Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

rootkit Alureon-C

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
pete2006
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 03 čer 2011 10:46

Re: rootkit Alureon-C

#31 Příspěvek od pete2006 »

OTL logfile created on: 2011-06-05 22:43:08 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\tomáš\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: yyyy-MM-dd

1013.68 Mb Total Physical Memory | 424.70 Mb Available Physical Memory | 41.90% Memory free
2.24 Gb Paging File | 1.42 Gb Available in Paging File | 63.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 36.16 Gb Total Space | 9.47 Gb Free Space | 26.17% Space Free | Partition Type: NTFS
Drive D: | 28.35 Gb Total Space | 24.87 Gb Free Space | 87.73% Space Free | Partition Type: NTFS

Computer Name: TOMÁŠ-PC | User Name: tomáš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-03 21:48:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\tomáš\Desktop\OTL.exe
PRC - [2011-05-20 04:05:24 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011-05-10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2011-06-03 21:48:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\tomáš\Desktop\OTL.exe
MOD - [2011-05-10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008-04-05 19:12:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-10-13 16:20:43 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-06-12 13:15:10 | 000,051,040 | ---- | M] (IPWireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipw3gnet.sys -- (IpwP)
DRV - [2007-01-31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007-01-18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AvgArCln.sys -- (AvgArCln)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-145100264-1461140624-168581430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-145100264-1461140624-168581430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-145100264-1461140624-168581430-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-145100264-1461140624-168581430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-27 16:45:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011-04-02 09:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-04-02 09:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011-04-02 09:31:44 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) --
File not found (No name found) -- C:\USERS\TOMáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7C5WK9SC.DEFAULT\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
[2010-11-09 19:20:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-05-27 16:45:15 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-01-01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\heureka-cz.xml
[2010-01-01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010-01-01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010-01-01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010-01-01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

Hosts file not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-145100264-1461140624-168581430-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKU\.DEFAULT..\Run: [Windows Explorer] C:\Windows\System32\config\systemprofile\AppData\Roaming\qhyggjpb.dll ()
O4 - HKU\S-1-5-18..\Run: [Windows Explorer] C:\Windows\System32\config\systemprofile\AppData\Roaming\qhyggjpb.dll ()
O4 - Startup: C:\Users\All Users\98607737 [2010-02-04 15:03:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2011-01-20 16:46:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Alwil Software [2010-05-13 16:23:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ChessBase [2010-07-08 17:16:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Data aplikací [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Desktop [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumenty [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\f-secure [2009-11-30 12:44:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\fssg [2009-11-29 23:46:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Google [2010-12-21 20:16:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Kaspersky Lab [2011-06-05 08:10:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Kaspersky Lab Setup Files [2010-05-13 16:19:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2010-05-12 12:08:16 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2011-06-05 10:09:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nabídka Start [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Norton [2009-11-30 14:45:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2009-12-01 20:32:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Oblíbené položky [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Plocha [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Templates [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\VistaCodecs [2009-10-13 11:40:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2011-03-29 22:45:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Šablony [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2006-11-02 13:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Data aplikací [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009-10-10 16:20:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Dokumenty [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Downloads [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Nabídka Start [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Okolní síť [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Okolní tiskárny [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Pictures [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006-11-02 12:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Soubory cookie [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Šablony [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\install\avgarkt-setup-1.1.0.42 [2011-06-03 10:21:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\install\avgarkt-setup-1.1.0.42.zip ()
O4 - Startup: C:\Users\install\ccsetup307.exe (Piriform Ltd)
O4 - Startup: C:\Users\install\ComboFix-.exe (Swearware)
O4 - Startup: C:\Users\install\ComboFix.exe ()
O4 - Startup: C:\Users\install\ComboFix_.exe ()
O4 - Startup: C:\Users\install\dopis_viry.txt ()
O4 - Startup: C:\Users\install\Extras.Txt ()
O4 - Startup: C:\Users\install\gmer [2011-06-04 23:37:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\install\gmer.zip ()
O4 - Startup: C:\Users\install\jre-6u16-windows-i586.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Users\install\Log z AVPTool.txt ()
O4 - Startup: C:\Users\install\Log z AVPTool.xls ()
O4 - Startup: C:\Users\install\mbam-setup.exe (Malwarebytes Corporation )
O4 - Startup: C:\Users\install\mbr.exe ()
O4 - Startup: C:\Users\install\mbr.log ()
O4 - Startup: C:\Users\install\McafeeRootkitDetective [2011-06-04 20:38:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\install\McafeeRootkitDetective.zip ()
O4 - Startup: C:\Users\install\Návod k použití ComboFixu.mht ()
O4 - Startup: C:\Users\install\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Users\install\OTL.Txt ()
O4 - Startup: C:\Users\install\rkill.exe ()
O4 - Startup: C:\Users\install\RSIT.exe ()
O4 - Startup: C:\Users\install\ruzne_antivir_util.txt ()
O4 - Startup: C:\Users\install\setup_av_free.exe ()
O4 - Startup: C:\Users\install\setup_kaspersky_9.0.0.722_04.06.2011_08-49.exe ( )
O4 - Startup: C:\Users\install\tdsskiller.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\install\TFC.exe (OldTimer Tools)
O4 - Startup: C:\Users\install\virus_removal_tool_kaspersky - AV - AVPTool.mht ()
O4 - Startup: C:\Users\Public\Desktop [2011-06-03 10:21:31 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010-02-04 15:39:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2010-02-04 15:39:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006-11-02 12:23:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2010-02-04 15:39:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2010-02-04 15:39:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2006-11-02 14:35:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Videos [2010-02-04 15:39:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\AppData [2009-10-10 16:24:27 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\tomáš\Contacts [2011-05-04 09:42:51 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Data aplikací [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Desktop [2011-06-05 22:44:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Documents [2011-06-05 13:17:52 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Dokumenty [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Downloads [2011-06-05 21:50:26 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Favorites [2009-10-10 16:24:10 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Links [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Local Settings [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Music [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Nabídka Start [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\ntuser.dat ()
O4 - Startup: C:\Users\tomáš\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\tomáš\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\tomáš\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf ()
O4 - Startup: C:\Users\tomáš\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{3a330cfc-5daf-11df-9f24-000000000000}.TM.blf ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{3a330cfc-5daf-11df-9f24-000000000000}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{3a330cfc-5daf-11df-9f24-000000000000}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{73907d79-d5c5-11de-89ad-000000000000}.TM.blf ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{73907d79-d5c5-11de-89ad-000000000000}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{73907d79-d5c5-11de-89ad-000000000000}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{e9ed7a62-1192-11df-b7e2-000000000000}.TM.blf ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{e9ed7a62-1192-11df-b7e2-000000000000}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{e9ed7a62-1192-11df-b7e2-000000000000}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.ini ()
O4 - Startup: C:\Users\tomáš\Okolní síť [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Okolní tiskárny [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Pictures [2011-06-03 16:29:11 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Recent [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Saved Games [2010-03-01 18:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\tomáš\Searches [2010-06-08 13:21:41 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\SendTo [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Soubory cookie [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Videos [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Šablony [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-145100264-1461140624-168581430-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-145100264-1461140624-168581430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.102.0.252 10.102.0.253
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tomáš\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\tomáš\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O29 - HKLM SecurityProviders - (mfhyyybu.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-06-05 18:56:11 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011-06-05 18:56:11 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011-06-05 18:56:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-06-05 18:56:10 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011-06-05 18:56:10 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-06-05 18:56:10 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-06-05 18:56:10 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011-06-05 18:56:10 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011-06-05 18:56:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-06-05 18:56:10 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011-06-05 18:56:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011-06-05 18:56:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011-06-05 18:56:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011-06-05 18:56:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011-06-05 18:56:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011-06-05 18:56:09 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-06-05 18:56:09 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011-06-05 18:56:09 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011-06-05 18:56:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-06-05 18:56:09 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011-06-05 18:56:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011-06-05 18:56:09 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011-06-05 18:56:09 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011-06-05 18:56:09 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011-06-05 18:56:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011-06-05 18:56:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-06-05 18:56:08 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-06-05 18:56:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-06-05 18:56:08 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011-06-05 18:56:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011-06-05 18:56:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011-06-05 18:56:08 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011-06-05 18:56:08 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-06-05 18:56:08 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011-06-05 18:56:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011-06-05 18:56:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011-06-05 18:56:08 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011-06-05 18:56:08 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011-06-05 18:56:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011-06-05 18:55:04 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011-06-05 18:55:04 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011-06-05 18:55:04 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011-06-05 18:55:04 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011-06-05 18:55:04 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011-06-05 18:55:04 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011-06-05 18:55:04 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011-06-05 18:55:00 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011-06-05 18:55:00 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011-06-05 18:55:00 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011-06-05 18:55:00 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011-06-05 18:55:00 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011-06-05 18:55:00 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011-06-05 18:55:00 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011-06-05 18:55:00 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011-06-05 18:54:59 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011-06-05 18:54:59 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011-06-05 18:54:59 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011-06-05 18:54:59 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011-06-05 18:54:59 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011-06-05 18:54:59 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011-06-05 18:54:59 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011-06-05 18:54:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011-06-05 18:54:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011-06-05 18:52:48 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011-06-05 18:52:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011-06-05 18:52:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011-06-05 18:52:47 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011-06-05 18:52:47 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011-06-05 18:52:47 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011-06-05 12:36:00 | 000,000,000 | --SD | C] -- C:\žižala9662ž
[2011-06-05 12:36:00 | 000,000,000 | --SD | C] -- \žižala9662ž
[2011-06-05 12:33:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011-06-05 12:33:09 | 000,000,000 | ---D | C] -- \ComboFix
[2011-06-05 12:33:08 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF11400.exe
[2011-06-05 12:09:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011-06-05 12:09:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011-06-05 12:09:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011-06-05 11:39:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011-06-05 11:34:11 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011-06-05 11:34:07 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2011-06-05 11:34:05 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2011-06-05 11:34:05 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2011-06-05 11:34:03 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011-06-05 11:34:01 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011-06-05 11:34:00 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2011-06-05 11:33:59 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011-06-05 11:33:58 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011-06-05 11:33:57 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2011-06-05 11:33:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011-06-05 11:33:56 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011-06-05 11:33:55 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011-06-05 11:33:54 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2011-06-05 11:33:54 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011-06-05 11:33:54 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2011-06-05 11:33:51 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011-06-05 11:33:50 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011-06-05 11:33:50 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011-06-05 11:33:49 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011-06-05 11:33:48 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2011-06-05 11:33:48 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011-06-05 11:33:47 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011-06-05 11:33:47 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011-06-05 11:33:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011-06-05 11:33:45 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011-06-05 11:33:44 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2011-06-05 11:33:44 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011-06-05 11:33:43 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011-06-05 11:33:43 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011-06-05 11:33:42 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011-06-05 11:33:42 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011-06-05 11:33:41 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2011-06-05 11:33:41 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2011-06-05 11:33:40 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011-06-05 11:33:40 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2011-06-05 11:33:40 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011-06-05 11:33:39 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011-06-05 11:33:38 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pmcsnap.dll
[2011-06-05 11:33:37 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2011-06-05 11:33:36 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011-06-05 11:33:35 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011-06-05 11:33:35 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2011-06-05 11:33:34 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011-06-05 11:33:34 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2011-06-05 11:33:34 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2011-06-05 11:33:33 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011-06-05 11:33:33 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011-06-05 11:33:33 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011-06-05 11:33:32 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011-06-05 11:33:32 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2011-06-05 11:33:32 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011-06-05 11:33:32 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2011-06-05 11:33:31 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011-06-05 11:33:31 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2011-06-05 11:33:30 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011-06-05 11:33:29 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2011-06-05 11:33:29 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011-06-05 11:33:29 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2011-06-05 11:33:29 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011-06-05 11:33:28 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011-06-05 11:33:27 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2011-06-05 11:33:27 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2011-06-05 11:33:27 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2011-06-05 11:33:27 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2011-06-05 11:33:26 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011-06-05 11:33:25 | 003,217,408 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\WinSAT.exe
[2011-06-05 11:33:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2011-06-05 11:33:25 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011-06-05 11:33:24 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011-06-05 11:33:24 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2011-06-05 11:33:24 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011-06-05 11:33:23 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2011-06-05 11:33:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2011-06-05 11:33:22 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2011-06-05 11:33:22 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2011-06-05 11:33:21 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011-06-05 11:33:21 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2011-06-05 11:33:20 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2011-06-05 11:33:20 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011-06-05 11:33:20 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2011-06-05 11:33:19 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011-06-05 11:33:19 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011-06-05 11:33:19 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011-06-05 11:33:19 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011-06-05 11:33:18 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2011-06-05 11:33:17 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011-06-05 11:33:17 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2011-06-05 11:33:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011-06-05 11:33:16 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011-06-05 11:33:16 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2011-06-05 11:33:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2011-06-05 11:33:15 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2011-06-05 11:33:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011-06-05 11:33:14 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011-06-05 11:33:14 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011-06-05 11:33:13 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2011-06-05 11:33:13 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011-06-05 11:33:13 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2011-06-05 11:33:12 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2011-06-05 11:33:12 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2011-06-05 11:33:11 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2011-06-05 11:33:11 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011-06-05 11:33:10 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011-06-05 11:33:09 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011-06-05 11:33:09 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011-06-05 11:33:08 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011-06-05 11:33:08 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2011-06-05 11:33:07 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011-06-05 11:33:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011-06-05 11:33:06 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011-06-05 11:33:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011-06-05 11:33:05 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011-06-05 11:33:04 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011-06-05 11:33:02 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011-06-05 11:33:02 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2011-06-05 11:33:02 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2011-06-05 11:33:02 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011-06-05 11:33:02 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2011-06-05 11:33:02 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011-06-05 11:33:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2011-06-05 11:33:01 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2011-06-05 11:33:01 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011-06-05 11:33:00 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011-06-05 11:33:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2011-06-05 11:33:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2011-06-05 11:33:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2011-06-05 11:33:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2011-06-05 11:33:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2011-06-05 11:32:59 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011-06-05 11:32:59 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2011-06-05 11:32:59 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011-06-05 11:32:58 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2011-06-05 11:32:58 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011-06-05 11:32:58 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011-06-05 11:32:58 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011-06-05 11:32:58 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011-06-05 11:32:58 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011-06-05 11:32:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2011-06-05 11:32:57 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011-06-05 11:32:57 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011-06-05 11:32:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011-06-05 11:32:57 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011-06-05 11:32:56 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011-06-05 11:32:56 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2011-06-05 11:32:56 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011-06-05 11:32:56 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011-06-05 11:32:56 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011-06-05 11:32:55 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011-06-05 11:32:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011-06-05 11:32:55 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2011-06-05 11:32:53 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2011-06-05 11:32:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011-06-05 11:32:52 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011-06-05 11:32:52 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2011-06-05 11:32:52 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011-06-05 11:32:52 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011-06-05 11:32:51 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2011-06-05 11:32:50 | 001,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011-06-05 11:32:49 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011-06-05 11:32:49 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011-06-05 11:32:49 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2011-06-05 11:32:49 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2011-06-05 11:32:48 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011-06-05 11:32:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2011-06-05 11:32:48 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011-06-05 11:32:48 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011-06-05 11:32:47 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011-06-05 11:32:47 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2011-06-05 11:32:47 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2011-06-05 11:32:46 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011-06-05 11:32:46 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2011-06-05 11:32:46 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011-06-05 11:32:46 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2011-06-05 11:32:46 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011-06-05 11:32:45 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2011-06-05 11:32:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011-06-05 11:32:44 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011-06-05 11:32:43 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011-06-05 11:32:43 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011-06-05 11:32:43 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2011-06-05 11:32:43 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011-06-05 11:32:43 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011-06-05 11:32:42 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011-06-05 11:32:42 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011-06-05 11:32:42 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2011-06-05 11:32:42 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011-06-05 11:32:41 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011-06-05 11:32:41 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2011-06-05 11:32:40 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011-06-05 11:32:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2011-06-05 11:32:39 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011-06-05 11:32:39 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011-06-05 11:32:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011-06-05 11:32:39 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011-06-05 11:32:39 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2011-06-05 11:32:39 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011-06-05 11:32:38 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2011-06-05 11:32:38 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011-06-05 11:32:38 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011-06-05 11:32:37 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011-06-05 11:32:37 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2011-06-05 11:32:37 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011-06-05 11:32:36 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011-06-05 11:32:36 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011-06-05 11:32:36 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011-06-05 11:32:36 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011-06-05 11:32:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2011-06-05 11:32:35 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011-06-05 11:32:35 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011-06-05 11:32:35 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011-06-05 11:32:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011-06-05 11:32:34 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011-06-05 11:32:34 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011-06-05 11:32:34 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011-06-05 11:32:34 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011-06-05 11:32:34 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011-06-05 11:32:34 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2011-06-05 11:32:34 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011-06-05 11:32:33 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2011-06-05 11:32:33 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011-06-05 11:32:33 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011-06-05 11:32:33 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2011-06-05 11:32:33 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011-06-05 11:32:32 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2011-06-05 11:32:32 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2011-06-05 11:32:32 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011-06-05 11:32:32 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011-06-05 11:32:31 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2011-06-05 11:32:31 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2011-06-05 11:32:31 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011-06-05 11:32:31 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2011-06-05 11:32:31 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011-06-05 11:32:31 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2011-06-05 11:32:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2011-06-05 11:32:30 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2011-06-05 11:32:30 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2011-06-05 11:32:30 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2011-06-05 11:32:30 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2011-06-05 11:32:30 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011-06-05 11:32:29 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011-06-05 11:32:29 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011-06-05 11:32:29 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011-06-05 11:32:29 | 000,140,800 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\wusa.exe
[2011-06-05 11:32:29 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011-06-05 11:32:28 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011-06-05 11:32:28 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011-06-05 11:32:27 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011-06-05 11:32:27 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2011-06-05 11:32:27 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2011-06-05 11:32:27 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011-06-05 11:32:26 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011-06-05 11:32:26 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011-06-05 11:32:25 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011-06-05 11:32:25 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011-06-05 11:32:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011-06-05 11:32:24 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2011-06-05 11:32:24 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011-06-05 11:32:24 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2011-06-05 11:32:24 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2011-06-05 11:32:24 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011-06-05 11:32:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011-06-05 11:32:23 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011-06-05 11:32:22 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011-06-05 11:32:22 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011-06-05 11:32:21 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011-06-05 11:32:21 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011-06-05 11:32:21 | 000,780,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveui.dll
[2011-06-05 11:32:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011-06-05 11:32:20 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011-06-05 11:32:20 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011-06-05 11:32:20 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2011-06-05 11:32:19 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011-06-05 11:32:19 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011-06-05 11:32:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2011-06-05 11:32:18 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011-06-05 11:32:18 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011-06-05 11:32:18 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011-06-05 11:32:18 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsiw.dll
[2011-06-05 11:32:18 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011-06-05 11:32:18 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2011-06-05 11:32:17 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
[2011-06-05 11:32:17 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2011-06-05 11:32:17 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011-06-05 11:32:17 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2011-06-05 11:32:17 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011-06-05 11:32:17 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011-06-05 11:32:16 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011-06-05 11:32:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011-06-05 11:32:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2011-06-05 11:32:16 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011-06-05 11:32:16 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2011-06-05 11:32:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2011-06-05 11:32:15 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsUltimateExtrasCPL.dll
[2011-06-05 11:32:15 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011-06-05 11:32:15 | 000,075,264 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\dot3msm.dll
[2011-06-05 11:32:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2011-06-05 11:32:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2011-06-05 11:32:15 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011-06-05 11:32:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2011-06-05 11:32:14 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2011-06-05 11:32:14 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2011-06-05 11:32:14 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011-06-05 11:32:14 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011-06-05 11:32:14 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011-06-05 11:32:14 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011-06-05 11:32:14 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011-06-05 11:32:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2011-06-05 11:32:13 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2011-06-05 11:32:13 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011-06-05 11:32:13 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2011-06-05 11:32:13 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011-06-05 11:32:13 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011-06-05 11:32:13 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011-06-05 11:32:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2011-06-05 11:32:12 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011-06-05 11:32:12 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011-06-05 11:32:12 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2011-06-05 11:32:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2011-06-05 11:32:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2011-06-05 11:32:12 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011-06-05 11:32:12 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011-06-05 11:32:12 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2011-06-05 11:32:12 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011-06-05 11:32:12 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011-06-05 11:32:11 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2011-06-05 11:32:11 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011-06-05 11:32:11 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011-06-05 11:32:11 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011-06-05 11:32:10 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2011-06-05 11:32:10 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2011-06-05 11:32:10 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011-06-05 11:32:10 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011-06-05 11:32:10 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011-06-05 11:32:09 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2011-06-05 11:32:09 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011-06-05 11:32:09 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2011-06-05 11:32:09 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2011-06-05 11:32:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011-06-05 11:32:08 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2011-06-05 11:32:08 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2011-06-05 11:32:08 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011-06-05 11:32:07 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011-06-05 11:32:07 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011-06-05 11:32:07 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2011-06-05 11:32:07 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011-06-05 11:32:06 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011-06-05 11:32:06 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011-06-05 11:32:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2011-06-05 11:32:06 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011-06-05 11:32:06 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2011-06-05 11:32:05 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011-06-05 11:32:05 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2011-06-05 11:32:05 | 000,106,496 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\CscMig.dll
[2011-06-05 11:32:04 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011-06-05 11:32:04 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2011-06-05 11:32:03 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011-06-05 11:32:03 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2011-06-05 11:32:03 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011-06-05 11:32:03 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011-06-05 11:32:03 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011-06-05 11:32:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011-06-05 11:32:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2011-06-05 11:32:03 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2011-06-05 11:32:02 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011-06-05 11:32:02 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011-06-05 11:32:02 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2011-06-05 11:32:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2011-06-05 11:32:01 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011-06-05 11:32:01 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2011-06-05 11:32:01 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2011-06-05 11:32:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011-06-05 11:32:00 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011-06-05 11:32:00 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2011-06-05 11:32:00 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprnext.dll
[2011-06-05 11:32:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011-06-05 11:31:59 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011-06-05 11:31:59 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011-06-05 11:31:59 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011-06-05 11:31:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011-06-05 11:31:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011-06-05 11:31:58 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2011-06-05 11:31:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2011-06-05 11:31:58 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2011-06-05 11:31:58 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2011-06-05 11:31:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2011-06-05 11:31:58 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2011-06-05 11:31:57 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011-06-05 11:31:57 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011-06-05 11:31:57 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2011-06-05 11:31:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2011-06-05 11:31:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011-06-05 11:31:57 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011-06-05 11:31:56 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011-06-05 11:31:56 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2011-06-05 11:31:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2011-06-05 11:31:56 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2011-06-05 11:31:56 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011-06-05 11:31:56 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2011-06-05 11:31:56 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011-06-05 11:31:56 | 000,024,064 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\gpscript.exe
[2011-06-05 11:31:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011-06-05 11:31:55 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2011-06-05 11:31:55 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2011-06-05 11:31:55 | 000,039,936 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\networkitemfactory.dll
[2011-06-05 11:31:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011-06-05 11:31:55 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2011-06-05 11:31:54 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011-06-05 11:31:54 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011-06-05 11:31:54 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011-06-05 11:31:54 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011-06-05 11:31:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011-06-05 11:31:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll
[2011-06-05 11:31:53 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2011-06-05 11:31:53 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011-06-05 11:31:53 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011-06-05 11:31:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2011-06-05 11:31:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2011-06-05 11:31:52 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2011-06-05 11:31:52 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2011-06-05 11:31:52 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011-06-05 11:31:51 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011-06-05 11:31:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011-06-05 11:31:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2011-06-05 11:31:51 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2011-06-05 11:31:51 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2011-06-05 11:31:51 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2011-06-05 11:31:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2011-06-05 11:31:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2011-06-05 11:31:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2011-06-05 11:31:49 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2011-06-05 11:31:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2011-06-05 11:31:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2011-06-05 11:31:48 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2011-06-05 11:31:47 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2011-06-05 11:31:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011-06-05 11:31:47 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011-06-05 11:31:47 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2011-06-05 11:31:47 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2011-06-05 11:31:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2011-06-05 11:31:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011-06-05 11:31:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2011-06-05 11:31:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2011-06-05 11:31:43 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2011-06-05 11:31:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2011-06-05 11:31:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2011-06-05 11:31:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011-06-05 11:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011-06-05 11:31:00 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011-06-05 11:30:48 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011-06-05 11:30:48 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011-06-05 11:30:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
Nahoru
pete2006
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 03 čer 2011 10:46

Re: rootkit Alureon-C

#32 Příspěvek od pete2006 »

[2011-06-05 10:31:27 | 000,000,000 | --SD | C] -- C:\žižala9696ž
[2011-06-05 10:31:27 | 000,000,000 | --SD | C] -- \žižala9696ž
[2011-06-05 10:30:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-06-05 10:29:13 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF19960.exe
[2011-06-05 09:54:54 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011-06-05 09:54:11 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011-06-05 09:54:11 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011-06-05 09:54:10 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011-06-05 09:54:10 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011-06-05 09:54:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011-06-05 09:53:35 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011-06-05 09:53:35 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011-06-05 09:53:26 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011-06-05 09:53:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011-06-05 09:48:59 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011-06-05 09:48:49 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2011-06-05 09:48:49 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011-06-04 21:02:14 | 000,000,000 | --SD | C] -- C:\žižala1515ž
[2011-06-04 21:02:14 | 000,000,000 | --SD | C] -- \žižala1515ž
[2011-06-04 20:59:41 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF25188.exe
[2011-06-04 20:57:25 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF24737.exe
[2011-06-04 20:45:44 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF22435.exe
[2011-06-04 20:21:10 | 000,000,000 | ---D | C] -- C:\zizala
[2011-06-04 20:21:10 | 000,000,000 | ---D | C] -- \zizala
[2011-06-04 20:21:08 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF17622.exe
[2011-06-04 20:19:15 | 000,000,000 | --SD | C] -- C:\žižala26834ž
[2011-06-04 20:19:15 | 000,000,000 | --SD | C] -- \žižala26834ž
[2011-06-04 18:56:47 | 000,000,000 | --SD | C] -- C:\žižala1047ž
[2011-06-04 18:56:47 | 000,000,000 | --SD | C] -- \žižala1047ž
[2011-06-04 18:54:47 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF713.exe
[2011-06-04 18:53:48 | 000,000,000 | --SD | C] -- C:\zizala_25744z
[2011-06-04 18:53:48 | 000,000,000 | --SD | C] -- \zizala_25744z
[2011-06-04 18:52:14 | 000,000,000 | --SD | C] -- C:\žižala20727ž
[2011-06-04 18:52:14 | 000,000,000 | --SD | C] -- \žižala20727ž
[2011-06-04 18:50:56 | 000,000,000 | --SD | C] -- C:\žižala29018ž
[2011-06-04 18:50:56 | 000,000,000 | --SD | C] -- \žižala29018ž
[2011-06-03 21:27:04 | 000,000,000 | --SD | C] -- C:\zizala_6021z
[2011-06-03 21:27:04 | 000,000,000 | --SD | C] -- \zizala_6021z
[2011-06-03 21:26:16 | 000,000,000 | --SD | C] -- C:\zizala_6567z
[2011-06-03 21:26:16 | 000,000,000 | --SD | C] -- \zizala_6567z
[2011-06-03 21:22:17 | 000,000,000 | --SD | C] -- C:\zizala_22603z
[2011-06-03 21:22:17 | 000,000,000 | --SD | C] -- \zizala_22603z
[2011-06-03 21:07:08 | 000,000,000 | --SD | C] -- C:\žižala5307ž
[2011-06-03 21:07:08 | 000,000,000 | --SD | C] -- \žižala5307ž
[2011-06-03 21:01:19 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF5496.exe
[2011-06-03 20:29:34 | 000,000,000 | --SD | C] -- C:\žižala17098ž
[2011-06-03 20:29:34 | 000,000,000 | --SD | C] -- \žižala17098ž
[2011-06-03 20:20:57 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF30355.exe
[2011-06-03 20:10:06 | 000,000,000 | --SD | C] -- C:\žižala
[2011-06-03 20:10:06 | 000,000,000 | --SD | C] -- \žižala
[2011-06-03 17:17:51 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF27231.exe
[2011-06-03 17:06:24 | 000,000,000 | --SD | C] -- C:\zizala_376z
[2011-06-03 17:06:24 | 000,000,000 | --SD | C] -- \zizala_376z
[2011-06-03 16:29:42 | 000,000,000 | --SD | C] -- C:\zizala_
[2011-06-03 16:29:42 | 000,000,000 | --SD | C] -- \zizala_
[2011-06-03 16:19:50 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF15837.exe
[2011-06-03 16:13:43 | 000,000,000 | --SD | C] -- C:\zizala4077z
[2011-06-03 16:13:43 | 000,000,000 | --SD | C] -- \zizala4077z
[2011-06-03 16:10:03 | 000,000,000 | --SD | C] -- C:\zizala20615z
[2011-06-03 16:10:03 | 000,000,000 | --SD | C] -- \zizala20615z
[2011-06-03 16:09:05 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF13770.exe
[2011-06-03 15:58:30 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF11700.exe
[2011-06-03 15:10:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-06-03 15:10:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-06-03 15:10:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-06-03 15:09:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-06-03 15:09:48 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF2148.exe
[2011-06-03 15:09:47 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2011-06-03 15:09:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-06-03 15:09:44 | 000,000,000 | ---D | C] -- \Qoobox
[2011-06-03 11:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-06-03 11:25:44 | 000,000,000 | ---D | C] -- C:\rsit
[2011-06-03 11:25:44 | 000,000,000 | ---D | C] -- \rsit
[2011-06-03 10:21:31 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\System32\drivers\AvgArCln.sys
[2011-06-03 10:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Anti-Rootkit Free
[2011-06-03 10:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011-06-03 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-06-03 09:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-06-01 16:22:06 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

========== Files - Modified Within 30 Days ==========

[2011-06-05 22:37:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-06-05 21:08:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-05 21:08:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-05 19:15:24 | 000,601,344 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011-06-05 19:15:24 | 000,589,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-05 19:15:24 | 000,115,826 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011-06-05 19:15:24 | 000,101,682 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-05 19:09:16 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-06-05 19:08:49 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011-06-05 19:08:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-05 19:06:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011-06-05 18:56:21 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011-06-05 18:56:21 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011-06-05 18:56:11 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011-06-05 18:56:11 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011-06-05 18:56:11 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-06-05 18:56:10 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011-06-05 18:56:10 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-06-05 18:56:10 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-06-05 18:56:10 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011-06-05 18:56:10 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011-06-05 18:56:10 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-06-05 18:56:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011-06-05 18:56:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011-06-05 18:56:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011-06-05 18:56:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011-06-05 18:56:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011-06-05 18:56:09 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011-06-05 18:56:09 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-06-05 18:56:09 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011-06-05 18:56:09 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011-06-05 18:56:09 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-06-05 18:56:09 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011-06-05 18:56:09 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011-06-05 18:56:09 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011-06-05 18:56:09 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011-06-05 18:56:09 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011-06-05 18:56:09 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011-06-05 18:56:09 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011-06-05 18:56:08 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-06-05 18:56:08 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-06-05 18:56:08 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-06-05 18:56:08 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011-06-05 18:56:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011-06-05 18:56:08 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011-06-05 18:56:08 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011-06-05 18:56:08 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-06-05 18:56:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011-06-05 18:56:08 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011-06-05 18:56:08 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011-06-05 18:56:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011-06-05 18:56:08 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011-06-05 18:56:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011-06-05 18:55:04 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011-06-05 18:55:04 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011-06-05 18:55:04 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011-06-05 18:55:04 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011-06-05 18:55:04 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011-06-05 18:55:04 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011-06-05 18:55:04 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011-06-05 18:55:00 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011-06-05 18:55:00 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011-06-05 18:55:00 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011-06-05 18:55:00 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011-06-05 18:55:00 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011-06-05 18:55:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011-06-05 18:55:00 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011-06-05 18:55:00 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011-06-05 18:54:59 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011-06-05 18:54:59 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011-06-05 18:54:59 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011-06-05 18:54:59 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011-06-05 18:54:59 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011-06-05 18:54:59 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011-06-05 18:54:59 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011-06-05 18:54:59 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011-06-05 18:54:59 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011-06-05 18:52:48 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011-06-05 18:52:48 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011-06-05 18:52:48 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011-06-05 18:52:48 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\dxgkrnl.sys.mui
[2011-06-05 18:52:47 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011-06-05 18:52:47 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011-06-05 18:52:47 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011-06-05 13:22:28 | 215,985,797 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-06-05 12:32:40 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF11400.exe
[2011-06-05 12:18:16 | 000,384,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-06-05 10:29:09 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF19960.exe
[2011-06-04 20:59:38 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF25188.exe
[2011-06-04 20:57:20 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF24737.exe
[2011-06-04 20:45:34 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF22435.exe
[2011-06-04 20:21:01 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF17622.exe
[2011-06-04 18:54:43 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF713.exe
[2011-06-03 21:01:13 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF5496.exe
[2011-06-03 20:20:51 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF30355.exe
[2011-06-03 17:17:41 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF27231.exe
[2011-06-03 16:50:19 | 002,335,270 | ---- | M] () -- C:\Windows\System32\4e8890C.mht
[2011-06-03 16:38:51 | 002,335,270 | ---- | M] () -- C:\Windows\System32\f97952.mht
[2011-06-03 16:19:29 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF15837.exe
[2011-06-03 16:08:58 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF13770.exe
[2011-06-03 15:58:24 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF11700.exe
[2011-06-03 15:09:39 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF2148.exe
[2011-06-03 10:21:31 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011-06-03 09:54:38 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-06-01 16:22:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011-05-24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011-05-10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-05-10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011-06-05 18:56:09 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011-06-05 11:34:09 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011-06-05 11:33:31 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011-06-05 11:33:28 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011-06-05 11:33:19 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011-06-05 11:33:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011-06-05 11:33:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011-06-05 11:33:13 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011-06-05 11:33:09 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011-06-05 11:32:49 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011-06-05 11:32:46 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011-06-05 11:32:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011-06-05 11:31:55 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-06-05 11:31:46 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011-06-05 11:31:35 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011-06-04 23:48:46 | 215,985,797 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011-06-03 16:50:19 | 002,335,270 | ---- | C] () -- C:\Windows\System32\4e8890C.mht
[2011-06-03 16:38:51 | 002,335,270 | ---- | C] () -- C:\Windows\System32\f97952.mht
[2011-06-03 16:10:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011-06-03 16:10:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011-06-03 15:10:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-06-03 15:10:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-06-03 15:10:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-06-03 10:21:31 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011-06-03 09:54:38 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-04-02 09:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-03-24 21:00:47 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2011-03-24 21:00:47 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2011-01-20 16:42:42 | 000,000,358 | ---- | C] () -- C:\Windows\wincmd.ini
[2010-11-09 19:09:13 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010-07-08 16:49:57 | 000,000,109 | ---- | C] () -- C:\Windows\ChssBase.ini
[2010-01-06 19:29:18 | 000,000,001 | ---- | C] () -- \s
[2009-11-29 21:06:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009-10-10 17:06:43 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2009-10-10 17:06:42 | 000,333,257 | RHS- | C] () -- \bootmgr
[2009-10-10 17:06:02 | 000,171,136 | RHS- | C] () -- \grldr
[2009-10-10 16:08:04 | 1377,497,088 | -HS- | C] () --
[2008-06-12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008-04-12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008-04-12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008-04-05 19:17:50 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007-02-05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007-01-08 23:15:40 | 000,601,344 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2007-01-08 23:15:40 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2007-01-08 23:15:40 | 000,115,826 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2007-01-08 23:15:40 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2006-11-02 14:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:46:27 | 000,384,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,589,670 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,101,682 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-11-02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== LOP Check ==========

[2010-02-04 15:03:57 | 000,000,000 | ---D | M] -- C:\Users\All Users\98607737
[2010-05-13 16:23:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\Alwil Software
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2010-07-08 17:16:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\ChessBase
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Data aplikací
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumenty
[2009-11-30 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\f-secure
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2009-11-29 23:46:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\fssg
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Nabídka Start
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Oblíbené položky
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Plocha
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2009-10-13 11:40:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\VistaCodecs
[2011-03-29 22:45:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Šablony
[2006-11-02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Data aplikací
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009-10-10 16:20:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Dokumenty
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Nabídka Start
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Okolní síť
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Okolní tiskárny
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006-11-02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Soubory cookie
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Šablony
[2011-06-03 10:21:02 | 000,000,000 | ---D | M] -- C:\Users\install\avgarkt-setup-1.1.0.42
[2011-06-04 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\install\gmer
[2011-06-03 10:21:31 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010-02-04 15:39:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2010-02-04 15:39:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006-11-02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2010-02-04 15:39:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2010-02-04 15:39:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2006-11-02 14:35:50 | 000,000,000 | ---D | M] -- C:\Users\Public\Recorded TV
[2010-02-04 15:39:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2009-10-10 16:24:27 | 000,000,000 | -H-D | M] -- C:\Users\tomáš\AppData
[2011-05-04 09:42:51 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Contacts
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Data aplikací
[2011-06-05 22:44:02 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Desktop
[2011-06-05 13:17:52 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Documents
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Dokumenty
[2011-06-05 21:50:26 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Downloads
[2009-10-10 16:24:10 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Favorites
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Links
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Local Settings
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Music
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Nabídka Start
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Okolní síť
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Okolní tiskárny
[2011-06-03 16:29:11 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Pictures
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Recent
[2010-03-01 18:48:10 | 000,000,000 | ---D | M] -- C:\Users\tomáš\Saved Games
[2010-06-08 13:21:41 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Searches
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\SendTo
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Soubory cookie
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Videos
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Šablony
[2011-06-05 19:06:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009-04-11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2010-12-21 20:15:53 | 000,039,408 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011-01-20 16:48:32 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Adobe
[2010-07-08 17:14:54 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\ChessBase
[2010-12-21 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Google
[2009-10-10 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Identities
[2009-10-16 17:34:02 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Macromedia
[2006-11-02 14:35:50 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Media Center Programs
[2011-02-01 09:36:33 | 000,000,000 | --SD | M] -- C:\Users\tomáš\AppData\Roaming\Microsoft
[2011-04-02 09:32:27 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Mozilla
[2009-10-13 12:12:14 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Opera
[2009-10-31 12:25:05 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Real
[2009-11-30 12:54:01 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Tific
[2009-10-13 12:18:52 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-04-05 19:10:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-04-05 19:10:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CDROM.SYS >
[2008-04-05 19:10:45 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-04-05 19:10:45 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006-11-02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006-11-02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006-11-02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008-04-05 19:15:09 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009-04-11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\System32\cryptsvc.dll
[2009-04-11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008-10-28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006-11-02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008-04-05 19:14:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009-04-11 08:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008-04-05 19:12:07 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008-04-05 19:12:07 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008-04-05 19:12:07 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006-11-02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006-11-02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\drivers\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2009-06-15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009-09-10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009-02-13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006-11-02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009-06-15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009-02-13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009-06-15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009-06-15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009-09-09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009-09-10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008-04-05 19:14:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008-04-05 19:14:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008-04-05 19:14:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009-02-13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008-04-05 19:13:22 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006-11-02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009-04-11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009-04-11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008-04-05 19:13:57 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008-04-05 19:12:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008-04-05 19:12:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008-04-05 19:12:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006-11-02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006-11-02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008-04-05 19:12:02 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008-04-05 19:12:02 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008-04-05 19:12:02 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008-04-05 19:15:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006-11-02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009-04-11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009-04-11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SMSS.EXE >
[2008-04-05 19:13:20 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006-11-02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008-04-05 19:13:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008-04-05 19:13:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008-04-26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009-04-11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009-12-08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009-08-15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009-08-14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010-02-18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010-02-18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009-08-14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009-12-08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010-02-18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010-02-18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009-12-08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010-06-16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009-08-14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010-06-16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010-06-16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008-04-26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009-12-08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009-08-14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010-02-18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010-06-16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\System32\drivers\tcpip.sys
[2010-06-16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009-12-08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006-11-02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010-02-18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009-12-08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008-04-05 19:16:28 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009-08-14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008-04-05 19:15:45 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008-04-05 19:15:45 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006-11-02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-04-05 19:15:47 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006-11-02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008-04-05 19:15:44 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008-04-05 19:15:44 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011-06-05 18:56:10 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2011-06-05 18:56:10 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2011-06-05 18:56:08 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2008-03-30 07:42:46 | 000,185,944 | ---- | M] (RealNetworks, Inc.) Unable to obtain MD5 -- C:\Windows\System32\rmoc3260.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009-10-13 16:20:43 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006-11-02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006-11-02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006-11-02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006-11-02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006-11-02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[2011-06-05 18:56:10 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2011-06-05 18:56:10 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2011-06-05 18:56:08 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2008-03-30 07:42:46 | 000,185,944 | ---- | M] (RealNetworks, Inc.) Unable to obtain MD5 -- C:\Windows\System32\rmoc3260.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2011-06-05 18:54:59 | 000,638,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys

< %systemroot%\system32\*.* /3 >
[2011-06-03 16:50:19 | 002,335,270 | ---- | M] () -- C:\Windows\System32\4e8890C.mht
[2011-06-05 23:08:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-05 23:08:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-05 18:56:08 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011-06-05 18:56:08 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2011-06-05 18:54:59 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011-06-05 12:32:40 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF11400.exe
[2011-06-03 15:58:24 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF11700.exe
[2011-06-03 16:08:58 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF13770.exe
[2011-06-03 16:19:29 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF15837.exe
[2011-06-04 20:21:01 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF17622.exe
[2011-06-05 10:29:09 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF19960.exe
[2011-06-03 15:09:39 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF2148.exe
[2011-06-04 20:45:34 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF22435.exe
[2011-06-04 20:57:20 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF24737.exe
[2011-06-04 20:59:38 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF25188.exe
[2011-06-03 17:17:41 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF27231.exe
[2011-06-03 20:20:51 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF30355.exe
[2011-06-03 21:01:13 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF5496.exe
[2011-06-04 18:54:43 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF713.exe
[2011-06-05 18:55:00 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011-06-05 18:54:59 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011-06-05 18:54:59 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011-06-05 18:55:00 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011-06-05 18:55:00 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011-06-05 18:55:00 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011-06-05 18:55:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011-06-05 18:52:47 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011-06-05 18:55:00 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011-06-05 18:52:48 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011-06-05 18:52:48 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011-06-05 18:54:59 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011-06-05 18:56:10 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011-06-05 18:56:10 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011-06-03 16:38:51 | 002,335,270 | ---- | M] () -- C:\Windows\System32\f97952.mht
[2011-06-05 12:18:16 | 000,384,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-06-05 18:55:00 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011-06-05 18:56:10 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-06-05 18:56:10 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2011-06-05 18:56:21 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011-06-05 18:56:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011-06-05 18:56:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011-06-05 18:56:08 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011-06-05 18:56:08 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011-06-05 18:56:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011-06-05 18:56:10 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011-06-05 18:56:10 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-06-05 18:56:09 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011-06-05 18:56:10 | 009,702,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2011-06-05 18:56:08 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-06-05 18:56:09 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011-06-05 18:56:11 | 001,785,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2011-06-05 18:56:09 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011-06-05 18:56:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011-06-05 18:56:10 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-06-05 18:56:09 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011-06-05 18:56:08 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011-06-05 18:56:09 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011-06-05 19:08:49 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011-06-05 18:56:08 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011-06-05 18:56:09 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011-06-05 18:56:09 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011-06-05 18:56:08 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-06-05 18:56:08 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-06-05 18:56:11 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-06-05 18:56:09 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011-06-05 18:55:04 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011-06-05 18:55:04 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011-06-05 18:55:04 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011-06-05 18:55:04 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011-06-05 18:55:04 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011-06-05 18:55:04 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011-06-05 18:55:04 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011-06-05 18:56:09 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-06-05 18:56:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011-06-05 18:56:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011-06-05 18:56:08 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2011-06-05 18:56:09 | 012,268,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2011-06-05 18:56:08 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-06-05 18:56:09 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011-06-05 18:56:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011-06-05 18:56:11 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011-06-05 18:56:11 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011-06-05 18:56:08 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2011-06-05 18:54:59 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011-06-05 19:15:24 | 000,115,826 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011-06-05 19:15:24 | 000,101,682 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-05 19:15:24 | 000,601,344 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011-06-05 19:15:24 | 000,589,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-05 19:15:24 | 001,402,454 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011-06-05 18:52:47 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011-06-05 18:56:08 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011-06-05 18:54:59 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011-06-05 18:54:59 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011-06-05 18:56:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011-06-05 18:56:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011-06-05 18:55:04 | 001,075,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2011-06-05 08:09:43 | 000,000,296 | ---- | M] () -- C:\Windows\System32\spsys.log
[2011-06-05 18:55:03 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2011-06-05 18:56:10 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2011-06-05 18:56:21 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011-06-05 18:56:09 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-06-05 18:56:10 | 001,102,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2011-06-05 18:56:09 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011-06-05 18:56:09 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2011-06-05 18:56:09 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011-06-05 18:52:47 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2011-06-05 18:52:47 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011-06-05 18:56:11 | 001,126,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2011-06-05 18:54:59 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2011-06-05 18:52:48 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011-06-05 18:55:00 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011-06-05 18:54:59 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011-06-05 18:55:00 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011-06-05 18:54:59 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

< >

< End of report >
Nahoru
pete2006
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 03 čer 2011 10:46

Re: rootkit Alureon-C

#33 Příspěvek od pete2006 »

spustil jsem jej 2x a ten druhy report mi to nevyhodilo
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: rootkit Alureon-C

#34 Příspěvek od motji »

:o Pořád se mi tam něco nelíbí, místo gmeru zkusíme něco jiného. V OTL je ted nějaká blbost :o , pak ho spustíme znovu,ale později.

:arrow: Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Windows Explorer] C:\Windows\System32\config\systemprofile\AppData\Roaming\qhyggjpb.dll ()

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde :)



:arrow: Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


:arrow: Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



:arrow: Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********


:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
pete2006
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 03 čer 2011 10:46

Re: rootkit Alureon-C

#35 Příspěvek od pete2006 »

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Explorer deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\qhyggjpb.dll moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2684.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BEF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3F31.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5CA0.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5EC2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6A75.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP935.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAD9C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB25F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD078.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPED1C.tmp folder moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACDD88.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\0815a046929800739c1dd583b4f0b234\BIT3F01.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\14a0185c3eb3f7eaa49970b8a6a3588d\BIT7E1.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\2a429c42fb6ed894ba6a9344d1e50afd\BITF928.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\3ef9838bc275bd042a83170e7fb3e74d\BITEF92.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\50da95743d18a987b7b6ef3a3999d490\BIT31BB.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\5f3ab70146592a9d1000bd80ee4737ef\BITEA24.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\5f8bbff06b2da0a7956609cdcd5aa176\BIT5CDE.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\7f73d5724845b79a4aebb7e524a18c81\BITF724.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\81d9d4097384b71061bbe5d4930107f8\BITAD52.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\82268b093bffa7ba1c5cfb0dada0d09f\BITD1E7.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\8310be26c96da66c30f57316bc1a2473\BITFB99.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\97de84be36b27af6e66a0586433cda52\BIT2B33.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\b5ceb6274f4d7fd206d6adab3df8e834\BITD46A.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\bea0ec052f9fb30876ce0b314fb5e9e8\BIT3620.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\cfda6a5f0253f13aa506464213273105\BIT7C9F.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\d86d109c1055f7ac07986965f931ec34\BIT63C7.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\f1092d1fd4234f8be26835d1f7b0bdcb\BITAF0F.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\f8ff14620fee9ffe10f054f482ddad27\BITE496.tmp moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: install
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

User: tomáš
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524468 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: install

User: Public

User: tomáš

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06062011_130757

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Nahoru
pete2006
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 03 čer 2011 10:46

Re: rootkit Alureon-C

#36 Příspěvek od pete2006 »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 6786

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

2011-06-06 16:18:10
mbam-log-2011-06-06 (16-18-10).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 289159
Uplynulý čas: 1 hodina(y), 2 minuta(y), 55 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\ProgramData\98607737 (Rogue.Multiple) -> No action taken.

Infikované soubory:
C:\Program Files\Windows Media Player\run.exe (Trojan.CryptRun) -> No action taken.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: rootkit Alureon-C

#37 Příspěvek od motji »

V mbamu vše smažte a poprosím o nový OTL :) :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
pete2006
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 03 čer 2011 10:46

Re: rootkit Alureon-C

#38 Příspěvek od pete2006 »

OTL logfile created on: 2011-06-06 21:49:22 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\tomáš\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: yyyy-MM-dd

1013.68 Mb Total Physical Memory | 357.57 Mb Available Physical Memory | 35.27% Memory free
2.24 Gb Paging File | 1.36 Gb Available in Paging File | 60.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 36.16 Gb Total Space | 8.95 Gb Free Space | 24.74% Space Free | Partition Type: NTFS
Drive D: | 28.35 Gb Total Space | 24.87 Gb Free Space | 87.73% Space Free | Partition Type: NTFS

Computer Name: TOMÁŠ-PC | User Name: tomáš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-06 21:47:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\tomáš\Desktop\OTL.exe
PRC - [2011-05-20 04:05:24 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011-05-10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-04-05 19:16:04 | 000,485,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2011-06-06 21:47:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\tomáš\Desktop\OTL.exe
MOD - [2011-05-10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008-04-05 19:12:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009-10-13 16:20:43 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-06-12 13:15:10 | 000,051,040 | ---- | M] (IPWireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipw3gnet.sys -- (IpwP)
DRV - [2007-01-31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007-01-18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AvgArCln.sys -- (AvgArCln)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-145100264-1461140624-168581430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-145100264-1461140624-168581430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-145100264-1461140624-168581430-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-145100264-1461140624-168581430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-27 16:45:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011-04-02 09:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-04-02 09:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011-04-02 09:31:44 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) --
File not found (No name found) -- C:\USERS\TOMáš\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7C5WK9SC.DEFAULT\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
[2010-11-09 19:20:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-05-27 16:45:15 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-01-01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\heureka-cz.xml
[2010-01-01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010-01-01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010-01-01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010-01-01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011-06-06 13:13:36 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-145100264-1461140624-168581430-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - Startup: C:\Users\All Users\Adobe [2011-01-20 16:46:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Alwil Software [2010-05-13 16:23:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ChessBase [2010-07-08 17:16:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Data aplikací [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Desktop [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumenty [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\f-secure [2009-11-30 12:44:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\fssg [2009-11-29 23:46:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Google [2010-12-21 20:16:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Kaspersky Lab [2011-06-05 08:10:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Kaspersky Lab Setup Files [2010-05-13 16:19:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2011-06-06 15:01:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2010-05-12 12:08:16 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2011-06-05 10:09:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nabídka Start [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Norton [2009-11-30 14:45:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2009-12-01 20:32:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Oblíbené položky [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Plocha [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Templates [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\VistaCodecs [2009-10-13 11:40:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2011-03-29 22:45:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Šablony [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2006-11-02 13:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Data aplikací [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009-10-10 16:20:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Dokumenty [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Downloads [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Nabídka Start [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Okolní síť [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Okolní tiskárny [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Pictures [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006-11-02 12:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Soubory cookie [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006-11-02 15:00:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Šablony [2009-10-10 16:20:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\install\avgarkt-setup-1.1.0.42 [2011-06-03 10:21:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\install\avgarkt-setup-1.1.0.42.zip ()
O4 - Startup: C:\Users\install\ccsetup307.exe (Piriform Ltd)
O4 - Startup: C:\Users\install\ComboFix-.exe (Swearware)
O4 - Startup: C:\Users\install\dopis_viry.txt ()
O4 - Startup: C:\Users\install\jre-6u16-windows-i586.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Users\install\Log z AVPTool.txt ()
O4 - Startup: C:\Users\install\Log z AVPTool.xls ()
O4 - Startup: C:\Users\install\mbam-log-2011-06-06 (16-18-10).txt ()
O4 - Startup: C:\Users\install\mbam-setup.exe (Malwarebytes Corporation )
O4 - Startup: C:\Users\install\mbr.log ()
O4 - Startup: C:\Users\install\McafeeRootkitDetective [2011-06-04 20:38:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\install\McafeeRootkitDetective.zip ()
O4 - Startup: C:\Users\install\Návod k použití ComboFixu.mht ()
O4 - Startup: C:\Users\install\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Users\install\rkill.exe ()
O4 - Startup: C:\Users\install\ruzne_antivir_util.txt ()
O4 - Startup: C:\Users\install\setup_av_free.exe ()
O4 - Startup: C:\Users\install\setup_kaspersky_9.0.0.722_04.06.2011_08-49.exe ( )
O4 - Startup: C:\Users\install\T-Cleaner.exe ()
O4 - Startup: C:\Users\install\TFC.exe (OldTimer Tools)
O4 - Startup: C:\Users\install\virus_removal_tool_kaspersky - AV - AVPTool.mht ()
O4 - Startup: C:\Users\Public\Desktop [2011-06-06 15:01:10 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010-02-04 15:39:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2010-02-04 15:39:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006-11-02 12:23:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2010-02-04 15:39:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2010-02-04 15:39:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2006-11-02 14:35:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Videos [2010-02-04 15:39:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\AppData [2009-10-10 16:24:27 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\tomáš\Contacts [2011-05-04 09:42:51 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Data aplikací [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Desktop [2011-06-06 21:48:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Documents [2011-06-06 14:31:36 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Dokumenty [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Downloads [2011-06-05 21:50:26 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Favorites [2009-10-10 16:24:10 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Links [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Local Settings [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Music [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Nabídka Start [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\ntuser.dat ()
O4 - Startup: C:\Users\tomáš\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\tomáš\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\tomáš\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf ()
O4 - Startup: C:\Users\tomáš\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{3a330cfc-5daf-11df-9f24-000000000000}.TM.blf ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{3a330cfc-5daf-11df-9f24-000000000000}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{3a330cfc-5daf-11df-9f24-000000000000}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{73907d79-d5c5-11de-89ad-000000000000}.TM.blf ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{73907d79-d5c5-11de-89ad-000000000000}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{73907d79-d5c5-11de-89ad-000000000000}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{e9ed7a62-1192-11df-b7e2-000000000000}.TM.blf ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{e9ed7a62-1192-11df-b7e2-000000000000}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.dat{e9ed7a62-1192-11df-b7e2-000000000000}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\tomáš\ntuser.ini ()
O4 - Startup: C:\Users\tomáš\Okolní síť [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Okolní tiskárny [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Pictures [2011-06-06 19:34:45 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Recent [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Saved Games [2010-03-01 18:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\tomáš\Searches [2010-06-08 13:21:41 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\SendTo [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Soubory cookie [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\tomáš\Videos [2006-11-02 12:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\tomáš\Šablony [2009-10-10 16:22:20 | 000,000,000 | -HSD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-145100264-1461140624-168581430-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-145100264-1461140624-168581430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.102.0.252 10.102.0.253
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tomáš\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\tomáš\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O29 - HKLM SecurityProviders - (mfhyyybu.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-06-06 15:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-06-06 15:01:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-06-06 15:01:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-06-06 15:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-06-06 15:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-06-05 18:56:11 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011-06-05 18:56:11 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011-06-05 18:56:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-06-05 18:56:10 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011-06-05 18:56:10 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-06-05 18:56:10 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-06-05 18:56:10 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011-06-05 18:56:10 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011-06-05 18:56:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-06-05 18:56:10 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011-06-05 18:56:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011-06-05 18:56:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011-06-05 18:56:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011-06-05 18:56:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011-06-05 18:56:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011-06-05 18:56:09 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-06-05 18:56:09 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011-06-05 18:56:09 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011-06-05 18:56:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-06-05 18:56:09 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011-06-05 18:56:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011-06-05 18:56:09 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011-06-05 18:56:09 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011-06-05 18:56:09 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011-06-05 18:56:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011-06-05 18:56:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-06-05 18:56:08 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-06-05 18:56:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-06-05 18:56:08 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011-06-05 18:56:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011-06-05 18:56:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011-06-05 18:56:08 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011-06-05 18:56:08 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-06-05 18:56:08 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011-06-05 18:56:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011-06-05 18:56:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011-06-05 18:56:08 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011-06-05 18:56:08 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011-06-05 18:56:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011-06-05 18:55:04 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011-06-05 18:55:04 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011-06-05 18:55:04 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011-06-05 18:55:04 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011-06-05 18:55:04 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011-06-05 18:55:04 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011-06-05 18:55:04 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011-06-05 18:55:00 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011-06-05 18:55:00 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011-06-05 18:55:00 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011-06-05 18:55:00 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011-06-05 18:55:00 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011-06-05 18:55:00 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011-06-05 18:55:00 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011-06-05 18:55:00 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011-06-05 18:54:59 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011-06-05 18:54:59 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011-06-05 18:54:59 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011-06-05 18:54:59 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011-06-05 18:54:59 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011-06-05 18:54:59 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011-06-05 18:54:59 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011-06-05 18:54:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011-06-05 18:54:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011-06-05 18:52:48 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011-06-05 18:52:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011-06-05 18:52:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011-06-05 18:52:47 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011-06-05 18:52:47 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011-06-05 18:52:47 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011-06-05 12:09:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011-06-05 12:09:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011-06-05 12:09:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011-06-05 11:39:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011-06-05 11:34:11 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011-06-05 11:34:07 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2011-06-05 11:34:05 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2011-06-05 11:34:05 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2011-06-05 11:34:03 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011-06-05 11:34:01 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011-06-05 11:34:00 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2011-06-05 11:33:59 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011-06-05 11:33:58 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011-06-05 11:33:57 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2011-06-05 11:33:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011-06-05 11:33:56 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011-06-05 11:33:55 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011-06-05 11:33:54 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2011-06-05 11:33:54 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011-06-05 11:33:54 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2011-06-05 11:33:51 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011-06-05 11:33:50 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011-06-05 11:33:50 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011-06-05 11:33:49 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011-06-05 11:33:48 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2011-06-05 11:33:48 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011-06-05 11:33:47 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011-06-05 11:33:47 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011-06-05 11:33:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011-06-05 11:33:45 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011-06-05 11:33:44 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2011-06-05 11:33:44 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011-06-05 11:33:43 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011-06-05 11:33:43 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011-06-05 11:33:42 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011-06-05 11:33:42 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011-06-05 11:33:41 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2011-06-05 11:33:41 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2011-06-05 11:33:40 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011-06-05 11:33:40 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2011-06-05 11:33:40 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011-06-05 11:33:39 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011-06-05 11:33:38 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pmcsnap.dll
[2011-06-05 11:33:37 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2011-06-05 11:33:36 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011-06-05 11:33:35 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011-06-05 11:33:35 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2011-06-05 11:33:34 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011-06-05 11:33:34 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2011-06-05 11:33:34 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2011-06-05 11:33:33 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011-06-05 11:33:33 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011-06-05 11:33:33 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011-06-05 11:33:32 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011-06-05 11:33:32 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2011-06-05 11:33:32 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011-06-05 11:33:32 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2011-06-05 11:33:31 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011-06-05 11:33:31 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2011-06-05 11:33:30 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011-06-05 11:33:29 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2011-06-05 11:33:29 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011-06-05 11:33:29 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2011-06-05 11:33:29 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011-06-05 11:33:28 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011-06-05 11:33:27 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2011-06-05 11:33:27 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2011-06-05 11:33:27 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2011-06-05 11:33:27 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2011-06-05 11:33:26 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011-06-05 11:33:25 | 003,217,408 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\WinSAT.exe
[2011-06-05 11:33:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2011-06-05 11:33:25 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011-06-05 11:33:24 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011-06-05 11:33:24 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2011-06-05 11:33:24 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011-06-05 11:33:23 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2011-06-05 11:33:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2011-06-05 11:33:22 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2011-06-05 11:33:22 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2011-06-05 11:33:21 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011-06-05 11:33:21 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2011-06-05 11:33:20 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2011-06-05 11:33:20 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011-06-05 11:33:20 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2011-06-05 11:33:19 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011-06-05 11:33:19 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011-06-05 11:33:19 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011-06-05 11:33:19 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011-06-05 11:33:18 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2011-06-05 11:33:17 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011-06-05 11:33:17 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2011-06-05 11:33:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011-06-05 11:33:16 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011-06-05 11:33:16 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2011-06-05 11:33:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2011-06-05 11:33:15 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2011-06-05 11:33:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011-06-05 11:33:14 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011-06-05 11:33:14 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011-06-05 11:33:13 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2011-06-05 11:33:13 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011-06-05 11:33:13 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2011-06-05 11:33:12 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2011-06-05 11:33:12 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2011-06-05 11:33:11 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2011-06-05 11:33:11 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011-06-05 11:33:10 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011-06-05 11:33:09 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011-06-05 11:33:09 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011-06-05 11:33:08 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011-06-05 11:33:08 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2011-06-05 11:33:07 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011-06-05 11:33:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011-06-05 11:33:06 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011-06-05 11:33:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011-06-05 11:33:05 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011-06-05 11:33:04 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011-06-05 11:33:02 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011-06-05 11:33:02 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2011-06-05 11:33:02 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2011-06-05 11:33:02 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011-06-05 11:33:02 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2011-06-05 11:33:02 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011-06-05 11:33:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2011-06-05 11:33:01 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2011-06-05 11:33:01 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011-06-05 11:33:00 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011-06-05 11:33:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2011-06-05 11:33:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2011-06-05 11:33:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2011-06-05 11:33:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2011-06-05 11:33:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2011-06-05 11:32:59 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011-06-05 11:32:59 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2011-06-05 11:32:59 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011-06-05 11:32:58 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2011-06-05 11:32:58 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011-06-05 11:32:58 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011-06-05 11:32:58 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011-06-05 11:32:58 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011-06-05 11:32:58 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011-06-05 11:32:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2011-06-05 11:32:57 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011-06-05 11:32:57 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011-06-05 11:32:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011-06-05 11:32:57 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011-06-05 11:32:56 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011-06-05 11:32:56 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2011-06-05 11:32:56 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011-06-05 11:32:56 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011-06-05 11:32:56 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011-06-05 11:32:55 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011-06-05 11:32:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011-06-05 11:32:55 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2011-06-05 11:32:53 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2011-06-05 11:32:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011-06-05 11:32:52 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011-06-05 11:32:52 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2011-06-05 11:32:52 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011-06-05 11:32:52 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011-06-05 11:32:51 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2011-06-05 11:32:50 | 001,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011-06-05 11:32:49 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011-06-05 11:32:49 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011-06-05 11:32:49 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2011-06-05 11:32:49 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2011-06-05 11:32:48 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011-06-05 11:32:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2011-06-05 11:32:48 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011-06-05 11:32:48 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011-06-05 11:32:47 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011-06-05 11:32:47 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2011-06-05 11:32:47 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2011-06-05 11:32:46 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011-06-05 11:32:46 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2011-06-05 11:32:46 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011-06-05 11:32:46 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2011-06-05 11:32:46 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011-06-05 11:32:45 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2011-06-05 11:32:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011-06-05 11:32:44 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011-06-05 11:32:43 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011-06-05 11:32:43 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011-06-05 11:32:43 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2011-06-05 11:32:43 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011-06-05 11:32:43 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011-06-05 11:32:42 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011-06-05 11:32:42 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011-06-05 11:32:42 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2011-06-05 11:32:42 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011-06-05 11:32:41 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011-06-05 11:32:41 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2011-06-05 11:32:40 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011-06-05 11:32:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2011-06-05 11:32:39 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011-06-05 11:32:39 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011-06-05 11:32:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011-06-05 11:32:39 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011-06-05 11:32:39 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2011-06-05 11:32:39 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011-06-05 11:32:38 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2011-06-05 11:32:38 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011-06-05 11:32:38 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011-06-05 11:32:37 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011-06-05 11:32:37 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2011-06-05 11:32:37 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011-06-05 11:32:36 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011-06-05 11:32:36 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011-06-05 11:32:36 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011-06-05 11:32:36 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011-06-05 11:32:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2011-06-05 11:32:35 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011-06-05 11:32:35 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011-06-05 11:32:35 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011-06-05 11:32:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011-06-05 11:32:34 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011-06-05 11:32:34 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011-06-05 11:32:34 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011-06-05 11:32:34 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011-06-05 11:32:34 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011-06-05 11:32:34 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2011-06-05 11:32:34 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011-06-05 11:32:33 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2011-06-05 11:32:33 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011-06-05 11:32:33 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011-06-05 11:32:33 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2011-06-05 11:32:33 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011-06-05 11:32:32 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2011-06-05 11:32:32 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2011-06-05 11:32:32 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011-06-05 11:32:32 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011-06-05 11:32:31 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2011-06-05 11:32:31 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2011-06-05 11:32:31 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011-06-05 11:32:31 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2011-06-05 11:32:31 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011-06-05 11:32:31 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2011-06-05 11:32:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2011-06-05 11:32:30 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2011-06-05 11:32:30 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2011-06-05 11:32:30 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2011-06-05 11:32:30 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2011-06-05 11:32:30 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011-06-05 11:32:29 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011-06-05 11:32:29 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011-06-05 11:32:29 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011-06-05 11:32:29 | 000,140,800 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\wusa.exe
[2011-06-05 11:32:29 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011-06-05 11:32:28 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011-06-05 11:32:28 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011-06-05 11:32:27 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011-06-05 11:32:27 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2011-06-05 11:32:27 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2011-06-05 11:32:27 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011-06-05 11:32:26 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011-06-05 11:32:26 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011-06-05 11:32:25 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011-06-05 11:32:25 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011-06-05 11:32:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011-06-05 11:32:24 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2011-06-05 11:32:24 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011-06-05 11:32:24 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2011-06-05 11:32:24 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2011-06-05 11:32:24 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011-06-05 11:32:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011-06-05 11:32:23 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011-06-05 11:32:22 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011-06-05 11:32:22 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011-06-05 11:32:21 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011-06-05 11:32:21 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011-06-05 11:32:21 | 000,780,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveui.dll
[2011-06-05 11:32:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011-06-05 11:32:20 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011-06-05 11:32:20 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011-06-05 11:32:20 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2011-06-05 11:32:19 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011-06-05 11:32:19 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011-06-05 11:32:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2011-06-05 11:32:18 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011-06-05 11:32:18 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011-06-05 11:32:18 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011-06-05 11:32:18 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsiw.dll
[2011-06-05 11:32:18 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011-06-05 11:32:18 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2011-06-05 11:32:17 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
[2011-06-05 11:32:17 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2011-06-05 11:32:17 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011-06-05 11:32:17 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2011-06-05 11:32:17 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011-06-05 11:32:17 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011-06-05 11:32:16 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011-06-05 11:32:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011-06-05 11:32:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2011-06-05 11:32:16 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011-06-05 11:32:16 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2011-06-05 11:32:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2011-06-05 11:32:15 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsUltimateExtrasCPL.dll
[2011-06-05 11:32:15 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011-06-05 11:32:15 | 000,075,264 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\dot3msm.dll
[2011-06-05 11:32:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2011-06-05 11:32:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2011-06-05 11:32:15 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011-06-05 11:32:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2011-06-05 11:32:14 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2011-06-05 11:32:14 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2011-06-05 11:32:14 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011-06-05 11:32:14 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011-06-05 11:32:14 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011-06-05 11:32:14 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011-06-05 11:32:14 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
Nahoru
pete2006
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 03 čer 2011 10:46

Re: rootkit Alureon-C

#39 Příspěvek od pete2006 »

[2011-06-05 11:32:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2011-06-05 11:32:13 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2011-06-05 11:32:13 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011-06-05 11:32:13 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2011-06-05 11:32:13 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011-06-05 11:32:13 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011-06-05 11:32:13 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011-06-05 11:32:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2011-06-05 11:32:12 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011-06-05 11:32:12 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011-06-05 11:32:12 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2011-06-05 11:32:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2011-06-05 11:32:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2011-06-05 11:32:12 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011-06-05 11:32:12 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011-06-05 11:32:12 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2011-06-05 11:32:12 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011-06-05 11:32:12 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011-06-05 11:32:11 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2011-06-05 11:32:11 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011-06-05 11:32:11 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011-06-05 11:32:11 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011-06-05 11:32:10 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2011-06-05 11:32:10 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2011-06-05 11:32:10 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011-06-05 11:32:10 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011-06-05 11:32:10 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011-06-05 11:32:09 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2011-06-05 11:32:09 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011-06-05 11:32:09 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2011-06-05 11:32:09 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2011-06-05 11:32:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011-06-05 11:32:08 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2011-06-05 11:32:08 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2011-06-05 11:32:08 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011-06-05 11:32:07 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011-06-05 11:32:07 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011-06-05 11:32:07 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2011-06-05 11:32:07 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011-06-05 11:32:06 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011-06-05 11:32:06 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011-06-05 11:32:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2011-06-05 11:32:06 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011-06-05 11:32:06 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2011-06-05 11:32:05 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011-06-05 11:32:05 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2011-06-05 11:32:05 | 000,106,496 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\CscMig.dll
[2011-06-05 11:32:04 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011-06-05 11:32:04 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2011-06-05 11:32:03 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011-06-05 11:32:03 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2011-06-05 11:32:03 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011-06-05 11:32:03 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011-06-05 11:32:03 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011-06-05 11:32:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011-06-05 11:32:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2011-06-05 11:32:03 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2011-06-05 11:32:02 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011-06-05 11:32:02 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011-06-05 11:32:02 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2011-06-05 11:32:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2011-06-05 11:32:01 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011-06-05 11:32:01 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2011-06-05 11:32:01 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2011-06-05 11:32:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011-06-05 11:32:00 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011-06-05 11:32:00 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2011-06-05 11:32:00 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprnext.dll
[2011-06-05 11:32:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011-06-05 11:31:59 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011-06-05 11:31:59 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011-06-05 11:31:59 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011-06-05 11:31:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011-06-05 11:31:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011-06-05 11:31:58 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2011-06-05 11:31:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2011-06-05 11:31:58 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2011-06-05 11:31:58 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2011-06-05 11:31:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2011-06-05 11:31:58 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2011-06-05 11:31:57 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011-06-05 11:31:57 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011-06-05 11:31:57 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2011-06-05 11:31:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2011-06-05 11:31:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011-06-05 11:31:57 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011-06-05 11:31:56 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011-06-05 11:31:56 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2011-06-05 11:31:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2011-06-05 11:31:56 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2011-06-05 11:31:56 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011-06-05 11:31:56 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2011-06-05 11:31:56 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011-06-05 11:31:56 | 000,024,064 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\gpscript.exe
[2011-06-05 11:31:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011-06-05 11:31:55 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2011-06-05 11:31:55 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2011-06-05 11:31:55 | 000,039,936 | ---- | C] (Společnost Microsoft) -- C:\Windows\System32\networkitemfactory.dll
[2011-06-05 11:31:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011-06-05 11:31:55 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2011-06-05 11:31:54 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011-06-05 11:31:54 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011-06-05 11:31:54 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011-06-05 11:31:54 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011-06-05 11:31:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011-06-05 11:31:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll
[2011-06-05 11:31:53 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2011-06-05 11:31:53 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011-06-05 11:31:53 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011-06-05 11:31:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2011-06-05 11:31:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2011-06-05 11:31:52 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2011-06-05 11:31:52 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2011-06-05 11:31:52 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011-06-05 11:31:51 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011-06-05 11:31:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011-06-05 11:31:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2011-06-05 11:31:51 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2011-06-05 11:31:51 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2011-06-05 11:31:51 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2011-06-05 11:31:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2011-06-05 11:31:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2011-06-05 11:31:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2011-06-05 11:31:49 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2011-06-05 11:31:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2011-06-05 11:31:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2011-06-05 11:31:48 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2011-06-05 11:31:47 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2011-06-05 11:31:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011-06-05 11:31:47 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011-06-05 11:31:47 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2011-06-05 11:31:47 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2011-06-05 11:31:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2011-06-05 11:31:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011-06-05 11:31:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2011-06-05 11:31:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2011-06-05 11:31:43 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2011-06-05 11:31:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2011-06-05 11:31:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2011-06-05 11:31:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011-06-05 11:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011-06-05 11:31:00 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011-06-05 11:30:48 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011-06-05 11:30:48 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011-06-05 11:30:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011-06-05 10:30:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-06-05 09:54:54 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011-06-05 09:54:11 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011-06-05 09:54:11 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011-06-05 09:54:10 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011-06-05 09:54:10 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011-06-05 09:54:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011-06-05 09:53:35 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011-06-05 09:53:35 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011-06-05 09:53:26 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011-06-05 09:53:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011-06-05 09:48:59 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011-06-05 09:48:49 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2011-06-05 09:48:49 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011-06-03 11:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-06-03 10:21:31 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\System32\drivers\AvgArCln.sys
[2011-06-03 10:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Anti-Rootkit Free
[2011-06-03 10:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011-06-03 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-06-03 09:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-06-01 16:22:06 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

========== Files - Modified Within 30 Days ==========

[2011-06-06 22:08:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-06 22:08:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-06 21:37:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-06-06 18:13:04 | 000,601,344 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011-06-06 18:13:04 | 000,589,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-06 18:13:04 | 000,115,826 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011-06-06 18:13:04 | 000,101,682 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-06 18:08:35 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011-06-06 18:08:34 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-06-06 18:07:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-06 15:01:10 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-06-06 14:38:50 | 000,384,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-06-06 14:36:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011-06-06 13:38:05 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-06-06 13:13:36 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011-06-05 18:56:21 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011-06-05 18:56:21 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011-06-05 18:56:11 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011-06-05 18:56:11 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011-06-05 18:56:11 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-06-05 18:56:10 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011-06-05 18:56:10 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-06-05 18:56:10 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-06-05 18:56:10 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011-06-05 18:56:10 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011-06-05 18:56:10 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-06-05 18:56:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011-06-05 18:56:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011-06-05 18:56:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011-06-05 18:56:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011-06-05 18:56:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011-06-05 18:56:09 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011-06-05 18:56:09 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-06-05 18:56:09 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011-06-05 18:56:09 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011-06-05 18:56:09 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-06-05 18:56:09 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011-06-05 18:56:09 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011-06-05 18:56:09 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011-06-05 18:56:09 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011-06-05 18:56:09 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011-06-05 18:56:09 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011-06-05 18:56:09 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011-06-05 18:56:08 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-06-05 18:56:08 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-06-05 18:56:08 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-06-05 18:56:08 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011-06-05 18:56:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011-06-05 18:56:08 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011-06-05 18:56:08 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011-06-05 18:56:08 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-06-05 18:56:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011-06-05 18:56:08 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011-06-05 18:56:08 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011-06-05 18:56:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011-06-05 18:56:08 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011-06-05 18:56:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011-06-05 18:55:04 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011-06-05 18:55:04 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011-06-05 18:55:04 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011-06-05 18:55:04 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011-06-05 18:55:04 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011-06-05 18:55:04 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011-06-05 18:55:04 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011-06-05 18:55:00 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011-06-05 18:55:00 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011-06-05 18:55:00 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011-06-05 18:55:00 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011-06-05 18:55:00 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011-06-05 18:55:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011-06-05 18:55:00 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011-06-05 18:55:00 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011-06-05 18:54:59 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011-06-05 18:54:59 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011-06-05 18:54:59 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011-06-05 18:54:59 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011-06-05 18:54:59 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011-06-05 18:54:59 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011-06-05 18:54:59 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011-06-05 18:54:59 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011-06-05 18:54:59 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011-06-05 18:52:48 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011-06-05 18:52:48 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011-06-05 18:52:48 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011-06-05 18:52:48 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\dxgkrnl.sys.mui
[2011-06-05 18:52:47 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011-06-05 18:52:47 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011-06-05 18:52:47 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011-06-03 16:50:19 | 002,335,270 | ---- | M] () -- C:\Windows\System32\4e8890C.mht
[2011-06-03 16:38:51 | 002,335,270 | ---- | M] () -- C:\Windows\System32\f97952.mht
[2011-06-03 10:21:31 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011-06-01 16:22:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011-05-24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011-05-10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-05-10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011-06-06 15:01:10 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-06-05 18:56:09 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011-06-05 11:34:09 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011-06-05 11:33:31 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011-06-05 11:33:28 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011-06-05 11:33:19 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011-06-05 11:33:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011-06-05 11:33:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011-06-05 11:33:13 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011-06-05 11:33:09 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011-06-05 11:32:49 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011-06-05 11:32:46 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011-06-05 11:32:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011-06-05 11:31:55 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-06-05 11:31:46 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011-06-05 11:31:35 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011-06-03 16:50:19 | 002,335,270 | ---- | C] () -- C:\Windows\System32\4e8890C.mht
[2011-06-03 16:38:51 | 002,335,270 | ---- | C] () -- C:\Windows\System32\f97952.mht
[2011-06-03 10:21:31 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011-06-03 09:54:38 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-04-02 09:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-03-24 21:00:47 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2011-03-24 21:00:47 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2011-01-20 16:42:42 | 000,000,358 | ---- | C] () -- C:\Windows\wincmd.ini
[2010-11-09 19:09:13 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010-07-08 16:49:57 | 000,000,109 | ---- | C] () -- C:\Windows\ChssBase.ini
[2010-01-06 19:29:18 | 000,000,001 | ---- | C] () -- \s
[2009-11-29 21:06:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009-10-10 17:06:43 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2009-10-10 17:06:42 | 000,333,257 | RHS- | C] () -- \bootmgr
[2009-10-10 17:06:02 | 000,171,136 | RHS- | C] () -- \grldr
[2009-10-10 16:08:04 | 1377,497,088 | -HS- | C] () --
[2008-06-12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008-04-12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008-04-12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008-04-05 19:17:50 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007-02-05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007-01-08 23:15:40 | 000,601,344 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2007-01-08 23:15:40 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2007-01-08 23:15:40 | 000,115,826 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2007-01-08 23:15:40 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2006-11-02 14:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:46:27 | 000,384,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,589,670 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,101,682 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-11-02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== LOP Check ==========
Nahoru
pete2006
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 03 čer 2011 10:46

Re: rootkit Alureon-C

#40 Příspěvek od pete2006 »

[2010-05-13 16:23:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\Alwil Software
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2010-07-08 17:16:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\ChessBase
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Data aplikací
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumenty
[2009-11-30 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\f-secure
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2009-11-29 23:46:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\fssg
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Nabídka Start
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Oblíbené položky
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Plocha
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2009-10-13 11:40:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\VistaCodecs
[2011-03-29 22:45:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Šablony
[2006-11-02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Data aplikací
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009-10-10 16:20:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Dokumenty
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Nabídka Start
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Okolní síť
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Okolní tiskárny
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006-11-02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Soubory cookie
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006-11-02 15:00:38 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2009-10-10 16:20:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Šablony
[2011-06-03 10:21:02 | 000,000,000 | ---D | M] -- C:\Users\install\avgarkt-setup-1.1.0.42
[2011-06-06 15:01:10 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010-02-04 15:39:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2010-02-04 15:39:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006-11-02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2010-02-04 15:39:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2010-02-04 15:39:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2006-11-02 14:35:50 | 000,000,000 | ---D | M] -- C:\Users\Public\Recorded TV
[2010-02-04 15:39:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2009-10-10 16:24:27 | 000,000,000 | -H-D | M] -- C:\Users\tomáš\AppData
[2011-05-04 09:42:51 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Contacts
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Data aplikací
[2011-06-06 21:48:12 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Desktop
[2011-06-06 14:31:36 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Documents
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Dokumenty
[2011-06-05 21:50:26 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Downloads
[2009-10-10 16:24:10 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Favorites
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Links
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Local Settings
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Music
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Nabídka Start
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Okolní síť
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Okolní tiskárny
[2011-06-06 19:34:45 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Pictures
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Recent
[2010-03-01 18:48:10 | 000,000,000 | ---D | M] -- C:\Users\tomáš\Saved Games
[2010-06-08 13:21:41 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Searches
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\SendTo
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Soubory cookie
[2006-11-02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\tomáš\Videos
[2009-10-10 16:22:20 | 000,000,000 | -HSD | M] -- C:\Users\tomáš\Šablony
[2011-06-06 14:37:02 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009-04-11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2010-12-21 20:15:53 | 000,039,408 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011-01-20 16:48:32 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Adobe
[2010-07-08 17:14:54 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\ChessBase
[2010-12-21 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Google
[2009-10-10 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Identities
[2009-10-16 17:34:02 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Macromedia
[2011-06-06 15:01:33 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Malwarebytes
[2006-11-02 14:35:50 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Media Center Programs
[2011-02-01 09:36:33 | 000,000,000 | --SD | M] -- C:\Users\tomáš\AppData\Roaming\Microsoft
[2011-04-02 09:32:27 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Mozilla
[2009-10-13 12:12:14 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Opera
[2009-10-31 12:25:05 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Real
[2009-11-30 12:54:01 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Tific
[2009-10-13 12:18:52 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-04-05 19:10:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-04-05 19:10:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CDROM.SYS >
[2008-04-05 19:10:45 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-04-05 19:10:45 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006-11-02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006-11-02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006-11-02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008-04-05 19:15:09 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009-04-11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\System32\cryptsvc.dll
[2009-04-11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008-10-28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006-11-02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008-04-05 19:14:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009-04-11 08:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008-04-05 19:12:07 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008-04-05 19:12:07 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008-04-05 19:12:07 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006-11-02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006-11-02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\drivers\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2009-06-15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009-09-10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009-02-13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006-11-02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009-06-15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009-02-13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009-06-15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009-06-15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009-09-09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009-09-10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008-04-05 19:14:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008-04-05 19:14:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008-04-05 19:14:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009-02-13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008-04-05 19:13:22 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006-11-02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009-04-11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009-04-11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008-04-05 19:13:57 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008-04-05 19:12:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008-04-05 19:12:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008-04-05 19:12:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006-11-02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006-11-02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008-04-05 19:12:02 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008-04-05 19:12:02 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008-04-05 19:12:02 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008-04-05 19:15:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006-11-02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009-04-11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009-04-11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SMSS.EXE >
[2008-04-05 19:13:20 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006-11-02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008-04-05 19:13:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008-04-05 19:13:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008-04-26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009-04-11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009-12-08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009-08-15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009-08-14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010-02-18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010-02-18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009-08-14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009-12-08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010-02-18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010-02-18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009-12-08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010-06-16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009-08-14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010-06-16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010-06-16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008-04-26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009-12-08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009-08-14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010-02-18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010-06-16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\System32\drivers\tcpip.sys
[2010-06-16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009-12-08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006-11-02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010-02-18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009-12-08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008-04-05 19:16:28 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009-08-14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008-04-05 19:15:45 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008-04-05 19:15:45 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006-11-02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-04-05 19:15:47 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006-11-02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008-04-05 19:15:44 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008-04-05 19:15:44 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011-06-05 18:56:10 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2011-06-05 18:56:10 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009-10-13 16:20:43 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006-11-02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006-11-02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006-11-02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006-11-02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006-11-02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[2011-06-05 18:56:10 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2011-06-05 18:56:10 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2011-06-05 18:54:59 | 000,638,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys

< %systemroot%\system32\*.* /3 >
[2011-06-06 22:08:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-06 22:08:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-05 18:56:08 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011-06-05 18:56:08 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2011-06-05 18:54:59 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011-06-05 18:55:00 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011-06-05 18:54:59 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011-06-05 18:54:59 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011-06-05 18:55:00 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011-06-05 18:55:00 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011-06-05 18:55:00 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011-06-05 18:55:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011-06-05 18:52:47 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011-06-05 18:55:00 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011-06-05 18:52:48 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011-06-05 18:52:48 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011-06-05 18:54:59 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011-06-05 18:56:10 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011-06-05 18:56:10 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011-06-06 14:38:50 | 000,384,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-06-05 18:55:00 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011-06-05 18:56:10 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-06-05 18:56:10 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2011-06-05 18:56:21 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011-06-05 18:56:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011-06-05 18:56:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011-06-05 18:56:08 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011-06-05 18:56:08 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011-06-05 18:56:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011-06-05 18:56:10 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011-06-05 18:56:10 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-06-05 18:56:09 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011-06-05 18:56:10 | 009,702,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2011-06-05 18:56:08 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-06-05 18:56:09 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011-06-05 18:56:11 | 001,785,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2011-06-05 18:56:09 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011-06-05 18:56:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011-06-05 18:56:10 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-06-05 18:56:09 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011-06-05 18:56:08 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011-06-05 18:56:09 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011-06-06 18:08:35 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011-06-05 18:56:08 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011-06-05 18:56:09 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011-06-05 18:56:09 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011-06-05 18:56:08 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-06-05 18:56:08 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-06-05 18:56:11 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-06-05 18:56:09 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011-06-05 18:55:04 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011-06-05 18:55:04 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011-06-05 18:55:04 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011-06-05 18:55:04 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011-06-05 18:55:04 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011-06-05 18:55:04 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011-06-05 18:55:04 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011-06-05 18:56:09 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-06-05 18:56:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011-06-05 18:56:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011-06-05 18:56:08 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2011-06-05 18:56:09 | 012,268,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2011-06-05 18:56:08 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-06-05 18:56:09 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011-06-05 18:56:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011-06-05 18:56:11 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011-06-05 18:56:11 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011-06-05 18:56:08 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2011-06-05 18:54:59 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011-06-06 18:13:04 | 000,115,826 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011-06-06 18:13:04 | 000,101,682 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-06 18:13:04 | 000,601,344 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011-06-06 18:13:04 | 000,589,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-06 18:13:04 | 001,402,454 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011-06-05 18:52:47 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011-06-05 18:56:08 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011-06-05 18:54:59 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011-06-05 18:54:59 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011-06-05 18:56:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011-06-05 18:56:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011-06-05 18:55:04 | 001,075,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2011-06-05 08:09:43 | 000,000,296 | ---- | M] () -- C:\Windows\System32\spsys.log
[2011-06-05 18:55:03 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2011-06-05 18:56:10 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2011-06-05 18:56:21 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011-06-05 18:56:09 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-06-05 18:56:10 | 001,102,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2011-06-05 18:56:09 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011-06-05 18:56:09 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2011-06-05 18:56:09 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011-06-05 18:52:47 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2011-06-05 18:52:47 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011-06-05 18:56:11 | 001,126,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2011-06-05 18:54:59 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2011-06-05 18:52:48 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011-06-05 18:55:00 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011-06-05 18:54:59 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011-06-05 18:55:00 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011-06-05 18:54:59 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

< >

< End of report >
Nahoru
pete2006
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 03 čer 2011 10:46

Re: rootkit Alureon-C

#41 Příspěvek od pete2006 »

OTL Extras logfile created on: 2011-06-06 21:49:22 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\tomáš\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: yyyy-MM-dd

1013.68 Mb Total Physical Memory | 357.57 Mb Available Physical Memory | 35.27% Memory free
2.24 Gb Paging File | 1.36 Gb Available in Paging File | 60.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 36.16 Gb Total Space | 8.95 Gb Free Space | 24.74% Space Free | Partition Type: NTFS
Drive D: | 28.35 Gb Total Space | 24.87 Gb Free Space | 87.73% Space Free | Partition Type: NTFS

Computer Name: TOMÁŠ-PC | User Name: tomáš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-145100264-1461140624-168581430-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-145100264-1461140624-168581430-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\" = C:\Windows\system\178153.exe:*:Enabled:KL


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D9CF016-38D5-4245-BA39-5B08194DBED8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2CA319E0-FFC7-4C94-A4AB-8830F2CD0DAE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5AF7EFB1-9B1C-419E-800C-3FA3F3372350}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8695A73C-C1F7-4C4C-B296-92D0C308E09F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9F5E029B-BEDF-4FEE-B8B7-623ADFF2B48B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{9C86984F-E651-467D-AD32-A759EBB95428}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{FDA91A79-7D6E-4589-985A-93D6107D66D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B19BD003-89B6-4501-A5D5-20D4AC869F3E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D17732D2-C5A6-488B-8C78-62D66728FC8D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{4FAA46FA-D8C1-488C-A979-83F41BB1E1DA}_is1" = Fritz 9
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9CAF9762-B107-4E7B-A459-68F083298C58}" = Rybka 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A90000000001}" = Adobe Reader 9 - Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{F9683839-1A7F-4874-91B7-64CDF4AC4679}" = Rybka 4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 cs)" = Mozilla Firefox 4.0.1 (x86 cs)
"Totalcmd" = Total Commander (Remove or Repair)
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-06-05 04:25:43 | Computer Name = tomáš-PC | Source = EventSystem | ID = 4609
Description =

Error - 2011-06-05 04:28:08 | Computer Name = tomáš-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 0.0.0.0, časové razítko 0x4d334d98,
chybující modul explorer.exe, verze 0.0.0.0, časové razítko 0x4d334d98, kód výjimky
0x40000015, posun chyby 0x0008cb40, ID procesu 0x180, čas spuštění aplikace 0x01cc235a7f32f3cb.

Error - 2011-06-05 04:28:37 | Computer Name = tomáš-PC | Source = EventSystem | ID = 4609
Description =

Error - 2011-06-05 04:29:52 | Computer Name = tomáš-PC | Source = EventSystem | ID = 4609
Description =

Error - 2011-06-05 04:31:35 | Computer Name = tomáš-PC | Source = VSS | ID = 18
Description =

Error - 2011-06-05 04:31:35 | Computer Name = tomáš-PC | Source = VSS | ID = 8193
Description =

Error - 2011-06-05 04:31:35 | Computer Name = tomáš-PC | Source = System Restore | ID = 8193
Description =

Error - 2011-06-05 04:34:05 | Computer Name = tomáš-PC | Source = PerfNet | ID = 2004
Description =

Error - 2011-06-05 04:34:05 | Computer Name = tomáš-PC | Source = PerfNet | ID = 2002
Description =

Error - 2011-06-05 06:25:53 | Computer Name = tomáš-PC | Source = ESENT | ID = 215
Description = WinMail (2944) WindowsMail0: Zálohování bylo ukončeno, protože bylo
zastaveno klientem nebo protože se nezdařilo připojení ke klientovi.

[ OSession Events ]
Error - 2010-11-18 23:51:22 | Computer Name = tomáš-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2011-06-05 07:22:52 | Computer Name = tomáš-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (13:20:31, 5.6.2011) bylo neočekávané.

Error - 2011-06-05 07:24:03 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-06-05 10:56:19 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-06-05 11:27:32 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-06-05 13:09:29 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-06-06 07:03:42 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-06-06 08:04:11 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-06-06 08:39:34 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-06-06 12:07:48 | Computer Name = tomáš-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (17:45:00, 6.6.2011) bylo neočekávané.

Error - 2011-06-06 12:09:15 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: rootkit Alureon-C

#42 Příspěvek od motji »

Ještě Vás poprosím o tento log
http://www.viry.cz/forum/viewtopic.php?f=24&t=81946

V logu OTL máte něco, co je dost neobvyklé a já nevím zda jde o bug OTL , protože ve rsitu to nebylo :o .
Jinak počítač se chová jak?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
pete2006
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 03 čer 2011 10:46

Re: rootkit Alureon-C

#43 Příspěvek od pete2006 »

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by tomáš at 7:55:23 on 2011-06-07
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.1.1029.18.1014.319 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.3
TCP: Interfaces\{474DB2FE-B645-4498-AE76-6C14829198A6} : DhcpNameServer = 10.102.0.252 10.102.0.253
TCP: Interfaces\{49D29C92-3095-460C-9CDD-1EE7F924ABEC} : DhcpNameServer = 192.168.1.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: credssp.dll, mfhyyybu.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tomáš\appdata\roaming\mozilla\firefox\profiles\7c5wk9sc.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-1 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-13 307928]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2011-6-3 3968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-13 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-13 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-13 42184]
R2 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-5 21504]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-4-5 179712]
S2 AMService;AMService;c:\windows\temp\qywi\setup.exe run --> c:\windows\temp\qywi\setup.exe run [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-21 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-21 135664]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [2009-10-13 51040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-6 38224]
.
=============== Created Last 30 ================
.
2011-06-06 13:01:33 -------- d-----w- c:\users\tomáš\appdata\roaming\Malwarebytes
2011-06-06 13:01:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-06 13:01:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 13:01:03 -------- d-----w- c:\programdata\Malwarebytes
2011-06-06 13:01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 16:55:04 98816 ----a-w- c:\windows\system32\mfps.dll
2011-06-05 16:54:59 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-05 16:54:59 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-06-05 16:54:59 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-06-05 16:54:59 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-06-05 16:54:59 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-06-05 16:54:59 37376 ----a-w- c:\windows\system32\cdd.dll
2011-06-05 16:54:59 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-06-05 16:54:59 258048 ----a-w- c:\windows\system32\winspool.drv
2011-06-05 16:54:59 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-06-05 16:54:59 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-06-05 16:54:59 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-06-05 16:52:48 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-06-05 16:52:48 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-06-05 16:52:48 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-06-05 16:52:47 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-06-05 16:52:47 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-06-05 16:52:47 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-06-05 16:52:47 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-06-05 10:09:51 -------- d-----w- c:\windows\system32\eu-ES
2011-06-05 10:09:51 -------- d-----w- c:\windows\system32\ca-ES
2011-06-05 10:09:50 -------- d-----w- c:\windows\system32\vi-VN
2011-06-05 09:39:17 -------- d-----w- c:\windows\system32\EventProviders
2011-06-05 09:34:11 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-06-05 09:34:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-05 09:34:07 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2011-06-05 09:34:07 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2011-06-05 09:34:05 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-06-05 09:34:05 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-06-05 09:34:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-06-05 09:34:01 1480704 ----a-w- c:\windows\system32\mssrch.dll
2011-06-05 09:34:00 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2011-06-05 09:32:59 617984 ----a-w- c:\windows\system32\adtschema.dll
2011-06-05 09:31:59 97792 ----a-w- c:\windows\system32\mprapi.dll
2011-06-05 09:30:48 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-06-05 09:30:48 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-05 09:30:08 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-06-05 07:58:43 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6aa715c3-31a3-41a8-a70f-298926e81d64}\mpengine.dll
2011-06-05 07:53:35 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-06-05 07:53:35 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-06-05 07:53:26 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-06-05 07:53:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-06-05 07:53:02 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-05 07:53:02 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-05 07:53:02 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-05 07:48:59 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-06-05 07:48:59 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-06-05 07:48:59 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-06-05 07:48:49 840704 ----a-w- c:\windows\system32\WFS.exe
2011-06-05 07:48:49 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-06-03 09:25:45 -------- d-----w- c:\program files\trend micro
2011-06-03 08:21:31 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2011-06-03 07:54:41 -------- d-----w- c:\program files\CCleaner
2011-06-01 14:22:06 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
==================== Find3M ====================
.
2011-06-05 16:55:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-06-05 16:52:48 4096 ----a-w- c:\windows\system32\drivers\cs-cz\dxgkrnl.sys.mui
2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
============= FINISH: 7:58:13.10 ===============
Nahoru
pete2006
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 03 čer 2011 10:46

Re: rootkit Alureon-C

#44 Příspěvek od pete2006 »

rekl bych ze PC se chova normalne
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: rootkit Alureon-C

#45 Příspěvek od motji »

Našel AVG antirootkit něco?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“