windows\Installer\19c68d.msi
+ 2009-12-21 16:29 . 2009-12-21 16:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-27 18:34 . 2009-10-27 18:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 21:31 . 2009-12-21 21:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\19c76e.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\19c76c.msp
+ 2009-12-21 21:21 . 2009-12-21 21:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-06-30 12:23 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-28 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-01-06 1003520]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-18 2065760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-6 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-18 08:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Google Update"="c:\documents and settings\Pavel Lorinc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"VX1000"=c:\windows\vVX1000.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10.5.2009 11:37 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10.5.2009 11:37 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10.5.2009 11:37 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [18.8.2010 10:30 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18.8.2010 10:30 308136]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 1:12 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
S2 nfbya;Server Windows;c:\windows\system32\svchost.exe -k netsvcs [18.8.2010 12:50 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [18.8.2010 10:30 431432]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [13.7.2006 14:37 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [13.7.2006 14:37 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [13.7.2006 14:37 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [13.7.2006 14:38 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [13.7.2006 14:39 86368]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [7.4.2009 15:38 28672]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11.3.2009 16:14 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11.3.2009 16:14 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [7.2.2009 13:46 32377]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.12.2008 16:21 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
vdjvk
vuqjzh
.
Contents of the 'Scheduled Tasks' folder

2010-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-26 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-299502267-839522115-1004Core.job
- c:\documents and settings\Pavel Lorinc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-11 11:00]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-299502267-839522115-1004UA.job
- c:\documents and settings\Pavel Lorinc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-11 11:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 10:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="0EA6FE2ED46AD9563E034412F5900D0A014E88932942A5064EEBD700D7F2437ED16CC74C6E58CE987D56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407FEBC9E127BECC74CFA9F11D93E4FB57F966FC69EB0E61591613F202719E054F72846292C40208E26436213C2579F1DA25DC39DAEA47229578E38CAB17DC90AF03576ECF290927949B102FA798A1E106A6BA23C2D795F961AA3DD3EF08FB0AA7996939EC9AD32A935F51823103EB3F33FAA6B22BDE22D7CA1E77ABC3D734EA95C11F16555C51088D2F01FB71F4E69C64B386422078A828A7AD6BB60EBBD028C269EC640BF7CE58FD1B8763C3E0D72197EE735E2B58D2786F32132925CF7CB6EA76AAEFDB6688C4F2416E0850EBB200D0BBF6A5F78FC08C9A3A8D3956D2254FC76D425446B9483E97E0607BC31146CDDE8FAF3E684DDB542DF0679FA042C62F96AF30F0C1480ED17DC3B73E1CDC1F155D387A61A8F29E56F4605612A09FC66BCA28EB0A1699D12237B1B17440FE4F055C9873A7156CBF0E837A42B61E9ED71AEFEA136A52AD5DA6B5E3F430BA3904C518ED14C381926D3565518DE2E16CEB8CE255E2D0E9601D7E44AF430AFBDCD8D5228715C0C9A8EAF7589C7647603E0172F7E2907227670BB164A3DF87F139860F363A4CF5FA2CD4996004D89EFA8D80A75B7999C7F1166DD9AAB4E1E9DDFE093E54E5D6DFA7CA00AA1A9FBFD2784E1335DC07CA6173619B7218211817EE20B1D6DBCC36377F8B77D0D3AD2D97B971AD8B35253C32D36B569ECA1A36B6C5D6E92E246B040C4E9B75568A70D95A26492E45B61D1765A67D836562657870597D6B03244B27AA5A83BE75332148DA1F453E5C9AE61258B239603C76DB165BADA84575CD60E68B0114E2B82D688855656540C0BB89D1A8246F65D41986B76D176AC0B73613748CF0171BEC15A3C206F19052EBBC55705D2347372550FF394663DF5F2228BD9B943DC1B62ECC6B9E771D0C5470FDE12F566D07B942BFA6CF9E3857CDAA33FD4BF9D8D32FAF4E439C9B297EDF24BD18864F707F2BCFDC928460DA95134C8ACB945C37C96905F48AC19610A48754AAEA5AB9BC4AF051E2D33FCF6097711F5474F15731C96D1454236097B4790B2FA4B0A88B2F97DAB6E9C49048D84E6A9A1C48F60B9DD798E556DAD34D4747A365E408B1FF71E1A14E5D1DD2A0C060DDA5B20AA3BF8B9763C4E249F1716BAAB2D8B6BB0F3F729BAC40F4A151C07F54724401A029DE8AB3CF287074A94B947BEE92DEC3773121A05E80A49486D61C26D2906B5AC6414346A706A7AA1F091C9C061812B10E9FDF1944F8AD3051656DF4432F439F4D059559616F1A7CC543F77B32E5A4FDE8B41B6F66B57B40E717244092A"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-08-26 10:46:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-26 08:45
ComboFix.txt 2010-08-19 06:14

Pre-Run: 54 892 019 712 bytes free
Post-Run: 54 884 179 968 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 3A8033419F3FB8B0CC39E6D48851E4B6

[vyosek]

Udelal jste to spravne

Jeste jeden skript pro CF - postup je opet stejny

Kód: Vybrat vše

Driver::
vdjvk
vuqjzh

DDS::
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-299502267-839522115-1004UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-299502267-839522115-1004Core.job

[Kredatus]

ComboFix 10-08-24.0C - Pavel 26.08.2010 11:08:01.4.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.421.1033.18.1406.841 [GMT 2:00]
Running from: c:\documents and settings\Pavel Lorinc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pavel Lorinc\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-299502267-839522115-1004Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-299502267-839522115-1004UA.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-299502267-839522115-1004Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-299502267-839522115-1004UA.job

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-20 09:02 . 2010-08-20 09:39 -------- d-----w- c:\program files\Mio DigiWalker
2010-08-20 06:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 06:08 . 2010-08-20 06:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-20 06:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-18 13:27 . 2010-08-18 13:27 -------- d-----w- C:\rsit
2010-08-18 08:31 . 2010-08-18 08:31 -------- d-----w- C:\$AVG
2010-08-18 08:30 . 2010-08-18 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-18 07:20 . 2010-08-18 07:20 -------- d-----w- c:\program files\Enigma Software Group
2010-08-18 07:20 . 2010-08-18 08:05 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-18 07:20 . 2010-08-18 07:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-16 11:12 . 2010-08-18 10:58 -------- d-----w- c:\windows\system32\scripting
2010-08-16 11:12 . 2010-08-18 10:58 -------- d-----w- c:\windows\l2schemas
2010-08-16 11:12 . 2010-08-18 11:50 -------- d-----w- c:\windows\system32\bits
2010-08-16 11:12 . 2010-08-18 10:58 -------- d-----w- c:\windows\system32\en
2010-08-16 11:07 . 2007-08-10 19:46 33656 ----a-w- c:\windows\system32\sprecovr.exe
2010-08-16 11:03 . 2010-08-18 10:49 -------- d-----w- c:\windows\EHome
2010-08-12 09:37 . 2010-08-12 09:37 -------- d-----w- c:\program files\Samsung
2010-08-12 09:37 . 2010-08-12 09:37 -------- d-----w- c:\program files\Common Files\Samsung
2010-08-09 05:22 . 2010-08-09 05:22 503808 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59ba606c-n\msvcp71.dll
2010-08-09 05:22 . 2010-08-09 05:22 499712 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59ba606c-n\jmc.dll
2010-08-09 05:22 . 2010-08-09 05:22 348160 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59ba606c-n\msvcr71.dll
2010-08-09 05:22 . 2010-08-09 05:22 61440 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-29c4746e-n\decora-sse.dll
2010-08-09 05:22 . 2010-08-09 05:22 12800 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-29c4746e-n\decora-d3d.dll
2010-07-27 09:49 . 2010-07-27 09:49 -------- d-----w- c:\program files\iPod
2010-07-27 09:42 . 2010-07-27 09:42 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 09:02 . 2008-01-04 09:02 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\Spamihilator
2010-08-26 08:19 . 2010-07-08 09:34 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\Free Download Manager
2010-08-25 11:58 . 2008-02-23 13:55 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\Skype
2010-08-25 11:58 . 2008-02-23 13:59 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\skypePM
2010-08-25 05:34 . 2009-03-11 14:32 1 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-20 09:02 . 2007-08-27 11:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 07:42 . 2007-08-28 06:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-20 06:02 . 2009-04-28 11:49 -------- d-----w- c:\program files\free-downloads.net
2010-08-18 13:27 . 2008-01-07 10:14 -------- d-----w- c:\program files\Trend Micro
2010-08-18 08:30 . 2009-05-10 09:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-18 08:30 . 2009-05-10 09:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-18 08:30 . 2007-08-27 11:46 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-18 08:30 . 2009-07-29 08:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-18 08:30 . 2009-06-15 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-18 08:30 . 2009-05-10 09:37 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-18 08:30 . 2009-05-10 09:37 -------- d-----w- c:\program files\AVG
2010-08-18 07:20 . 2007-08-27 11:35 80640 ----a-w- c:\documents and settings\Pavel Lorinc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-18 06:47 . 2008-10-30 06:34 -------- d-----w- c:\program files\XTB-Trader 4
2010-08-18 06:39 . 2009-05-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-18 06:39 . 2009-05-11 12:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 13:32 . 2007-08-27 11:12 147275 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-16 13:32 . 2007-08-27 11:12 4804 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-08-12 12:37 . 2009-04-28 09:18 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\uTorrent
2010-08-12 06:06 . 2010-04-08 05:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-27 09:50 . 2008-09-26 12:54 -------- d-----w- c:\program files\iTunes
2010-07-27 09:49 . 2008-09-26 12:50 -------- d-----w- c:\program files\Common Files\Apple
2010-07-16 11:48 . 2010-07-16 11:48 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\VitySoft
2010-07-08 09:34 . 2010-07-08 09:34 -------- d-----w- c:\program files\Free Download Manager
2010-06-23 07:26 . 2008-02-15 15:03 130958 ----a-w- c:\windows\hpoins12.dat
2010-06-18 13:22 . 2010-06-18 13:22 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 14:30 . 2010-08-18 10:50 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-19_06.10.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-26 08:41 . 2010-08-26 08:41 16384 c:\windows\Temp\Perflib_Perfdata_4b4.dat
+ 2009-12-21 18:09 . 2009-12-21 18:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-21 23:57 . 2009-12-21 23:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 18:02 . 2009-12-21 18:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 21:21 . 2009-12-21 21:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll
+ 2009-12-21 21:37 . 2009-12-21 21:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 16:39 . 2009-12-21 16:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 16:27 . 2009-12-21 16:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 16:27 . 2009-12-21 16:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2009-12-11 13:57 . 2009-12-11 13:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe
+ 2009-12-21 16:35 . 2009-12-21 16:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 18:05 . 2009-12-21 18:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 16:34 . 2009-12-21 16:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 17:18 . 2009-11-09 17:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 18:02 . 2009-12-21 18:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe
+ 2009-12-21 16:43 . 2009-12-21 16:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-21 23:57 . 2009-12-21 23:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 16:15 . 2009-12-21 16:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 17:32 . 2009-12-21 17:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe
+ 2009-12-21 17:15 . 2009-12-21 17:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\19c76d.msp
+ 2010-08-20 07:42 . 2010-08-20 07:42 3940352 c:\windows\Installer\19c68d.msi
+ 2009-12-21 16:29 . 2009-12-21 16:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-27 18:34 . 2009-10-27 18:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 21:31 . 2009-12-21 21:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\19c76e.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\19c76c.msp
+ 2009-12-21 21:21 . 2009-12-21 21:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-06-30 12:23 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-28 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-01-06 1003520]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-18 2065760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-6 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-18 08:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Google Update"="c:\documents and settings\Pavel Lorinc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"VX1000"=c:\windows\vVX1000.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10.5.2009 11:37 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10.5.2009 11:37 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10.5.2009 11:37 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [18.8.2010 10:30 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18.8.2010 10:30 308136]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 1:12 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
S2 nfbya;Server Windows;c:\windows\system32\svchost.exe -k netsvcs [18.8.2010 12:50 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [18.8.2010 10:30 431432]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [13.7.2006 14:37 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [13.7.2006 14:37 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [13.7.2006 14:37 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [13.7.2006 14:38 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [13.7.2006 14:39 86368]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [7.4.2009 15:38 28672]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11.3.2009 16:14 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11.3.2009 16:14 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [7.2.2009 13:46 32377]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.12.2008 16:21 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-26 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 11:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="0EA6FE2ED46AD9563E034412F5900D0A014E88932942A5064EEBD700D7F2437ED16CC74C6E58CE987D56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407FEBC9E127BECC74CFA9F11D93E4FB57F966FC69EB0E61591613F202719E054F72846292C40208E26436213C2579F1DA25DC39DAEA47229578E38CAB17DC90AF03576ECF290927949B102FA798A1E106A6BA23C2D795F961AA3DD3EF08FB0AA7996939EC9AD32A935F51823103EB3F33FAA6B22BDE22D7CA1E77ABC3D734EA95C11F16555C51088D2F01FB71F4E69C64B386422078A828A7AD6BB60EBBD028C269EC640BF7CE58FD1B8763C3E0D72197EE735E2B58D2786F32132925CF7CB6EA76AAEFDB6688C4F2416E0850EBB200D0BBF6A5F78FC08C9A3A8D3956D2254FC76D425446B9483E97E0607BC31146CDDE8FAF3E684DDB542DF0679FA042C62F96AF30F0C1480ED17DC3B73E1CDC1F155D387A61A8F29E56F4605612A09FC66BCA28EB0A1699D12237B1B17440FE4F055C9873A7156CBF0E837A42B61E9ED71AEFEA136A52AD5DA6B5E3F430BA3904C518ED14C381926D3565518DE2E16CEB8CE255E2D0E9601D7E44AF430AFBDCD8D5228715C0C9A8EAF7589C7647603E0172F7E2907227670BB164A3DF87F139860F363A4CF5FA2CD4996004D89EFA8D80A75B7999C7F1166DD9AAB4E1E9DDFE093E54E5D6DFA7CA00AA1A9FBFD2784E1335DC07CA6173619B7218211817EE20B1D6DBCC36377F8B77D0D3AD2D97B971AD8B35253C32D36B569ECA1A36B6C5D6E92E246B040C4E9B75568A70D95A26492E45B61D1765A67D836562657870597D6B03244B27AA5A83BE75332148DA1F453E5C9AE61258B239603C76DB165BADA84575CD60E68B0114E2B82D688855656540C0BB89D1A8246F65D41986B76D176AC0B73613748CF0171BEC15A3C206F19052EBBC55705D2347372550FF394663DF5F2228BD9B943DC1B62ECC6B9E771D0C5470FDE12F566D07B942BFA6CF9E3857CDAA33FD4BF9D8D32FAF4E439C9B297EDF24BD18864F707F2BCFDC928460DA95134C8ACB945C37C96905F48AC19610A48754AAEA5AB9BC4AF051E2D33FCF6097711F5474F15731C96D1454236097B4790B2FA4B0A88B2F97DAB6E9C49048D84E6A9A1C48F60B9DD798E556DAD34D4747A365E408B1FF71E1A14E5D1DD2A0C060DDA5B20AA3BF8B9763C4E249F1716BAAB2D8B6BB0F3F729BAC40F4A151C07F54724401A029DE8AB3CF287074A94B947BEE92DEC3773121A05E80A49486D61C26D2906B5AC6414346A706A7AA1F091C9C061812B10E9FDF1944F8AD3051656DF4432F439F4D059559616F1A7CC543F77B32E5A4FDE8B41B6F66B57B40E717244092A"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-26 11:13:49
ComboFix-quarantined-files.txt 2010-08-26 09:13
ComboFix.txt 2010-08-19 06:14
ComboFix2.txt 2010-08-26 08:46

Pre-Run: 54 893 625 344 bytes free
Post-Run: 54 877 536 256 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - A59C886C6A3B0C8527E07EB6EFFA8B2D

[vyosek]

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[Kredatus]

MBAM nenašiel žiadne infikovane objekty...

[vyosek]

Jeste aplikujte tento skript pro Combofix

Kód: Vybrat vše

Driver::
nfbya

File::
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
c:\windows\Tasks\AppleSoftwareUpdate.job

Log pak sem a napiste jak se chova PC...

[Kredatus]

ComboFix 10-08-26.02 - Pavel 27.08.2010 11:41:04.5.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.421.1033.18.1406.781 [GMT 2:00]
Running from: c:\documents and settings\Pavel Lorinc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pavel Lorinc\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\AppleSoftwareUpdate.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NFBYA
-------\Service_nfbya


((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.

2010-08-20 09:02 . 2010-08-20 09:39 -------- d-----w- c:\program files\Mio DigiWalker
2010-08-20 06:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 06:08 . 2010-08-20 06:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-20 06:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-18 13:27 . 2010-08-18 13:27 -------- d-----w- C:\rsit
2010-08-18 08:31 . 2010-08-18 08:31 -------- d-----w- C:\$AVG
2010-08-18 08:30 . 2010-08-18 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-18 07:20 . 2010-08-18 07:20 -------- d-----w- c:\program files\Enigma Software Group
2010-08-18 07:20 . 2010-08-18 08:05 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-18 07:20 . 2010-08-18 07:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-16 11:12 . 2010-08-18 10:58 -------- d-----w- c:\windows\system32\scripting
2010-08-16 11:12 . 2010-08-18 10:58 -------- d-----w- c:\windows\l2schemas
2010-08-16 11:12 . 2010-08-18 11:50 -------- d-----w- c:\windows\system32\bits
2010-08-16 11:12 . 2010-08-18 10:58 -------- d-----w- c:\windows\system32\en
2010-08-16 11:07 . 2007-08-10 19:46 33656 ----a-w- c:\windows\system32\sprecovr.exe
2010-08-16 11:03 . 2010-08-18 10:49 -------- d-----w- c:\windows\EHome
2010-08-12 09:37 . 2010-08-12 09:37 -------- d-----w- c:\program files\Samsung
2010-08-12 09:37 . 2010-08-12 09:37 -------- d-----w- c:\program files\Common Files\Samsung
2010-08-09 05:22 . 2010-08-09 05:22 503808 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59ba606c-n\msvcp71.dll
2010-08-09 05:22 . 2010-08-09 05:22 499712 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59ba606c-n\jmc.dll
2010-08-09 05:22 . 2010-08-09 05:22 348160 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-59ba606c-n\msvcr71.dll
2010-08-09 05:22 . 2010-08-09 05:22 61440 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-29c4746e-n\decora-sse.dll
2010-08-09 05:22 . 2010-08-09 05:22 12800 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-29c4746e-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 09:47 . 2008-01-04 09:02 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\Spamihilator
2010-08-27 09:08 . 2009-03-11 14:32 1 ----a-w- c:\documents and settings\Pavel Lorinc\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-27 08:28 . 2010-07-08 09:34 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\Free Download Manager
2010-08-27 07:42 . 2008-02-23 13:55 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\Skype
2010-08-27 07:16 . 2008-02-23 13:59 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\skypePM
2010-08-20 09:02 . 2007-08-27 11:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 07:42 . 2007-08-28 06:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-20 06:02 . 2009-04-28 11:49 -------- d-----w- c:\program files\free-downloads.net
2010-08-18 13:27 . 2008-01-07 10:14 -------- d-----w- c:\program files\Trend Micro
2010-08-18 08:30 . 2009-05-10 09:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-18 08:30 . 2009-05-10 09:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-18 08:30 . 2007-08-27 11:46 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-18 08:30 . 2009-07-29 08:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-18 08:30 . 2009-06-15 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-18 08:30 . 2009-05-10 09:37 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-18 08:30 . 2009-05-10 09:37 -------- d-----w- c:\program files\AVG
2010-08-18 07:20 . 2007-08-27 11:35 80640 ----a-w- c:\documents and settings\Pavel Lorinc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-18 06:47 . 2008-10-30 06:34 -------- d-----w- c:\program files\XTB-Trader 4
2010-08-18 06:39 . 2009-05-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-18 06:39 . 2009-05-11 12:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 13:32 . 2007-08-27 11:12 147275 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-16 13:32 . 2007-08-27 11:12 4804 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-08-12 12:37 . 2009-04-28 09:18 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\uTorrent
2010-08-12 06:06 . 2010-04-08 05:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-27 09:50 . 2008-09-26 12:54 -------- d-----w- c:\program files\iTunes
2010-07-27 09:49 . 2010-07-27 09:49 -------- d-----w- c:\program files\iPod
2010-07-27 09:49 . 2008-09-26 12:50 -------- d-----w- c:\program files\Common Files\Apple
2010-07-27 09:42 . 2010-07-27 09:42 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-16 11:48 . 2010-07-16 11:48 -------- d-----w- c:\documents and settings\Pavel Lorinc\Application Data\VitySoft
2010-07-08 09:34 . 2010-07-08 09:34 -------- d-----w- c:\program files\Free Download Manager
2010-06-23 07:26 . 2008-02-15 15:03 130958 ----a-w- c:\windows\hpoins12.dat
2010-06-18 13:22 . 2010-06-18 13:22 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 14:30 . 2010-08-18 10:50 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-19_06.10.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-27 09:47 . 2010-08-27 09:47 16384 c:\windows\Temp\Perflib_Perfdata_500.dat
+ 2009-12-21 18:09 . 2009-12-21 18:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-21 23:57 . 2009-12-21 23:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 18:02 . 2009-12-21 18:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 21:21 . 2009-12-21 21:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll
+ 2009-12-21 21:37 . 2009-12-21 21:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 16:39 . 2009-12-21 16:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 16:27 . 2009-12-21 16:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 16:27 . 2009-12-21 16:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2009-12-11 13:57 . 2009-12-11 13:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe
+ 2009-12-21 16:35 . 2009-12-21 16:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 18:05 . 2009-12-21 18:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 16:34 . 2009-12-21 16:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 17:18 . 2009-11-09 17:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 18:02 . 2009-12-21 18:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe
+ 2009-12-21 16:43 . 2009-12-21 16:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-21 23:57 . 2009-12-21 23:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 16:15 . 2009-12-21 16:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 17:32 . 2009-12-21 17:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe
+ 2009-12-21 17:15 . 2009-12-21 17:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\19c76d.msp
+ 2010-08-20 07:42 . 2010-08-20 07:42 3940352 c:\windows\Installer\19c68d.msi
+ 2009-12-21 16:29 . 2009-12-21 16:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-27 18:34 . 2009-10-27 18:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 21:31 . 2009-12-21 21:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\19c76e.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\19c76c.msp
+ 2009-12-21 21:21 . 2009-12-21 21:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-06-30 12:23 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-28 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-01-06 1003520]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-18 2065760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-6 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-18 08:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Google Update"="c:\documents and settings\Pavel Lorinc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"VX1000"=c:\windows\vVX1000.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10.5.2009 11:37 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10.5.2009 11:37 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10.5.2009 11:37 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [18.8.2010 10:30 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18.8.2010 10:30 308136]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 1:12 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [18.8.2010 10:30 431432]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [13.7.2006 14:37 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [13.7.2006 14:37 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [13.7.2006 14:37 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [13.7.2006 14:38 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [13.7.2006 14:39 86368]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [7.4.2009 15:38 28672]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11.3.2009 16:14 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11.3.2009 16:14 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [7.2.2009 13:46 32377]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.12.2008 16:21 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-08-27 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 11:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="0EA6FE2ED46AD9563E034412F5900D0A014E88932942A5064EEBD700D7F2437ED16CC74C6E58CE987D56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407FEBC9E127BECC74CFA9F11D93E4FB57F966FC69EB0E61591613F202719E054F72846292C40208E26436213C2579F1DA25DC39DAEA47229578E38CAB17DC90AF03576ECF290927949B102FA798A1E106A6BA23C2D795F961AA3DD3EF08FB0AA7996939EC9AD32A935F51823103EB3F33FAA6B22BDE22D7CA1E77ABC3D734EA95C11F16555C51088D2F01FB71F4E69C64B386422078A828A7AD6BB60EBBD028C269EC640BF7CE58FD1B8763C3E0D72197EE735E2B58D2786F32132925CF7CB6EA76AAEFDB6688C4F2416E0850EBB200D0BBF6A5F78FC08C9A3A8D3956D2254FC76D425446B9483E97E0607BC31146CDDE8FAF3E684DDB542DF0679FA042C62F96AF30F0C1480ED17DC3B73E1CDC1F155D387A61A8F29E56F4605612A09FC66BCA28EB0A1699D12237B1B17440FE4F055C9873A7156CBF0E837A42B61E9ED71AEFEA136A52AD5DA6B5E3F430BA3904C518ED14C381926D3565518DE2E16CEB8CE255E2D0E9601D7E44AF430AFBDCD8D5228715C0C9A8EAF7589C7647603E0172F7E2907227670BB164A3DF87F139860F363A4CF5FA2CD4996004D89EFA8D80A75B7999C7F1166DD9AAB4E1E9DDFE093E54E5D6DFA7CA00AA1A9FBFD2784E1335DC07CA6173619B7218211817EE20B1D6DBCC36377F8B77D0D3AD2D97B971AD8B35253C32D36B569ECA1A36B6C5D6E92E246B040C4E9B75568A70D95A26492E45B61D1765A67D836562657870597D6B03244B27AA5A83BE75332148DA1F453E5C9AE61258B239603C76DB165BADA84575CD60E68B0114E2B82D688855656540C0BB89D1A8246F65D41986B76D176AC0B73613748CF0171BEC15A3C206F19052EBBC55705D2347372550FF394663DF5F2228BD9B943DC1B62ECC6B9E771D0C5470FDE12F566D07B942BFA6CF9E3857CDAA33FD4BF9D8D32FAF4E439C9B297EDF24BD18864F707F2BCFDC928460DA95134C8ACB945C37C96905F48AC19610A48754AAEA5AB9BC4AF051E2D33FCF6097711F5474F15731C96D1454236097B4790B2FA4B0A88B2F97DAB6E9C49048D84E6A9A1C48F60B9DD798E556DAD34D4747A365E408B1FF71E1A14E5D1DD2A0C060DDA5B20AA3BF8B9763C4E249F1716BAAB2D8B6BB0F3F729BAC40F4A151C07F54724401A029DE8AB3CF287074A94B947BEE92DEC3773121A05E80A49486D61C26D2906B5AC6414346A706A7AA1F091C9C061812B10E9FDF1944F8AD3051656DF4432F439F4D059559616F1A7CC543F77B32E5A4FDE8B41B6F66B57B40E717244092A"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3724)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-08-27 11:51:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-27 09:51
ComboFix.txt 2010-08-19 06:14
ComboFix2.txt 2010-08-26 09:13
ComboFix3.txt 2010-08-26 08:46

Pre-Run: 56 073 486 336 bytes free
Post-Run: 56 063 901 696 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 110BC1C45F6DA3C4BDD4101FF9E09D74

po aplikacii nevidim ziadny rozdiel... Aj ked neviem ci to je len moj subjektivny pocit, ale niekedy mam pocit ako keby na pozadi bezal nejaky proces, ktory spomaluje cele PC (niekedy ide PC ako hodinky a niekedy cely system laguje ako keby na pozadi nieco bezalo - pomale/prehliadanie internetu/celkova praca s PC atd... Nevidite nejake zbytocne beziace procesy, ktory by sa mohli povypinat ?

[vyosek]

Takze uklidime po utilitach, procistime a uvidime co pujde vypnout

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Doporucuji provest defragmentaci disku

• Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
  • Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
  • Vyskoci na Vas okenko, do ktereho zkopirujte text nize

  • Kód: Vybrat vše

    dfrg.msc

  • Kliknete na OK
• Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
  • Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
  • Kliknete na Analyzovat
  • Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
  • Postup provedte se vsemi disky
• Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
  • Vyhodou programku je, ze se neinstaluje
  • Staci tedy jen stahnout dle verze vaseho OS a rozbalit
  • Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
  • Probehne analyza disku a nasledne i defragmentace

Vlozte novy log ze RSITu

[Kredatus]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Pavel at 2010-08-27 18:02:37
Systém Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 60 GB (79%) free of 76 GB
Total RAM: 1406 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:02:51, on 27.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Pavel Lorinc\Desktop\RSIT.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\trend micro\Pavel Lorinc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6623758656
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.65.142.237/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 9009 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Automatic troubleshooting.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-08-18 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-28 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-06-30 2102600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-26 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-11 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-26 2403392]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-06-30 2102600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-28 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Spamihilator"=C:\Program Files\Spamihilator\spamihilator.exe [2008-01-06 1003520]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-08-18 2065760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-09-09 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-08-18 12536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Spamihilator\dccproc.exe"="C:\Program Files\Spamihilator\dccproc.exe:*:Enabled:dccproc"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-27 18:02:37 ----D---- C:\rsit
2010-08-27 17:01:31 ----D---- C:\Program Files\Defraggler
2010-08-27 16:55:36 ----D---- C:\Program Files\CCleaner
2010-08-27 11:57:42 ----SHD---- C:\RECYCLER
2010-08-20 11:02:40 ----D---- C:\Program Files\Mio DigiWalker
2010-08-20 08:08:20 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-20 08:08:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-20 08:08:19 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-20 07:57:36 ----RASHD---- C:\cmdcons
2010-08-19 07:58:24 ----A---- C:\Boot.bak
2010-08-18 14:37:25 ----D---- C:\WINDOWS\Prefetch
2010-08-18 12:50:39 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2010-08-18 12:50:39 ----A---- C:\WINDOWS\system32\wmpasf.dll
2010-08-18 12:50:39 ----A---- C:\WINDOWS\system32\wmp.dll
2010-08-18 12:50:39 ----A---- C:\WINDOWS\system32\wmerror.dll
2010-08-18 12:50:39 ----A---- C:\WINDOWS\system32\msxml6r.dll
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\ir50_32.dll
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\hccoin.dll
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\fsquirt.exe
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\bthserv.dll
2010-08-18 12:50:38 ----A---- C:\WINDOWS\system32\bthci.dll
2010-08-18 12:50:37 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2010-08-18 12:50:37 ----A---- C:\WINDOWS\system32\xmllite.dll
2010-08-18 12:50:37 ----A---- C:\WINDOWS\system32\wshbth.dll
2010-08-18 12:50:37 ----A---- C:\WINDOWS\system32\wmphoto.dll
2010-08-18 12:50:37 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2010-08-18 12:50:37 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2010-08-18 12:50:37 ----A---- C:\WINDOWS\system32\verclsid.exe
2010-08-18 12:50:37 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2010-08-18 12:50:37 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2010-08-18 12:50:36 ----A---- C:\WINDOWS\system32\drivers\usbehci.sys
2010-08-18 12:50:36 ----A---- C:\WINDOWS\system32\drivers\tunmp.sys
2010-08-18 12:50:36 ----A---- C:\WINDOWS\system32\drivers\sffp_sd.sys
2010-08-18 12:50:36 ----A---- C:\WINDOWS\system32\drivers\sffdisk.sys
2010-08-18 12:50:36 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2010-08-18 12:50:36 ----A---- C:\WINDOWS\system32\drivers\mssmbios.sys
2010-08-18 12:50:36 ----A---- C:\WINDOWS\system32\drivers\intelppm.sys
2010-08-18 12:50:36 ----A---- C:\WINDOWS\system32\drivers\hdaudbus.sys
2010-08-18 12:50:36 ----A---- C:\WINDOWS\system32\drivers\amdk7.sys
2010-08-18 12:50:34 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2010-08-18 12:50:34 ----A---- C:\WINDOWS\system32\pidgen.dll
2010-08-18 12:50:34 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2010-08-18 12:50:34 ----A---- C:\WINDOWS\system32\logman.exe
2010-08-18 12:50:34 ----A---- C:\WINDOWS\system32\kbdukx.dll
2010-08-18 12:50:34 ----A---- C:\WINDOWS\system32\encdec.dll
2010-08-18 12:50:34 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2010-08-18 12:50:34 ----A---- C:\WINDOWS\system32\drivers\usb8023x.sys
2010-08-18 12:50:34 ----A---- C:\WINDOWS\system32\drivers\rndismpx.sys
2010-08-18 12:50:34 ----A---- C:\WINDOWS\system32\dpcdll.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\wscntfy.exe
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\w3ssl.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\smbinst.exe
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\sbeio.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\sbe.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\p2psvc.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\msftedit.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\msdadiag.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\iuengine.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\httpapi.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\fwcfg.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\dsprpres.dll
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\drivers\ip6fw.sys
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\drivers\http.sys
2010-08-18 12:50:33 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\xmlprov.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\wscsvc.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\winshfhc.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\winhttp.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\winbrand.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\twext.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\spnpinst.exe
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\proxycfg.exe
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\powercfg.exe
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\mssap.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\fltmc.exe
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\drivers\fltmgr.sys
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\d3d9.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\btpanui.dll
2010-08-18 12:50:32 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\xpob2res.dll
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\strmfilt.dll
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\p2p.dll
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\kbdno1.dll
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\kbdinben.dll
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\encapi.dll
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\blastcln.exe
2010-08-18 12:50:31 ----A---- C:\WINDOWS\system32\auditusr.exe
2010-08-18 12:50:22 ----A---- C:\WINDOWS\winhlp32.exe
2010-08-18 12:50:22 ----A---- C:\WINDOWS\twain_32.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\atmlib.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\atmadm.exe
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\at.exe
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\asycfilt.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\asferror.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\apphelp.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\amstream.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\alrsvc.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\alg.exe
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\ahui.exe
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\adsnt.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\adsmsext.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\adsldpc.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\adsldp.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\actxprxy.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\actmovie.exe
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\activeds.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\aclui.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-08-18 12:50:22 ----A---- C:\WINDOWS\system32\6to4svc.dll
2010-08-18 12:50:22 ----A---- C:\WINDOWS\regedit.exe
2010-08-18 12:50:22 ----A---- C:\WINDOWS\hh.exe
2010-08-18 12:50:22 ----A---- C:\WINDOWS\explorer.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cryptnet.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cryptext.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cryptdll.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\crypt32.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\credui.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\conime.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\confmsp.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\comuid.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\comres.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\compstui.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\compatui.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\colbact.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cmutil.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cmstp.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cmmon32.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cmdl32.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cmdial32.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\clusapi.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\clipsrv.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cliconfg.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cliconfg.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cisvc.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\ciodm.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cic.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\certmgr.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\certcli.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cdosys.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cdfview.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\capesnpn.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\camocx.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cabview.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\cabinet.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\browsewm.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\browseui.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\browser.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\browselc.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\bidispl.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\batt.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\batmeter.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\basesrv.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\avifil32.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\autolfn.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\autofmt.exe
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\authz.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\audiosrv.dll
2010-08-18 12:50:21 ----A---- C:\WINDOWS\system32\attrib.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\faultrep.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\exts.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\extrac32.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\expsrv.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\eventlog.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\eudcedit.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\esent.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\es.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\ersvc.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\els.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dxmasf.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dxdiag.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dx8vb.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dx7vb.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dwwin.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\duser.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dumprep.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dswave.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dsuiext.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dssenh.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dssec.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dsquery.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dsprop.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dsound3d.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dsound.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dskquoui.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dskquota.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dsdmo.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\ds32gt.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\drprov.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpvvox.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpvoice.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpvacm.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpnet.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dplayx.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\docprop2.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dnsapi.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmutil.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmusic.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmsynth.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmstyle.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmserver.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmscript.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmremote.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmloader.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmime.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmcompos.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmband.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dmadmin.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dllhost.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dispex.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\diskpart.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\diskcopy.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dinput8.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dinput.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\digest.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\diantz.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dgnet.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dfrgui.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\devmgr.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\devenum.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\defrag.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\ddrawex.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\ddraw.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\ddeshare.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dciman32.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dbghelp.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\davclnt.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\datime.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\dataclen.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\danim.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\d3dim700.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\d3d8.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\ctfmon.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\csrss.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\cscui.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\cscript.exe
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\cscdll.dll
2010-08-18 12:50:20 ----A---- C:\WINDOWS\system32\cryptui.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\imeshare.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\imapi.exe
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\ils.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\ifmon.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\iexpress.exe
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\idq.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\icmp.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\icm32.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\iccvid.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\iasrad.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\htui.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\hotplug.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\hlink.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\hid.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\hhsetup.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\help.exe
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\h323msp.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\grpconv.exe
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\glu32.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\gdi32.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\framebuf.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\forcedos.exe
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\fontview.exe
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\fontsub.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\fontext.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\findstr.exe
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\filemgmt.dll
2010-08-18 12:50:19 ----A---- C:\WINDOWS\system32\feclient.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\moricons.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\more.com
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\modemui.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mobsync.exe
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mobsync.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mmcshext.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mmcbase.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mmc.exe
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mlang.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mimefilt.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\miglibnt.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\midimap.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mfc42.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mfc40u.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mf3216.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mdminst.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mciwave.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mciseq.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mciavi32.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\mcastmib.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\makecab.exe
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\magnify.exe
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\lsass.exe
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\lprhelp.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\lpk.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\logonui.exe
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\localui.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\localsec.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\loadperf.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\lmrt.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\linkinfo.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\licdll.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\keymgr.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\kerberos.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\kd1394.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\kbdnec.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\kbd106.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\jgpl400.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\jgdw400.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ixsso.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\itss.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\itircl.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\isign32.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ipxwan.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ipxroute.exe
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ipv6.exe
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ippromon.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ipmontr.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\ipconfig.exe
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\input.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\initpki.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\inetres.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\inetppui.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\inetpp.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\inetmib1.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-08-18 12:50:18 ----A---- C:\WINDOWS\system32\imm32.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mstask.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msrle32.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msprivs.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mspatcha.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msorcl32.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msorc32r.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msnsspc.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mslbui.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msjint40.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msisip.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msimtf.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msimsg.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msimg32.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msihnd.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msiexec.exe
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msieftp.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msidle.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msident.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msi.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msgina.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msdmo.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msdart.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msctfp.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msctf.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msconf.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mscms.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msasn1.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msapsspc.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msafd.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\msacm32.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mprdim.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mprapi.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mpr.dll
2010-08-18 12:50:17 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\nddeapi.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\narrator.exe
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\mydocs.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\mtxclu.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msyuv.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msxml2.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msxml.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\mswsock.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msw3prt.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msvidctl.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msvfw32.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msvcrt.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msvcp60.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msvcirt.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\msutb.dll
2010-08-18 12:50:16 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\powrprof.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\polstore.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\pjlmon.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\ping.exe
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\pid.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\photowiz.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\perfproc.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\perfos.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\perfnet.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\perfmon.exe
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\perfdisk.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\pdh.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\pautoenr.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\packager.exe
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\osuninst.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\osk.exe
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\opengl32.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\olepro32.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\oleprn.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\oledlg.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\olecli32.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\ole32.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\offfilt.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\odtext32.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\odpdx32.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\odfox32.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\odexl32.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\oddbse32.dll
2010-08-18 12:50:15 ----A---- C:\WINDOWS\system32\odbctrac.dll