VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

trojan win32 katusha

https://forum.viry.cz:443/viewtopic.php?t=101266

Stránka 1 z 2

trojan win32 katusha

Napsal: 20 kvě 2010 17:24
od Ula
Dobrý den,
přítel má problém s virem. Formátoval si pc a stáhl něco špatného a teď jeden vir nejde smazat. je umístěný ve windows/winsxs/temp a nelze ničím odstranit. Když se klikne pravým tlačítkem na něco na ploše, tak pc jen načítá a nic nedělá.

Předem děkujeme za každou radu.

zasílám log:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Viktor at 2010-05-20 18:09:17
Microsoft® Windows Vista™ Home Premium
System drive C: has 184 GB (81%) free of 228 GB
Total RAM: 3070 MB (73% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E9FAB13D-4600-49E1-90D1-EE961C859D39} - HopSurf toolbar - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll [2010-05-19 1331392]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2010-05-20 1006264]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-04-09 2029456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON SX410 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [2008-10-02 199680]

C:\Users\Viktor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-05-20 18:09:17 ----D---- C:\rsit
2010-05-20 18:09:17 ----D---- C:\Program Files\trend micro
2010-05-20 18:03:22 ----D---- C:\32788R22FWJFW
2010-05-20 17:52:37 ----D---- C:\32788R22FWJFW.0.tmp
2010-05-20 16:48:29 ----A---- C:\Start_.cmd
2010-05-20 16:48:26 ----A---- C:\Windows\system32\CF9555.exe
2010-05-20 16:48:25 ----A---- C:\Windows\system32\swsc.exe
2010-05-20 16:45:37 ----D---- C:\Qoobox
2010-05-20 16:45:30 ----A---- C:\Bug.txt
2010-05-20 16:45:27 ----A---- C:\Windows\system32\cmd.execf
2010-05-20 15:58:07 ----D---- C:\ProgramData\Adobe Systems
2010-05-20 15:54:05 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2010-05-20 15:52:23 ----D---- C:\ProgramData\Adobe
2010-05-20 15:52:23 ----D---- C:\Program Files\Common Files\Adobe
2010-05-20 15:51:50 ----D---- C:\Program Files\Adobe
2010-05-20 14:36:06 ----A---- C:\Windows\system32\t2embed.dll
2010-05-20 14:36:05 ----A---- C:\Windows\system32\lpk.dll
2010-05-20 14:36:05 ----A---- C:\Windows\system32\atmlib.dll
2010-05-20 14:36:05 ----A---- C:\Windows\system32\atmfd.dll
2010-05-20 14:36:04 ----A---- C:\Windows\system32\fontsub.dll
2010-05-20 14:36:04 ----A---- C:\Windows\system32\dciman32.dll
2010-05-20 14:34:48 ----A---- C:\Windows\system32\winipsec.dll
2010-05-20 14:34:48 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2010-05-20 14:34:47 ----A---- C:\Windows\system32\polstore.dll
2010-05-20 14:34:47 ----A---- C:\Windows\system32\IPSECSVC.DLL
2010-05-20 14:33:31 ----A---- C:\Windows\system32\riched32.dll
2010-05-20 14:33:31 ----A---- C:\Windows\system32\riched20.dll
2010-05-20 14:33:26 ----A---- C:\Windows\system32\rasser.dll
2010-05-20 14:33:26 ----A---- C:\Windows\system32\rasdiag.dll
2010-05-20 14:33:26 ----A---- C:\Windows\system32\rascfg.dll
2010-05-20 14:33:25 ----A---- C:\Windows\system32\rasmxs.dll
2010-05-20 14:33:24 ----A---- C:\Windows\system32\netcfgx.dll
2010-05-20 14:33:24 ----A---- C:\Windows\system32\msftedit.dll
2010-05-20 14:33:23 ----A---- C:\Windows\system32\icsunattend.exe
2010-05-20 14:33:22 ----A---- C:\Windows\system32\ipnathlp.dll
2010-05-20 14:33:21 ----A---- C:\Windows\system32\wshqos.dll
2010-05-20 14:33:20 ----A---- C:\Windows\system32\traffic.dll
2010-05-20 14:33:20 ----A---- C:\Windows\system32\pacerprf.dll
2010-05-20 14:33:18 ----A---- C:\Windows\system32\dps.dll
2010-05-20 14:33:18 ----A---- C:\Windows\system32\cdd.dll
2010-05-20 14:31:02 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-05-20 14:31:02 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-05-20 14:31:02 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-05-20 14:28:00 ----A---- C:\Windows\system32\ACCTRES.dll
2010-05-20 14:27:59 ----A---- C:\Windows\system32\msoert2.dll
2010-05-20 14:27:59 ----A---- C:\Windows\system32\msoeacct.dll
2010-05-20 14:26:25 ----A---- C:\Windows\system32\TCPSVCS.EXE
2010-05-20 14:26:25 ----A---- C:\Windows\system32\netevent.dll
2010-05-20 14:26:25 ----A---- C:\Windows\system32\MRINFO.EXE
2010-05-20 14:26:24 ----A---- C:\Windows\system32\ROUTE.EXE
2010-05-20 14:26:24 ----A---- C:\Windows\system32\NETSTAT.EXE
2010-05-20 14:26:24 ----A---- C:\Windows\system32\netiohlp.dll
2010-05-20 14:26:24 ----A---- C:\Windows\system32\HOSTNAME.EXE
2010-05-20 14:26:24 ----A---- C:\Windows\system32\finger.exe
2010-05-20 14:26:23 ----A---- C:\Windows\system32\ARP.EXE
2010-05-20 14:24:18 ----A---- C:\Windows\system32\wtsapi32.dll
2010-05-20 14:24:12 ----A---- C:\Windows\system32\sysmain.dll
2010-05-20 14:23:05 ----A---- C:\Windows\system32\WebClnt.dll
2010-05-20 14:22:02 ----A---- C:\Windows\system32\L2SecHC.dll
2010-05-20 14:22:00 ----A---- C:\Windows\system32\wlansvc.dll
2010-05-20 14:22:00 ----A---- C:\Windows\system32\wlanmsm.dll
2010-05-20 14:22:00 ----A---- C:\Windows\system32\wlanhlp.dll
2010-05-20 14:22:00 ----A---- C:\Windows\system32\wlanapi.dll
2010-05-20 14:21:59 ----A---- C:\Windows\system32\wlansec.dll
2010-05-20 14:20:33 ----A---- C:\Windows\system32\msxml3.dll
2010-05-20 14:20:32 ----A---- C:\Windows\system32\msxml3r.dll
2010-05-20 14:20:31 ----A---- C:\Windows\system32\msxml6r.dll
2010-05-20 14:20:31 ----A---- C:\Windows\system32\msxml6.dll
2010-05-20 14:19:10 ----A---- C:\Windows\system32\wdigest.dll
2010-05-20 14:19:10 ----A---- C:\Windows\system32\msv1_0.dll
2010-05-20 14:19:09 ----A---- C:\Windows\system32\secur32.dll
2010-05-20 14:19:09 ----A---- C:\Windows\system32\lsass.exe
2010-05-20 14:19:08 ----A---- C:\Windows\system32\lsasrv.dll
2010-05-20 14:16:48 ----A---- C:\Windows\system32\winsrv.dll
2010-05-20 14:16:48 ----A---- C:\Windows\system32\csrsrv.dll
2010-05-20 14:15:48 ----A---- C:\Windows\system32\mf.dll
2010-05-20 14:15:47 ----A---- C:\Windows\system32\rrinstaller.exe
2010-05-20 14:15:47 ----A---- C:\Windows\system32\mfps.dll
2010-05-20 14:15:47 ----A---- C:\Windows\system32\mfpmp.exe
2010-05-20 14:15:47 ----A---- C:\Windows\system32\mferror.dll
2010-05-20 14:15:44 ----A---- C:\Windows\system32\WMVCORE.DLL
2010-05-20 14:14:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-05-20 14:14:14 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-05-20 14:11:05 ----A---- C:\Windows\system32\winhttp.dll
2010-05-20 14:10:04 ----A---- C:\Windows\system32\vbscript.dll
2010-05-20 14:09:02 ----A---- C:\Windows\system32\atl.dll
2010-05-20 14:07:10 ----A---- C:\Windows\system32\gdi32.dll
2010-05-20 14:05:22 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2010-05-20 14:04:30 ----A---- C:\Windows\system32\xolehlp.dll
2010-05-20 14:04:30 ----A---- C:\Windows\system32\msdtcprx.dll
2010-05-20 14:03:31 ----A---- C:\Windows\system32\wkssvc.dll
2010-05-20 14:01:28 ----A---- C:\Windows\system32\tsgqec.dll
2010-05-20 14:01:28 ----A---- C:\Windows\system32\aaclient.dll
2010-05-20 14:01:27 ----A---- C:\Windows\system32\mstscax.dll
2010-05-20 14:00:20 ----A---- C:\Windows\system32\wmpeffects.dll
2010-05-20 13:58:22 ----A---- C:\Windows\system32\msscp.dll
2010-05-20 13:56:23 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2010-05-20 13:55:25 ----A---- C:\Windows\system32\FirewallAPI.dll
2010-05-20 13:55:24 ----A---- C:\Windows\system32\MPSSVC.dll
2010-05-20 13:55:24 ----A---- C:\Windows\system32\icfupgd.dll
2010-05-20 13:55:23 ----A---- C:\Windows\system32\wfapigp.dll
2010-05-20 13:55:23 ----A---- C:\Windows\system32\cmifw.dll
2010-05-20 13:54:29 ----A---- C:\Windows\system32\netapi32.dll
2010-05-20 13:48:32 ----A---- C:\Windows\system32\mcmde.dll
2010-05-20 13:48:30 ----A---- C:\Windows\system32\EncDec.dll
2010-05-20 13:48:28 ----A---- C:\Windows\system32\psisdecd.dll
2010-05-20 13:45:15 ----A---- C:\Windows\system32\shell32.dll
2010-05-20 13:44:01 ----A---- C:\Windows\system32\tzres.dll
2010-05-20 13:42:53 ----A---- C:\Windows\system32\localspl.dll
2010-05-20 13:40:22 ----A---- C:\Windows\system32\DWWIN.EXE
2010-05-20 13:38:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-05-20 13:38:31 ----A---- C:\Windows\system32\advpack.dll
2010-05-20 13:38:30 ----A---- C:\Windows\system32\ieaksie.dll
2010-05-20 13:38:30 ----A---- C:\Windows\system32\admparse.dll
2010-05-20 13:38:29 ----A---- C:\Windows\system32\ieakui.dll
2010-05-20 13:38:28 ----A---- C:\Windows\system32\ieapfltr.dll
2010-05-20 13:38:27 ----A---- C:\Windows\system32\iepeers.dll
2010-05-20 13:38:25 ----A---- C:\Windows\system32\wininet.dll
2010-05-20 13:38:25 ----A---- C:\Windows\system32\jsproxy.dll
2010-05-20 13:38:24 ----A---- C:\Windows\system32\dxtrans.dll
2010-05-20 13:38:23 ----A---- C:\Windows\system32\dxtmsft.dll
2010-05-20 13:38:22 ----A---- C:\Windows\system32\msfeeds.dll
2010-05-20 13:38:20 ----A---- C:\Windows\system32\ieui.dll
2010-05-20 13:38:19 ----A---- C:\Windows\system32\ieframe.dll
2010-05-20 13:38:16 ----A---- C:\Windows\system32\mshtmled.dll
2010-05-20 13:38:15 ----A---- C:\Windows\system32\mshtmler.dll
2010-05-20 13:38:15 ----A---- C:\Windows\system32\ieencode.dll
2010-05-20 13:38:14 ----A---- C:\Windows\system32\mshtml.dll
2010-05-20 13:38:10 ----A---- C:\Windows\system32\mstime.dll
2010-05-20 13:38:09 ----A---- C:\Windows\system32\icardie.dll
2010-05-20 13:38:05 ----A---- C:\Windows\system32\ieUnatt.exe
2010-05-20 13:38:04 ----A---- C:\Windows\system32\occache.dll
2010-05-20 13:38:03 ----A---- C:\Windows\system32\urlmon.dll
2010-05-20 13:38:02 ----A---- C:\Windows\system32\pngfilt.dll
2010-05-20 13:38:02 ----A---- C:\Windows\system32\iertutil.dll
2010-05-20 13:38:00 ----A---- C:\Windows\system32\iesetup.dll
2010-05-20 13:38:00 ----A---- C:\Windows\system32\iernonce.dll
2010-05-20 13:38:00 ----A---- C:\Windows\system32\ie4uinit.exe
2010-05-20 13:36:00 ----A---- C:\Windows\explorer.exe
2010-05-20 13:35:25 ----A---- C:\Windows\system32\hcrstco.dll
2010-05-20 13:35:25 ----A---- C:\Windows\system32\hccoin.dll
2010-05-20 13:34:59 ----A---- C:\Windows\system32\netcfg.exe
2010-05-20 13:33:48 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2010-05-20 13:33:48 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2010-05-20 13:33:47 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2010-05-20 13:33:47 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2010-05-20 13:33:47 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2010-05-20 13:33:46 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2010-05-20 13:33:46 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2010-05-20 13:33:46 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2010-05-20 13:33:45 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2010-05-20 13:33:44 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2010-05-20 13:33:43 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2010-05-20 13:33:43 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2010-05-20 13:33:42 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2010-05-20 13:33:42 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2010-05-20 13:33:41 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2010-05-20 13:33:40 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2010-05-20 13:33:39 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2010-05-20 13:33:38 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2010-05-20 13:33:38 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2010-05-20 13:33:37 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2010-05-20 13:33:36 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2010-05-20 13:33:36 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2010-05-20 13:33:35 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2010-05-20 13:33:35 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2010-05-20 13:33:34 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2010-05-20 13:33:34 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2010-05-20 13:33:34 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2010-05-20 13:33:33 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2010-05-20 13:33:32 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2010-05-20 13:33:32 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2010-05-20 13:33:31 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2010-05-20 13:33:30 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2010-05-20 13:33:29 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2010-05-20 13:33:29 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2010-05-20 13:33:28 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2010-05-20 13:33:27 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2010-05-20 13:33:27 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2010-05-20 13:33:26 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2010-05-20 13:33:25 ----A---- C:\Windows\system32\NlsModels0011.dll
2010-05-20 13:33:25 ----A---- C:\Windows\system32\NlsData0045.dll
2010-05-20 13:33:24 ----A---- C:\Windows\system32\NlsData0047.dll
2010-05-20 13:33:24 ----A---- C:\Windows\system32\NlsData0046.dll
2010-05-20 13:33:23 ----A---- C:\Windows\system32\NlsData0049.dll
2010-05-20 13:33:22 ----A---- C:\Windows\system32\NlsData0039.dll
2010-05-20 13:33:22 ----A---- C:\Windows\system32\NlsData0020.dll
2010-05-20 13:33:21 ----A---- C:\Windows\system32\NlsData0024.dll
2010-05-20 13:33:21 ----A---- C:\Windows\system32\NlsData0022.dll
2010-05-20 13:33:21 ----A---- C:\Windows\system32\NlsData0021.dll
2010-05-20 13:33:20 ----A---- C:\Windows\system32\NlsData0027.dll
2010-05-20 13:33:20 ----A---- C:\Windows\system32\NlsData0026.dll
2010-05-20 13:33:20 ----A---- C:\Windows\system32\NlsData0010.dll
2010-05-20 13:33:19 ----A---- C:\Windows\system32\NlsData0013.dll
2010-05-20 13:33:19 ----A---- C:\Windows\system32\NlsData0011.dll
2010-05-20 13:33:18 ----A---- C:\Windows\system32\NlsData0019.dll
2010-05-20 13:33:18 ----A---- C:\Windows\system32\NlsData0018.dll
2010-05-20 13:33:18 ----A---- C:\Windows\system32\NlsData0000.dll
2010-05-20 13:33:17 ----A---- C:\Windows\system32\NlsData0001.dll
2010-05-20 13:33:16 ----A---- C:\Windows\system32\NlsData0003.dll
2010-05-20 13:33:16 ----A---- C:\Windows\system32\NlsData0002.dll
2010-05-20 13:33:15 ----A---- C:\Windows\system32\NlsData0009.dll
2010-05-20 13:33:15 ----A---- C:\Windows\system32\NlsData0007.dll
2010-05-20 13:33:14 ----A---- C:\Windows\system32\NlsData004a.dll
2010-05-20 13:33:13 ----A---- C:\Windows\system32\NlsData004c.dll
2010-05-20 13:33:13 ----A---- C:\Windows\system32\NlsData004b.dll
2010-05-20 13:33:12 ----A---- C:\Windows\system32\NlsData004e.dll
2010-05-20 13:33:12 ----A---- C:\Windows\system32\NlsData003e.dll
2010-05-20 13:33:12 ----A---- C:\Windows\system32\NlsData002a.dll
2010-05-20 13:33:11 ----A---- C:\Windows\system32\NlsData001d.dll
2010-05-20 13:33:11 ----A---- C:\Windows\system32\NlsData001b.dll
2010-05-20 13:33:11 ----A---- C:\Windows\system32\NlsData001a.dll
2010-05-20 13:33:10 ----A---- C:\Windows\system32\NlsData000a.dll
2010-05-20 13:33:09 ----A---- C:\Windows\system32\NlsData000c.dll
2010-05-20 13:33:08 ----A---- C:\Windows\system32\NlsData000d.dll
2010-05-20 13:33:07 ----A---- C:\Windows\system32\NlsData0414.dll
2010-05-20 13:33:07 ----A---- C:\Windows\system32\NlsData000f.dll
2010-05-20 13:33:06 ----A---- C:\Windows\system32\NlsData0416.dll
2010-05-20 13:33:06 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2010-05-20 13:33:05 ----A---- C:\Windows\system32\NlsData081a.dll
2010-05-20 13:33:05 ----A---- C:\Windows\system32\NlsData0816.dll
2010-05-20 13:33:04 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2010-05-20 13:33:04 ----A---- C:\Windows\system32\NlsData0c1a.dll
2010-05-20 13:28:43 ----A---- C:\Windows\system32\setupapi.dll
2010-05-20 13:27:30 ----A---- C:\Windows\system32\srdelayed.exe
2010-05-20 13:27:30 ----A---- C:\Windows\system32\srcore.dll
2010-05-20 13:27:30 ----A---- C:\Windows\system32\srclient.dll
2010-05-20 13:27:30 ----A---- C:\Windows\system32\rstrui.exe
2010-05-20 13:27:28 ----A---- C:\Windows\system32\wpd_ci.dll
2010-05-20 13:27:27 ----A---- C:\Windows\system32\winresume.exe
2010-05-20 13:27:27 ----A---- C:\Windows\system32\kd1394.dll
2010-05-20 13:27:26 ----A---- C:\Windows\system32\winload.exe
2010-05-20 13:27:25 ----A---- C:\Windows\system32\ci.dll
2010-05-20 13:27:24 ----A---- C:\Windows\system32\cfgmgr32.dll
2010-05-20 13:27:23 ----A---- C:\Windows\system32\umpnpmgr.dll
2010-05-20 13:27:23 ----A---- C:\Windows\system32\drvinst.exe
2010-05-20 13:27:22 ----A---- C:\Windows\system32\dpx.dll
2010-05-20 13:27:21 ----A---- C:\Windows\system32\oleaut32.dll
2010-05-20 13:27:21 ----A---- C:\Windows\system32\kbd106n.dll
2010-05-20 13:27:20 ----A---- C:\Windows\system32\unlodctr.exe
2010-05-20 13:27:20 ----A---- C:\Windows\system32\lodctr.exe
2010-05-20 13:27:20 ----A---- C:\Windows\system32\loadperf.dll
2010-05-20 13:27:19 ----A---- C:\Windows\system32\prflbmsg.dll
2010-05-20 13:27:17 ----A---- C:\Windows\system32\schedsvc.dll
2010-05-20 13:27:15 ----A---- C:\Windows\system32\f3ahvoas.dll
2010-05-20 13:27:15 ----A---- C:\Windows\system32\batt.dll
2010-05-20 13:27:14 ----A---- C:\Windows\system32\dispci.dll
2010-05-20 13:25:27 ----A---- C:\Windows\system32\rpcss.dll
2010-05-20 13:25:24 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-05-20 13:25:24 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-05-20 13:25:20 ----A---- C:\Windows\system32\iasads.dll
2010-05-20 13:25:19 ----A---- C:\Windows\system32\sdohlp.dll
2010-05-20 13:25:19 ----A---- C:\Windows\system32\iasrecst.dll
2010-05-20 13:25:19 ----A---- C:\Windows\system32\iasdatastore.dll
2010-05-20 13:23:33 ----A---- C:\Windows\system32\jscript.dll
2010-05-20 13:22:52 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-05-20 13:22:50 ----A---- C:\Windows\system32\tcpipcfg.dll
2010-05-20 13:22:50 ----A---- C:\Windows\system32\netiougc.exe
2010-05-20 13:21:16 ----A---- C:\Windows\system32\LAPRXY.DLL
2010-05-20 13:21:16 ----A---- C:\Windows\system32\asferror.dll
2010-05-20 13:21:15 ----A---- C:\Windows\system32\WMASF.DLL
2010-05-20 13:20:49 ----A---- C:\Windows\system32\browserchoice.exe
2010-05-20 13:20:04 ----A---- C:\Windows\system32\kernel32.dll
2010-05-20 13:20:01 ----A---- C:\Windows\system32\apilogen.dll
2010-05-20 13:20:01 ----A---- C:\Windows\system32\amxread.dll
2010-05-20 13:19:12 ----A---- C:\Windows\system32\SLC.dll
2010-05-20 13:19:11 ----A---- C:\Windows\system32\slwmi.dll
2010-05-20 13:19:11 ----A---- C:\Windows\system32\mcbuilder.exe
2010-05-20 13:19:09 ----A---- C:\Windows\system32\SLCommDlg.dll
2010-05-20 13:19:08 ----A---- C:\Windows\system32\SLUINotify.dll
2010-05-20 13:19:08 ----A---- C:\Windows\system32\SLUI.exe
2010-05-20 13:19:08 ----A---- C:\Windows\system32\SLLUA.exe
2010-05-20 13:19:06 ----A---- C:\Windows\system32\SLsvc.exe
2010-05-20 13:19:06 ----A---- C:\Windows\system32\slcinst.dll
2010-05-20 13:18:24 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-05-20 13:18:23 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-05-20 13:18:22 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-05-20 13:16:08 ----A---- C:\Windows\system32\ntprint.exe
2010-05-20 13:16:08 ----A---- C:\Windows\system32\ntprint.dll
2010-05-20 13:16:04 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2010-05-20 13:16:04 ----A---- C:\Windows\system32\dhcpcsvc.dll
2010-05-20 13:16:04 ----A---- C:\Windows\system32\dhcpcmonitor.dll
2010-05-20 13:16:03 ----A---- C:\Windows\system32\authui.dll
2010-05-20 13:15:58 ----A---- C:\Windows\system32\sendmail.dll
2010-05-20 13:15:21 ----A---- C:\Windows\system32\win32spl.dll
2010-05-20 13:15:21 ----A---- C:\Windows\system32\printcom.dll
2010-05-20 13:13:57 ----A---- C:\Windows\system32\wshrm.dll
2010-05-20 13:13:18 ----A---- C:\Windows\system32\wmpdxm.dll
2010-05-20 13:12:26 ----A---- C:\Windows\system32\msdrm.dll
2010-05-20 13:12:25 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-05-20 13:12:24 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-05-20 13:12:23 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-05-20 13:12:23 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-05-20 13:12:22 ----A---- C:\Windows\system32\secproc.dll
2010-05-20 13:12:21 ----A---- C:\Windows\system32\RMActivate.exe
2010-05-20 13:12:20 ----A---- C:\Windows\system32\secproc_isv.dll
2010-05-20 13:12:20 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-05-20 13:11:44 ----A---- C:\Windows\system32\sbunattend.exe
2010-05-20 13:11:18 ----A---- C:\Windows\system32\dnsrslvr.dll
2010-05-20 13:11:18 ----A---- C:\Windows\system32\dnsapi.dll
2010-05-20 13:11:17 ----A---- C:\Windows\system32\dnscacheugc.exe
2010-05-20 13:11:01 ----A---- C:\Windows\system32\schannel.dll
2010-05-20 13:05:48 ----A---- C:\Windows\system32\infocardapi.dll
2010-05-20 13:05:48 ----A---- C:\Windows\system32\icardres.dll
2010-05-20 13:05:48 ----A---- C:\Windows\system32\icardagt.exe
2010-05-20 13:05:44 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-05-20 13:05:42 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2010-05-20 13:05:42 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-05-20 13:05:42 ----A---- C:\Windows\system32\PresentationHost.exe
2010-05-20 11:34:52 ----A---- C:\Windows\system32\netfxperf.dll
2010-05-20 11:34:52 ----A---- C:\Windows\system32\dfshim.dll
2010-05-20 11:34:49 ----A---- C:\Windows\system32\mscories.dll
2010-05-20 11:34:49 ----A---- C:\Windows\system32\mscorier.dll
2010-05-20 11:34:49 ----A---- C:\Windows\system32\mscoree.dll
2010-05-20 11:17:19 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-05-20 11:17:15 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-05-20 11:17:15 ----A---- C:\Windows\system32\gameux.dll
2010-05-20 11:16:21 ----A---- C:\Windows\system32\logagent.exe
2010-05-20 11:16:20 ----A---- C:\Windows\system32\WMNetMgr.dll
2010-05-20 11:15:03 ----A---- C:\Windows\system32\INETRES.dll
2010-05-20 11:15:03 ----A---- C:\Windows\system32\inetcomm.dll
2010-05-20 11:14:27 ----A---- C:\Windows\system32\msasn1.dll
2010-05-20 11:13:51 ----A---- C:\Windows\system32\connect.dll
2010-05-20 11:13:21 ----A---- C:\Windows\system32\wmi.dll
2010-05-20 11:13:21 ----A---- C:\Windows\system32\imagehlp.dll
2010-05-20 11:12:58 ----A---- C:\Windows\system32\rpcrt4.dll
2010-05-20 11:11:46 ----A---- C:\Windows\system32\httpapi.dll
2010-05-20 11:11:45 ----A---- C:\Windows\system32\nshhttp.dll
2010-05-20 11:08:38 ----A---- C:\Windows\system32\crypt32.dll
2010-05-20 11:08:20 ----A---- C:\Windows\system32\rastls.dll
2010-05-20 11:08:20 ----A---- C:\Windows\system32\raschap.dll
2010-05-20 11:07:54 ----A---- C:\Windows\system32\WSDApi.dll
2010-05-20 11:07:34 ----A---- C:\Windows\system32\poqexec.exe
2010-05-20 11:07:19 ----A---- C:\Windows\system32\user32.dll
2010-05-20 11:06:04 ----A---- C:\Windows\system32\tsbyuv.dll
2010-05-20 11:06:04 ----A---- C:\Windows\system32\msyuv.dll
2010-05-20 11:06:04 ----A---- C:\Windows\system32\iyuv_32.dll
2010-05-20 11:06:03 ----A---- C:\Windows\system32\quartz.dll
2010-05-20 11:06:02 ----A---- C:\Windows\system32\avicap32.dll
2010-05-20 11:06:01 ----A---- C:\Windows\system32\msvidc32.dll
2010-05-20 11:06:01 ----A---- C:\Windows\system32\msvfw32.dll
2010-05-20 11:06:01 ----A---- C:\Windows\system32\msrle32.dll
2010-05-20 11:06:01 ----A---- C:\Windows\system32\mciavi32.dll
2010-05-20 11:06:01 ----A---- C:\Windows\system32\avifil32.dll
2010-05-20 11:05:07 ----A---- C:\Windows\system32\qmgr.dll
2010-05-20 11:04:52 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2010-05-20 11:04:17 ----A---- C:\Windows\system32\wmploc.DLL
2010-05-20 11:04:16 ----A---- C:\Windows\system32\wmp.dll
2010-05-20 11:04:16 ----A---- C:\Windows\system32\spwmp.dll
2010-05-20 11:04:15 ----A---- C:\Windows\system32\dxmasf.dll
2010-05-20 11:04:10 ----A---- C:\Windows\system32\unregmp2.exe
2010-05-20 10:12:47 ----D---- C:\Users\Viktor\AppData\Roaming\Babylon
2010-05-20 10:12:47 ----D---- C:\ProgramData\Babylon
2010-05-20 10:12:40 ----D---- C:\Program Files\EasySearch
2010-05-20 09:59:35 ----D---- C:\Users\Viktor\AppData\Roaming\GHISLER
2010-05-20 09:55:00 ----D---- C:\Program Files\StrongDC++
2010-05-20 09:22:05 ----A---- C:\Users\Viktor\AppData\Roaming\QuickZip45.ini
2010-05-20 09:21:55 ----D---- C:\Program Files\QuickZip4
2010-05-20 07:42:30 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-19 21:24:37 ----D---- C:\Windows\Panther
2010-05-19 21:24:23 ----RAS---- C:\BOOTSECT.BAK
2010-05-19 21:24:21 ----SHD---- C:\Boot
2010-05-19 21:23:46 ----D---- C:\Windows\system32\OEM
2010-05-19 16:36:56 ----D---- C:\Windows\Minidump
2010-05-19 15:29:54 ----D---- C:\Users\Viktor\AppData\Roaming\uTorrent
2010-05-19 14:00:04 ----D---- C:\Program Files\Microsoft Works
2010-05-19 13:59:42 ----D---- C:\Program Files\Microsoft Visual Studio
2010-05-19 13:59:42 ----D---- C:\Program Files\Common Files\DESIGNER
2010-05-19 13:58:59 ----D---- C:\Windows\PCHEALTH
2010-05-19 13:58:59 ----D---- C:\Program Files\Microsoft.NET
2010-05-19 13:56:44 ----D---- C:\ProgramData\Microsoft Help
2010-05-19 13:56:44 ----D---- C:\Program Files\Microsoft Office
2010-05-19 13:56:00 ----RHD---- C:\MSOCache
2010-05-19 13:44:48 ----D---- C:\Users\Viktor\AppData\Roaming\Macromedia
2010-05-19 13:44:48 ----D---- C:\Users\Viktor\AppData\Roaming\Adobe
2010-05-19 13:44:44 ----D---- C:\Windows\system32\Macromed
2010-05-19 13:13:59 ----D---- C:\ProgramData\UDL
2010-05-19 13:13:17 ----D---- C:\Program Files\Epson Software
2010-05-19 13:13:15 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-19 13:10:22 ----A---- C:\Windows\system32\PICSDK2.dll
2010-05-19 13:10:22 ----A---- C:\Windows\system32\PICSDK.ini
2010-05-19 13:10:22 ----A---- C:\Windows\system32\PICSDK.dll
2010-05-19 13:10:22 ----A---- C:\Windows\system32\PICEntry.dll
2010-05-19 13:10:22 ----A---- C:\Windows\system32\EpPicPrt.dll
2010-05-19 13:10:22 ----A---- C:\Windows\system32\EPPicMgr.dll
2010-05-19 13:10:20 ----D---- C:\Users\Viktor\AppData\Roaming\InstallShield
2010-05-19 13:09:18 ----A---- C:\Windows\system32\E_DCINST.DLL
2010-05-19 13:09:10 ----A---- C:\Windows\system32\E_FLBFCE.DLL
2010-05-19 13:09:06 ----A---- C:\Windows\system32\E_FD4BFCE.DLL
2010-05-19 13:08:50 ----D---- C:\ProgramData\EPSON
2010-05-19 13:07:47 ----A---- C:\Windows\system32\eswiaud.dll
2010-05-19 13:07:38 ----D---- C:\Program Files\epson
2010-05-19 12:41:49 ----HD---- C:\VritualRoot
2010-05-19 12:41:34 ----D---- C:\ProgramData\COMODO
2010-05-19 12:38:16 ----D---- C:\Users\Viktor\AppData\Roaming\Comodo
2010-05-19 12:38:16 ----D---- C:\Program Files\Comodo
2010-05-19 12:37:39 ----D---- C:\ProgramData\Comodo Downloader
2010-05-19 12:29:21 ----D---- C:\Users\Viktor\AppData\Roaming\ATI
2010-05-19 12:29:21 ----D---- C:\ProgramData\ATI
2010-05-19 12:25:22 ----D---- C:\Program Files\ATI Technologies
2010-05-19 12:25:19 ----D---- C:\Program Files\ATI
2010-05-19 12:22:27 ----D---- C:\cabs
2010-05-19 12:03:08 ----SHD---- C:\Windows\Installer
2010-05-19 11:54:59 ----D---- C:\Users\Viktor\AppData\Roaming\Mozilla
2010-05-19 11:54:51 ----D---- C:\Program Files\Mozilla Firefox
2010-05-19 11:44:19 ----A---- C:\Windows\system32\wintrust.dll
2010-05-19 11:44:00 ----A---- C:\Windows\system32\cabview.dll
2010-05-19 11:37:44 ----D---- C:\Users\Viktor\AppData\Roaming\Identities
2010-05-19 11:37:24 ----SD---- C:\Users\Viktor\AppData\Roaming\Microsoft
2010-05-19 11:37:24 ----D---- C:\Users\Viktor\AppData\Roaming\Media Center Programs
2010-05-19 11:36:53 ----A---- C:\Windows\system32\wups2.dll
2010-05-19 11:36:53 ----A---- C:\Windows\system32\wucltux.dll
2010-05-19 11:36:53 ----A---- C:\Windows\system32\wuaueng.dll
2010-05-19 11:36:53 ----A---- C:\Windows\system32\wuauclt.exe
2010-05-19 11:36:19 ----A---- C:\Windows\system32\wups.dll
2010-05-19 11:36:19 ----A---- C:\Windows\system32\wudriver.dll
2010-05-19 11:36:19 ----A---- C:\Windows\system32\wuapi.dll
2010-05-19 11:35:44 ----A---- C:\Windows\system32\wuwebv.dll
2010-05-19 11:35:43 ----A---- C:\Windows\system32\wuapp.exe
2010-05-19 11:28:25 ----D---- C:\Windows\SoftwareDistribution
2010-05-19 11:27:10 ----D---- C:\Windows\Debug
2010-05-19 11:25:44 ----D---- C:\Windows\Prefetch
2010-05-19 11:25:29 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2010-05-20 18:09:17 ----RD---- C:\Program Files
2010-05-20 18:09:16 ----D---- C:\Windows\Temp
2010-05-20 17:58:42 ----D---- C:\Windows\System32
2010-05-20 17:58:42 ----D---- C:\Windows\inf
2010-05-20 17:58:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-20 17:11:17 ----HD---- C:\ProgramData
2010-05-20 17:11:07 ----D---- C:\Windows\system32\drivers
2010-05-20 16:48:25 ----D---- C:\Windows\system32\en-US
2010-05-20 15:54:05 ----D---- C:\Program Files\Common Files
2010-05-20 15:24:21 ----D---- C:\Windows
2010-05-20 15:22:19 ----RSD---- C:\Windows\assembly
2010-05-20 15:21:21 ----D---- C:\Windows\Microsoft.NET
2010-05-20 15:18:31 ----ASH---- C:\Program Files\desktop.ini
2010-05-20 15:18:13 ----D---- C:\Windows\rescache
2010-05-20 15:11:50 ----D---- C:\Windows\system32\ras
2010-05-20 15:11:50 ----D---- C:\Windows\system32\icsxml
2010-05-20 15:11:50 ----D---- C:\Program Files\Windows Calendar
2010-05-20 15:11:47 ----D---- C:\Program Files\Windows Mail
2010-05-20 15:11:47 ----D---- C:\Program Files\Common Files\System
2010-05-20 15:11:46 ----D---- C:\Windows\system32\wbem
2010-05-20 15:11:42 ----D---- C:\Program Files\Windows Defender
2010-05-20 15:11:38 ----D---- C:\Windows\ehome
2010-05-20 15:11:38 ----D---- C:\Program Files\Movie Maker
2010-05-20 15:11:36 ----D---- C:\Windows\servicing
2010-05-20 15:11:36 ----D---- C:\Program Files\Internet Explorer
2010-05-20 15:11:35 ----D---- C:\Windows\system32\migration
2010-05-20 15:11:34 ----D---- C:\Windows\AppPatch
2010-05-20 15:11:23 ----D---- C:\Windows\system32\manifeststore
2010-05-20 15:11:22 ----D---- C:\Windows\system32\SLUI
2010-05-20 15:11:18 ----D---- C:\Program Files\Windows Sidebar
2010-05-20 14:36:06 ----D---- C:\Windows\winsxs
2010-05-20 13:41:55 ----D---- C:\Windows\system32\catroot
2010-05-20 13:06:59 ----D---- C:\Windows\system32\catroot2
2010-05-20 13:06:20 ----D---- C:\Windows\system32\XPSViewer
2010-05-20 12:15:29 ----D---- C:\Program Files\Windows Media Player
2010-05-20 12:15:28 ----RSD---- C:\Windows\Fonts
2010-05-20 09:35:43 ----D---- C:\Windows\system32\Tasks
2010-05-20 07:31:21 ----D---- C:\Windows\system32\WDI
2010-05-19 14:00:01 ----D---- C:\Program Files\Common Files\microsoft shared
2010-05-19 13:59:38 ----D---- C:\Windows\ShellNew
2010-05-19 13:58:59 ----SD---- C:\ProgramData\Microsoft
2010-05-19 13:57:22 ----A---- C:\Windows\win.ini
2010-05-19 13:07:38 ----D---- C:\Windows\twain_32
2010-05-19 11:42:46 ----D---- C:\Windows\Logs
2010-05-19 11:38:10 ----SHD---- C:\$Recycle.Bin
2010-05-19 11:37:14 ----RD---- C:\Users
2010-05-19 11:34:41 ----D---- C:\Windows\system32\restore
2010-04-30 11:51:08 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2010-04-09 16744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-04-09 218560]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-04-09 30112]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-04-09 74408]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 2930176]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2010-05-20 14208]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-06-25 176128]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-08-11 610304]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-04-09 1769216]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-05-20 72704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Re: trojan win32 katusha

Napsal: 20 kvě 2010 17:40
od motji
Hezký podvečer :)

:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.





:arrow: Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde :)

Re: trojan win32 katusha

Napsal: 20 kvě 2010 18:25
od Ula
OTL Extras logfile created on: 20.5.2010 18:55:18 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Viktor\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,41 Gb Total Space | 180,11 Gb Free Space | 80,98% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 10,39 Gb Free Space | 99,24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298,02 Gb Total Space | 272,00 Gb Free Space | 91,27% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VIKTOR-PC
Current User Name: Viktor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-928044013-642915283-870121585-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{86BE5422-8F46-46B5-B457-DB3A467E1534}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{603620D7-07BF-460B-A7F1-BDD36BC6D6CA}C:\users\viktor\desktop\strond dc\strongdc.exe" = protocol=6 | dir=in | app=c:\users\viktor\desktop\strond dc\strongdc.exe |
"TCP Query User{6AAB2737-A962-4787-B024-36B65AAFC2A3}C:\users\viktor\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\viktor\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{F1FFAF6D-C9E4-4EC5-9151-8B2C49F89EC9}C:\program files\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
"UDP Query User{2CC659B1-4579-4433-B317-5F018B226F6E}C:\users\viktor\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\viktor\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{6DE4D3CF-4164-4F1A-9D13-A6FAA9343069}C:\program files\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
"UDP Query User{BF0C19F4-0EE0-4969-9090-DECCEDCC6F4D}C:\users\viktor\desktop\strond dc\strongdc.exe" = protocol=17 | dir=in | app=c:\users\viktor\desktop\strond dc\strongdc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E896E6-937B-3069-8916-61C983E17377}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2A091890-F4EA-5138-27A6-6F2D3AEA0ED2}" = Skins
"{2B4A7144-E057-FA8D-1E9D-22B88AFE8054}" = Catalyst Control Center Core Implementation
"{413D86A7-DC4E-CE67-B00A-34DA4D29A747}" = Catalyst Control Center Graphics Previews Common
"{54142E0B-8E3A-141F-8F9E-CF332E3758DB}" = ATI Catalyst Install Manager
"{614ADD01-2835-7206-2DA0-66CD5B7CD572}" = ccc-utility
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5046F7-5EEA-E503-2261-41390824C498}" = Catalyst Control Center Graphics Full Existing
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C1B0AD6D-B3AE-CAFA-160D-376535930FDF}" = Catalyst Control Center Graphics Previews Vista
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D322CB3C-D504-A9C0-365C-5140E53C35AD}" = ccc-core-static
"{E86A8265-A813-658D-9F5C-1F13C0A5B5F9}" = Catalyst Control Center Graphics Full New
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"µTorrent CZ_is1" = µTorrent CZ 1.8.5 (build 17414)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"CCleaner" = CCleaner (remove only)
"Comodo HopSurf Toolbar" = Comodo HopSurf
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Uživatelská příručka" = Epson Stylus SX210_SX410_TX210_TX410 Manuál
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PROR" = Microsoft Office Professional 2007
"Quick Zip_is1" = Quick Zip 4.60.019
"StrongDC++" = StrongDC++ 2.41

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20.5.2010 11:14:00 | Computer Name = Viktor-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 20.5.2010 11:50:56 | Computer Name = Viktor-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 20.5.2010 11:50:57 | Computer Name = Viktor-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 20.5.2010 11:50:57 | Computer Name = Viktor-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 20.5.2010 11:50:57 | Computer Name = Viktor-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 20.5.2010 11:50:58 | Computer Name = Viktor-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 20.5.2010 11:50:58 | Computer Name = Viktor-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 20.5.2010 11:50:59 | Computer Name = Viktor-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 20.5.2010 11:51:00 | Computer Name = Viktor-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 20.5.2010 11:51:00 | Computer Name = Viktor-PC | Source = ATIeRecord | ID = 16387
Description =

[ System Events ]
Error - 20.5.2010 9:34:36 | Computer Name = Viktor-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 20.5.2010 9:34:36 | Computer Name = Viktor-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 20.5.2010 9:34:36 | Computer Name = Viktor-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 20.5.2010 9:34:36 | Computer Name = Viktor-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 20.5.2010 9:34:37 | Computer Name = Viktor-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 20.5.2010 9:34:37 | Computer Name = Viktor-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 20.5.2010 9:34:37 | Computer Name = Viktor-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 20.5.2010 11:14:33 | Computer Name = Viktor-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20.5.2010 11:18:05 | Computer Name = Viktor-PC | Source = DCOM | ID = 10010
Description =

Error - 20.5.2010 11:52:09 | Computer Name = Viktor-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Re: trojan win32 katusha

Napsal: 20 kvě 2010 18:27
od Ula
OTL logfile created on: 20.5.2010 18:55:18 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Viktor\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,41 Gb Total Space | 180,11 Gb Free Space | 80,98% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 10,39 Gb Free Space | 99,24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298,02 Gb Total Space | 272,00 Gb Free Space | 91,27% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VIKTOR-PC
Current User Name: Viktor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.20 18:53:19 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Viktor\Desktop\OTL.exe
PRC - [2010.05.20 14:12:05 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2010.05.20 13:36:00 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.04.09 01:26:14 | 001,769,216 | ---- | M] () -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2010.04.09 01:26:02 | 002,029,456 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2010.04.01 19:59:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.02.19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO livePCsupport\CLPSLS.exe
PRC - [2009.06.25 22:48:44 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.06.25 22:48:16 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2008.10.02 02:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFCE.EXE
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe


========== Modules (SafeList) ==========

MOD - [2010.05.20 18:53:19 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Viktor\Desktop\OTL.exe
MOD - [2010.04.09 01:26:12 | 000,277,240 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.05.20 14:12:05 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.05.20 13:05:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.04.09 01:26:14 | 001,769,216 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010.02.19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV - [2009.06.25 22:48:16 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)


========== Driver Services (SafeList) ==========

DRV - [2010.04.09 01:25:30 | 000,074,408 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2010.04.09 01:25:30 | 000,030,112 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010.04.09 01:25:28 | 000,218,560 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010.04.09 01:25:28 | 000,016,744 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2007.08.12 00:10:00 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-928044013-642915283-870121585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-928044013-642915283-870121585-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 [2010.05.19 12:38:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.20 10:12:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.19 14:00:06 | 000,000,000 | ---D | M]

[2010.05.19 11:55:12 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Mozilla\Extensions
[2010.05.19 11:55:12 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Mozilla\Firefox\Profiles\ryg4xlpq.default\extensions
[2010.05.20 10:12:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.05.20 10:12:44 | 000,002,817 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SiteVacuum.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-928044013-642915283-870121585-1000..\Run: [EPSON SX410 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Viktor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006.11.02 13:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010.05.20 18:53:15 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Viktor\Desktop\OTL.exe
[2010.05.20 18:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.05.20 18:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.20 18:09:17 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.20 18:03:22 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.05.20 17:52:37 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2010.05.20 16:48:26 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF9555.exe
[2010.05.20 16:48:25 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2010.05.20 16:45:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.20 16:45:27 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2010.05.20 15:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2010.05.20 15:54:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2010.05.20 15:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2010.05.20 15:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.05.20 15:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.05.20 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.05.20 14:36:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.05.20 14:36:05 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.20 14:36:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.20 14:36:04 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.05.20 14:36:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010.05.20 14:34:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2010.05.20 14:34:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010.05.20 14:34:47 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2010.05.20 14:33:31 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010.05.20 14:33:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2010.05.20 14:33:28 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2010.05.20 14:33:26 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2010.05.20 14:33:26 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010.05.20 14:33:26 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2010.05.20 14:33:26 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2010.05.20 14:33:25 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2010.05.20 14:33:24 | 000,564,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010.05.20 14:33:24 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2010.05.20 14:33:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2010.05.20 14:33:21 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2010.05.20 14:33:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2010.05.20 14:33:20 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010.05.20 14:33:18 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010.05.20 14:31:02 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010.05.20 14:31:02 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010.05.20 14:31:02 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010.05.20 14:28:00 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACCTRES.dll
[2010.05.20 14:27:59 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2010.05.20 14:27:59 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2010.05.20 14:26:25 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.05.20 14:26:25 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010.05.20 14:26:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010.05.20 14:26:24 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010.05.20 14:26:24 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010.05.20 14:26:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010.05.20 14:26:24 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010.05.20 14:26:24 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010.05.20 14:26:23 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010.05.20 14:24:22 | 000,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010.05.20 14:24:18 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2010.05.20 14:24:15 | 000,028,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2010.05.20 14:22:02 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010.05.20 14:22:00 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010.05.20 14:22:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010.05.20 14:22:00 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010.05.20 14:21:59 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010.05.20 14:20:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2010.05.20 14:20:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2010.05.20 14:19:08 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.05.20 14:16:48 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010.05.20 14:16:48 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010.05.20 14:15:48 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010.05.20 14:15:47 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010.05.20 14:15:47 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010.05.20 14:15:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010.05.20 14:15:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010.05.20 14:15:44 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010.05.20 14:14:15 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.05.20 14:14:14 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.05.20 14:10:04 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.05.20 14:05:22 | 000,374,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010.05.20 14:04:30 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010.05.20 14:04:30 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010.05.20 14:01:28 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010.05.20 14:01:28 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010.05.20 14:00:20 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010.05.20 13:58:22 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010.05.20 13:57:28 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010.05.20 13:56:23 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010.05.20 13:55:25 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2010.05.20 13:55:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2010.05.20 13:55:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2010.05.20 13:55:23 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2010.05.20 13:48:32 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2010.05.20 13:48:31 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.05.20 13:48:30 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.05.20 13:48:29 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.05.20 13:48:29 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.05.20 13:48:29 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2010.05.20 13:48:28 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.05.20 13:48:28 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010.05.20 13:44:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.20 13:42:53 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010.05.20 13:41:06 | 000,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010.05.20 13:41:06 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010.05.20 13:40:22 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2010.05.20 13:38:31 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.05.20 13:38:30 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.05.20 13:38:30 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010.05.20 13:38:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010.05.20 13:38:28 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.05.20 13:38:28 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.05.20 13:38:27 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.05.20 13:38:25 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.05.20 13:38:24 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010.05.20 13:38:23 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010.05.20 13:38:22 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.05.20 13:38:20 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.05.20 13:38:16 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.05.20 13:38:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.05.20 13:38:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010.05.20 13:38:13 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.05.20 13:38:10 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.05.20 13:38:08 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.05.20 13:38:05 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.05.20 13:38:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010.05.20 13:38:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.05.20 13:38:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.05.20 13:38:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.05.20 13:36:00 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.05.20 13:35:25 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010.05.20 13:35:25 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2010.05.20 13:35:25 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2010.05.20 13:35:25 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2010.05.20 13:34:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010.05.20 13:33:48 | 001,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2010.05.20 13:33:48 | 001,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2010.05.20 13:33:47 | 001,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2010.05.20 13:33:47 | 001,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2010.05.20 13:33:47 | 001,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2010.05.20 13:33:46 | 005,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2010.05.20 13:33:46 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2010.05.20 13:33:46 | 001,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2010.05.20 13:33:45 | 007,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2010.05.20 13:33:44 | 005,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2010.05.20 13:33:43 | 006,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2010.05.20 13:33:43 | 004,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2010.05.20 13:33:42 | 004,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2010.05.20 13:33:42 | 002,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2010.05.20 13:33:41 | 003,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2010.05.20 13:33:40 | 006,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2010.05.20 13:33:39 | 011,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2010.05.20 13:33:38 | 004,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2010.05.20 13:33:38 | 001,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2010.05.20 13:33:37 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010.05.20 13:33:36 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2010.05.20 13:33:36 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010.05.20 13:33:35 | 004,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2010.05.20 13:33:35 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2010.05.20 13:33:34 | 004,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2010.05.20 13:33:34 | 001,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2010.05.20 13:33:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2010.05.20 13:33:33 | 006,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2010.05.20 13:33:32 | 006,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2010.05.20 13:33:32 | 006,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2010.05.20 13:33:31 | 009,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2010.05.20 13:33:30 | 006,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2010.05.20 13:33:29 | 005,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2010.05.20 13:33:29 | 001,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2010.05.20 13:33:28 | 004,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2010.05.20 13:33:27 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2010.05.20 13:33:27 | 005,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2010.05.20 13:33:26 | 007,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2010.05.20 13:33:25 | 005,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2010.05.20 13:33:25 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2010.05.20 13:33:24 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2010.05.20 13:33:24 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2010.05.20 13:33:23 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2010.05.20 13:33:22 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2010.05.20 13:33:22 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2010.05.20 13:33:21 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2010.05.20 13:33:21 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2010.05.20 13:33:21 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2010.05.20 13:33:20 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2010.05.20 13:33:20 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2010.05.20 13:33:20 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2010.05.20 13:33:19 | 003,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2010.05.20 13:33:19 | 002,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2010.05.20 13:33:18 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2010.05.20 13:33:18 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2010.05.20 13:33:18 | 001,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2010.05.20 13:33:17 | 002,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2010.05.20 13:33:16 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2010.05.20 13:33:16 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2010.05.20 13:33:15 | 004,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2010.05.20 13:33:15 | 002,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2010.05.20 13:33:14 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2010.05.20 13:33:13 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2010.05.20 13:33:13 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2010.05.20 13:33:12 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2010.05.20 13:33:12 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2010.05.20 13:33:12 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2010.05.20 13:33:11 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2010.05.20 13:33:11 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2010.05.20 13:33:11 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2010.05.20 13:33:10 | 009,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2010.05.20 13:33:09 | 002,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2010.05.20 13:33:08 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2010.05.20 13:33:07 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2010.05.20 13:33:07 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2010.05.20 13:33:06 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2010.05.20 13:33:06 | 000,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010.05.20 13:33:05 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2010.05.20 13:33:05 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2010.05.20 13:33:04 | 006,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2010.05.20 13:33:04 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2010.05.20 13:27:30 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010.05.20 13:27:30 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010.05.20 13:27:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010.05.20 13:27:28 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010.05.20 13:27:27 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.05.20 13:27:27 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010.05.20 13:27:26 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.05.20 13:27:25 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010.05.20 13:27:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2010.05.20 13:27:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010.05.20 13:27:22 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2010.05.20 13:27:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010.05.20 13:27:20 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2010.05.20 13:27:20 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010.05.20 13:27:20 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010.05.20 13:27:19 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2010.05.20 13:27:16 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010.05.20 13:27:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2010.05.20 13:27:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010.05.20 13:27:14 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2010.05.20 13:25:24 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010.05.20 13:25:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010.05.20 13:25:20 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010.05.20 13:25:19 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010.05.20 13:25:19 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010.05.20 13:25:19 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010.05.20 13:24:13 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.05.20 13:24:12 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.05.20 13:23:33 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.05.20 13:22:51 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010.05.20 13:22:50 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010.05.20 13:22:50 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010.05.20 13:21:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2010.05.20 13:21:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2010.05.20 13:21:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010.05.20 13:20:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.05.20 13:20:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010.05.20 13:20:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010.05.20 13:19:12 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010.05.20 13:19:11 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2010.05.20 13:19:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010.05.20 13:19:09 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010.05.20 13:19:08 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010.05.20 13:19:08 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010.05.20 13:19:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010.05.20 13:18:24 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010.05.20 13:18:23 | 000,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010.05.20 13:18:22 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010.05.20 13:16:08 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010.05.20 13:16:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2010.05.20 13:16:04 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010.05.20 13:16:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2010.05.20 13:16:03 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010.05.20 13:15:21 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010.05.20 13:15:21 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2010.05.20 13:14:56 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.05.20 13:13:58 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010.05.20 13:13:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2010.05.20 13:13:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010.05.20 13:13:17 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010.05.20 13:12:26 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.05.20 13:12:25 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.05.20 13:12:24 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.05.20 13:12:23 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.05.20 13:12:23 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.05.20 13:12:22 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.05.20 13:12:21 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.05.20 13:12:20 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.05.20 13:12:20 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.05.20 13:11:44 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010.05.20 13:11:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010.05.20 13:05:48 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010.05.20 13:05:48 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010.05.20 13:05:48 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010.05.20 13:05:48 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010.05.20 13:05:44 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010.05.20 13:05:42 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010.05.20 13:05:42 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.05.20 13:05:42 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.05.20 11:59:31 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2010.05.20 11:34:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.05.20 11:34:49 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010.05.20 11:34:49 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010.05.20 11:17:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.05.20 11:17:15 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.05.20 11:17:15 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.05.20 11:16:21 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010.05.20 11:16:20 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010.05.20 11:15:53 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Local\Microsoft Games
[2010.05.20 11:15:03 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2010.05.20 11:13:51 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010.05.20 11:13:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmi.dll
[2010.05.20 11:11:46 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.05.20 11:11:45 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.05.20 11:08:20 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010.05.20 11:08:20 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010.05.20 11:07:54 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010.05.20 11:07:34 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2010.05.20 11:06:03 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.05.20 11:06:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.05.20 11:06:01 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.05.20 11:06:01 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.05.20 11:06:01 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.05.20 11:04:52 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010.05.20 11:04:17 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.05.20 11:04:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010.05.20 11:04:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010.05.20 11:04:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010.05.20 11:04:10 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010.05.20 11:02:50 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Local\GHISLER
[2010.05.20 10:12:47 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\Babylon
[2010.05.20 10:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2010.05.20 10:10:35 | 000,000,000 | ---D | C] -- C:\Users\Viktor\Desktop\DOWNLOADS
[2010.05.20 09:59:35 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\GHISLER
[2010.05.20 09:58:55 | 003,520,256 | ---- | C] (Ghisler Software GmbH) -- C:\Users\Viktor\Desktop\TOTALCMD.EXE
[2010.05.20 09:55:56 | 000,000,000 | ---D | C] -- C:\Users\Viktor\Documents\StrongDC++
[2010.05.20 09:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\StrongDC++
[2010.05.20 09:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickZip4
[2010.05.20 07:42:30 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.19 21:24:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.05.19 21:24:21 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.05.19 21:23:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2010.05.19 19:50:00 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Local\Adobe
[2010.05.19 16:36:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.05.19 15:29:54 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\uTorrent
[2010.05.19 14:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.05.19 13:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.05.19 13:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.05.19 13:58:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.05.19 13:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.05.19 13:56:49 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Local\Microsoft Help
[2010.05.19 13:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.05.19 13:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.05.19 13:56:00 | 000,000,000 | RH-D | C] -- C:\MSOCache

Re: trojan win32 katusha

Napsal: 20 kvě 2010 18:28
od Ula
[2010.05.19 13:44:48 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\Macromedia
[2010.05.19 13:44:48 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\Adobe
[2010.05.19 13:44:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.05.19 13:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2010.05.19 13:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2010.05.19 13:13:15 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.05.19 13:10:22 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll
[2010.05.19 13:10:22 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll
[2010.05.19 13:10:22 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll
[2010.05.19 13:10:22 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll
[2010.05.19 13:10:22 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EPPicMgr.dll
[2010.05.19 13:10:20 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\InstallShield
[2010.05.19 13:09:18 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2010.05.19 13:09:10 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBFCE.DLL
[2010.05.19 13:09:06 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BFCE.DLL
[2010.05.19 13:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010.05.19 13:07:47 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\eswiaud.dll
[2010.05.19 13:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010.05.19 12:41:49 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010.05.19 12:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010.05.19 12:38:18 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Local\Comodo
[2010.05.19 12:38:16 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\Comodo
[2010.05.19 12:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2010.05.19 12:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010.05.19 12:29:21 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\ATI
[2010.05.19 12:29:21 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Local\ATI
[2010.05.19 12:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.05.19 12:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010.05.19 12:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010.05.19 12:22:27 | 000,000,000 | ---D | C] -- C:\cabs
[2010.05.19 12:03:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.05.19 11:54:59 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\Mozilla
[2010.05.19 11:54:59 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Local\Mozilla
[2010.05.19 11:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.05.19 11:37:59 | 000,000,000 | R--D | C] -- C:\Users\Viktor\Searches
[2010.05.19 11:37:44 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\Identities
[2010.05.19 11:37:40 | 000,000,000 | R--D | C] -- C:\Users\Viktor\Contacts
[2010.05.19 11:37:38 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Local\VirtualStore
[2010.05.19 11:37:24 | 000,000,000 | --SD | C] -- C:\Users\Viktor\AppData\Roaming\Microsoft
[2010.05.19 11:37:24 | 000,000,000 | R--D | C] -- C:\Users\Viktor\Videos
[2010.05.19 11:37:24 | 000,000,000 | R--D | C] -- C:\Users\Viktor\Saved Games
[2010.05.19 11:37:24 | 000,000,000 | R--D | C] -- C:\Users\Viktor\Pictures
[2010.05.19 11:37:24 | 000,000,000 | R--D | C] -- C:\Users\Viktor\Music
[2010.05.19 11:37:24 | 000,000,000 | R--D | C] -- C:\Users\Viktor\Links
[2010.05.19 11:37:24 | 000,000,000 | R--D | C] -- C:\Users\Viktor\Favorites
[2010.05.19 11:37:24 | 000,000,000 | R--D | C] -- C:\Users\Viktor\Downloads
[2010.05.19 11:37:24 | 000,000,000 | R--D | C] -- C:\Users\Viktor\Documents
[2010.05.19 11:37:24 | 000,000,000 | R--D | C] -- C:\Users\Viktor\Desktop
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\AppData\Local\Temporary Internet Files
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\Templates
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\Start Menu
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\SendTo
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\Recent
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\PrintHood
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\NetHood
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\Documents\My Videos
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\Documents\My Pictures
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\Documents\My Music
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\My Documents
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\Local Settings
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\AppData\Local\History
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\Cookies
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\Application Data
[2010.05.19 11:37:24 | 000,000,000 | -HSD | C] -- C:\Users\Viktor\AppData\Local\Application Data
[2010.05.19 11:37:24 | 000,000,000 | -H-D | C] -- C:\Users\Viktor\AppData
[2010.05.19 11:37:24 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Local\Temp
[2010.05.19 11:37:24 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Local\Microsoft
[2010.05.19 11:37:24 | 000,000,000 | ---D | C] -- C:\Users\Viktor\AppData\Roaming\Media Center Programs
[2010.05.19 11:36:53 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010.05.19 11:36:53 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010.05.19 11:36:19 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010.05.19 11:36:19 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010.05.19 11:36:19 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010.05.19 11:35:44 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010.05.19 11:35:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010.05.19 11:28:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.05.19 11:27:10 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010.05.19 11:25:44 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.05.19 11:25:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.20 18:56:22 | 001,048,576 | -HS- | M] () -- C:\Users\Viktor\NTUSER.DAT
[2010.05.20 18:53:19 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Viktor\Desktop\OTL.exe
[2010.05.20 18:51:58 | 000,010,296 | ---- | M] () -- C:\Users\Viktor\Documents\ZALOHA REGISTRU.reg
[2010.05.20 18:51:06 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.20 18:51:06 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.20 18:50:23 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2010.05.20 18:48:35 | 000,001,670 | ---- | M] () -- C:\Users\Viktor\Desktop\CCleaner.lnk
[2010.05.20 17:58:42 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.20 17:58:42 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.20 17:58:42 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.20 17:51:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.20 17:50:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.20 17:50:30 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.20 17:49:23 | 001,323,550 | -H-- | M] () -- C:\Users\Viktor\AppData\Local\IconCache.db
[2010.05.20 17:14:25 | 000,100,432 | ---- | M] () -- C:\Users\Viktor\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.20 17:13:39 | 000,375,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.20 16:48:29 | 000,000,232 | ---- | M] () -- C:\Start_.cmd
[2010.05.20 16:45:28 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2010.05.20 16:45:28 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF9555.exe
[2010.05.20 16:35:25 | 000,001,118 | ---- | M] () -- C:\Users\Viktor\AppData\Roaming\QuickZip45.ini
[2010.05.20 15:54:40 | 000,001,170 | ---- | M] () -- C:\Users\Viktor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010.05.20 15:18:31 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010.05.20 14:36:06 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.05.20 14:36:05 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.20 14:36:05 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.20 14:36:04 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.05.20 14:36:04 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010.05.20 14:34:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2010.05.20 14:34:48 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010.05.20 14:34:47 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2010.05.20 14:33:31 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010.05.20 14:33:31 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2010.05.20 14:33:28 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2010.05.20 14:33:26 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2010.05.20 14:33:26 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010.05.20 14:33:26 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2010.05.20 14:33:26 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2010.05.20 14:33:25 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2010.05.20 14:33:25 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2010.05.20 14:33:24 | 000,564,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010.05.20 14:33:24 | 000,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2010.05.20 14:33:23 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2010.05.20 14:33:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2010.05.20 14:33:20 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2010.05.20 14:33:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010.05.20 14:33:18 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010.05.20 14:31:02 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010.05.20 14:31:02 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010.05.20 14:31:02 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010.05.20 14:28:00 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACCTRES.dll
[2010.05.20 14:27:59 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2010.05.20 14:27:59 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2010.05.20 14:26:25 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.05.20 14:26:25 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010.05.20 14:26:25 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010.05.20 14:26:24 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010.05.20 14:26:24 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010.05.20 14:26:24 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010.05.20 14:26:24 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010.05.20 14:26:24 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010.05.20 14:26:23 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010.05.20 14:24:22 | 000,704,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010.05.20 14:24:18 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2010.05.20 14:24:15 | 000,028,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2010.05.20 14:22:02 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010.05.20 14:22:01 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2010.05.20 14:22:00 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010.05.20 14:22:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010.05.20 14:22:00 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010.05.20 14:21:59 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010.05.20 14:20:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2010.05.20 14:20:31 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2010.05.20 14:19:08 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.05.20 14:16:48 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010.05.20 14:16:48 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010.05.20 14:15:48 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010.05.20 14:15:47 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010.05.20 14:15:47 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010.05.20 14:15:47 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010.05.20 14:15:47 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010.05.20 14:15:44 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010.05.20 14:14:15 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.05.20 14:14:14 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.05.20 14:10:04 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.05.20 14:05:22 | 000,374,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010.05.20 14:04:30 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010.05.20 14:04:30 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010.05.20 14:01:28 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010.05.20 14:01:28 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010.05.20 14:00:20 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010.05.20 13:58:22 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010.05.20 13:57:28 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010.05.20 13:56:23 | 000,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010.05.20 13:55:25 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2010.05.20 13:55:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2010.05.20 13:55:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2010.05.20 13:55:23 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2010.05.20 13:48:32 | 001,244,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2010.05.20 13:48:31 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.05.20 13:48:30 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.05.20 13:48:29 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.05.20 13:48:29 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.05.20 13:48:29 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2010.05.20 13:48:28 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.05.20 13:48:28 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010.05.20 13:44:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.20 13:42:53 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010.05.20 13:41:06 | 000,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010.05.20 13:41:06 | 000,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010.05.20 13:40:22 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2010.05.20 13:38:31 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.05.20 13:38:30 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.05.20 13:38:30 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010.05.20 13:38:29 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010.05.20 13:38:28 | 002,452,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.05.20 13:38:28 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.05.20 13:38:27 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.05.20 13:38:25 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.05.20 13:38:24 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010.05.20 13:38:23 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010.05.20 13:38:22 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.05.20 13:38:20 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.05.20 13:38:16 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.05.20 13:38:15 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.05.20 13:38:15 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010.05.20 13:38:13 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.05.20 13:38:10 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.05.20 13:38:08 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.05.20 13:38:05 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.05.20 13:38:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010.05.20 13:38:00 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.05.20 13:38:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.05.20 13:38:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.05.20 13:36:00 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.05.20 13:35:25 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010.05.20 13:35:25 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2010.05.20 13:35:25 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2010.05.20 13:35:25 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2010.05.20 13:34:59 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010.05.20 13:33:48 | 001,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2010.05.20 13:33:48 | 001,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2010.05.20 13:33:47 | 001,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2010.05.20 13:33:47 | 001,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2010.05.20 13:33:47 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2010.05.20 13:33:46 | 005,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2010.05.20 13:33:46 | 002,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2010.05.20 13:33:46 | 001,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2010.05.20 13:33:45 | 007,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2010.05.20 13:33:44 | 005,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2010.05.20 13:33:43 | 006,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2010.05.20 13:33:43 | 004,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2010.05.20 13:33:42 | 004,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2010.05.20 13:33:42 | 002,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2010.05.20 13:33:41 | 003,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2010.05.20 13:33:40 | 006,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2010.05.20 13:33:39 | 011,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2010.05.20 13:33:38 | 004,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2010.05.20 13:33:38 | 001,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2010.05.20 13:33:37 | 012,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010.05.20 13:33:36 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2010.05.20 13:33:36 | 002,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010.05.20 13:33:35 | 004,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2010.05.20 13:33:35 | 001,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2010.05.20 13:33:34 | 004,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2010.05.20 13:33:34 | 001,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2010.05.20 13:33:34 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2010.05.20 13:33:33 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2010.05.20 13:33:32 | 006,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2010.05.20 13:33:32 | 006,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2010.05.20 13:33:31 | 009,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2010.05.20 13:33:30 | 006,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2010.05.20 13:33:29 | 005,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2010.05.20 13:33:29 | 001,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2010.05.20 13:33:28 | 004,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2010.05.20 13:33:27 | 005,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2010.05.20 13:33:27 | 005,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2010.05.20 13:33:26 | 007,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2010.05.20 13:33:25 | 005,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2010.05.20 13:33:25 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2010.05.20 13:33:24 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2010.05.20 13:33:24 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2010.05.20 13:33:23 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2010.05.20 13:33:22 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2010.05.20 13:33:22 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2010.05.20 13:33:21 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2010.05.20 13:33:21 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2010.05.20 13:33:21 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2010.05.20 13:33:20 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2010.05.20 13:33:20 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2010.05.20 13:33:20 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2010.05.20 13:33:19 | 003,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2010.05.20 13:33:19 | 002,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2010.05.20 13:33:18 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2010.05.20 13:33:18 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2010.05.20 13:33:18 | 001,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2010.05.20 13:33:17 | 002,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2010.05.20 13:33:16 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2010.05.20 13:33:16 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2010.05.20 13:33:15 | 004,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2010.05.20 13:33:15 | 002,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2010.05.20 13:33:14 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2010.05.20 13:33:13 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2010.05.20 13:33:13 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2010.05.20 13:33:12 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2010.05.20 13:33:12 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2010.05.20 13:33:12 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2010.05.20 13:33:11 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2010.05.20 13:33:11 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2010.05.20 13:33:11 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2010.05.20 13:33:10 | 009,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2010.05.20 13:33:09 | 002,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2010.05.20 13:33:08 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2010.05.20 13:33:07 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2010.05.20 13:33:07 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2010.05.20 13:33:06 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2010.05.20 13:33:06 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010.05.20 13:33:05 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2010.05.20 13:33:05 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2010.05.20 13:33:04 | 006,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2010.05.20 13:33:04 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2010.05.20 13:27:36 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2010.05.20 13:27:36 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2010.05.20 13:27:36 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2010.05.20 13:27:36 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2010.05.20 13:27:36 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2010.05.20 13:27:36 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2010.05.20 13:27:30 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010.05.20 13:27:30 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010.05.20 13:27:30 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010.05.20 13:27:28 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010.05.20 13:27:27 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.05.20 13:27:27 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010.05.20 13:27:26 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.05.20 13:27:25 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010.05.20 13:27:24 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2010.05.20 13:27:23 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010.05.20 13:27:22 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2010.05.20 13:27:21 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010.05.20 13:27:20 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2010.05.20 13:27:20 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010.05.20 13:27:20 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010.05.20 13:27:19 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2010.05.20 13:27:16 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010.05.20 13:27:15 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2010.05.20 13:27:15 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010.05.20 13:27:14 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2010.05.20 13:25:24 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010.05.20 13:25:24 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010.05.20 13:25:20 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010.05.20 13:25:19 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010.05.20 13:25:19 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010.05.20 13:25:19 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010.05.20 13:24:13 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.05.20 13:24:12 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.05.20 13:23:33 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.05.20 13:22:51 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010.05.20 13:22:50 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010.05.20 13:22:50 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010.05.20 13:21:16 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2010.05.20 13:21:16 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2010.05.20 13:21:15 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010.05.20 13:20:49 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.05.20 13:20:01 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010.05.20 13:20:01 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010.05.20 13:19:12 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010.05.20 13:19:11 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2010.05.20 13:19:11 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010.05.20 13:19:09 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010.05.20 13:19:08 | 000,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010.05.20 13:19:08 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010.05.20 13:19:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010.05.20 13:18:24 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010.05.20 13:18:24 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010.05.20 13:18:22 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010.05.20 13:16:08 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010.05.20 13:16:08 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2010.05.20 13:16:04 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010.05.20 13:16:04 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2010.05.20 13:16:03 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010.05.20 13:15:21 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010.05.20 13:15:21 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2010.05.20 13:14:56 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.05.20 13:13:58 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010.05.20 13:13:57 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2010.05.20 13:13:17 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010.05.20 13:13:17 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010.05.20 13:12:26 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.05.20 13:12:25 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.05.20 13:12:24 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.05.20 13:12:23 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.05.20 13:12:23 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.05.20 13:12:22 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.05.20 13:12:21 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.05.20 13:12:20 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.05.20 13:12:20 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.05.20 13:11:44 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010.05.20 13:11:17 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010.05.20 13:05:48 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010.05.20 13:05:48 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010.05.20 13:05:48 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010.05.20 13:05:48 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010.05.20 13:05:44 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010.05.20 13:05:42 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010.05.20 13:05:42 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.05.20 13:05:42 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.05.20 12:55:01 | 025,493,504 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010.05.20 12:55:01 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010.05.20 12:55:01 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010.05.20 11:59:31 | 008,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2010.05.20 11:34:52 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.05.20 11:34:49 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010.05.20 11:34:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010.05.20 11:17:19 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.05.20 11:17:15 | 004,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.05.20 11:17:15 | 001,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.05.20 11:16:21 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010.05.20 11:16:20 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010.05.20 11:15:03 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2010.05.20 11:13:51 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010.05.20 11:13:21 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmi.dll
[2010.05.20 11:11:46 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.05.20 11:11:45 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.05.20 11:08:20 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010.05.20 11:08:20 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010.05.20 11:07:54 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010.05.20 11:07:34 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2010.05.20 11:06:03 | 001,327,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.05.20 11:06:02 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.05.20 11:06:01 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.05.20 11:06:01 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.05.20 11:06:01 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.05.20 11:04:52 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010.05.20 11:04:17 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.05.20 11:04:16 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010.05.20 11:04:15 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010.05.20 11:04:15 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010.05.20 11:04:10 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010.05.19 21:24:23 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010.05.19 15:29:56 | 000,000,758 | ---- | M] () -- C:\Users\Viktor\Desktop\µTorrent.lnk
[2010.05.19 13:57:22 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.05.19 13:13:59 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2010.05.19 13:07:48 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010.05.19 12:39:36 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2010.05.19 11:54:56 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.19 11:46:12 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.05.19 11:44:57 | 000,524,288 | -HS- | M] () -- C:\Users\Viktor\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.05.19 11:44:57 | 000,524,288 | -HS- | M] () -- C:\Users\Viktor\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.19 11:44:57 | 000,065,536 | -HS- | M] () -- C:\Users\Viktor\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.19 11:38:28 | 000,000,680 | ---- | M] () -- C:\Users\Viktor\AppData\Local\d3d9caps.dat
[2010.05.19 11:37:24 | 000,000,020 | -HS- | M] () -- C:\Users\Viktor\ntuser.ini
[2010.05.19 11:36:53 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010.05.19 11:36:53 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010.05.19 11:36:19 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010.05.19 11:36:19 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010.05.19 11:36:19 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010.05.19 11:35:44 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010.05.19 11:35:43 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010.05.19 11:29:19 | 000,041,176 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.05.19 11:29:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

Re: trojan win32 katusha

Napsal: 20 kvě 2010 18:29
od Ula
========== Files Created - No Company Name ==========

[2010.05.20 18:51:54 | 000,010,296 | ---- | C] () -- C:\Users\Viktor\Documents\ZALOHA REGISTRU.reg
[2010.05.20 18:48:35 | 000,001,670 | ---- | C] () -- C:\Users\Viktor\Desktop\CCleaner.lnk
[2010.05.20 16:48:29 | 000,000,232 | ---- | C] () -- C:\Start_.cmd
[2010.05.20 15:54:39 | 000,001,170 | ---- | C] () -- C:\Users\Viktor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010.05.20 14:33:25 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2010.05.20 14:22:01 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010.05.20 11:38:26 | 025,493,504 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010.05.20 11:38:26 | 000,327,680 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010.05.20 11:38:26 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010.05.20 09:22:05 | 000,001,118 | ---- | C] () -- C:\Users\Viktor\AppData\Roaming\QuickZip45.ini
[2010.05.19 21:24:23 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010.05.19 21:24:22 | 000,438,840 | RHS- | C] () -- C:\bootmgr
[2010.05.19 21:23:46 | 000,330,752 | R--- | C] () -- C:\Windows\System32\drivers\NETBIOS.PDB
[2010.05.19 15:29:56 | 000,000,758 | ---- | C] () -- C:\Users\Viktor\Desktop\µTorrent.lnk
[2010.05.19 13:13:59 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2010.05.19 13:10:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.05.19 13:10:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.05.19 13:10:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.05.19 13:10:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.05.19 13:10:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.05.19 13:10:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.05.19 13:10:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.05.19 13:10:22 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010.05.19 13:10:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.05.19 13:10:22 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2010.05.19 13:10:22 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010.05.19 13:10:22 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010.05.19 13:10:22 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2010.05.19 13:10:22 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010.05.19 13:10:22 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010.05.19 13:10:22 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2010.05.19 13:10:22 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010.05.19 13:10:22 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2010.05.19 13:10:22 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2010.05.19 13:10:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.05.19 13:10:22 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2010.05.19 13:10:22 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2010.05.19 13:10:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.05.19 13:10:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.05.19 13:10:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.05.19 13:10:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.05.19 13:10:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.05.19 13:10:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.05.19 13:10:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.05.19 13:10:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.05.19 13:10:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.05.19 13:10:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.05.19 13:07:48 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010.05.19 12:41:14 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010.05.19 12:39:36 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2010.05.19 11:54:56 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.19 11:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.19 11:46:08 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2010.05.19 11:37:27 | 000,000,680 | ---- | C] () -- C:\Users\Viktor\AppData\Local\d3d9caps.dat
[2010.05.19 11:37:24 | 001,048,576 | -HS- | C] () -- C:\Users\Viktor\NTUSER.DAT
[2010.05.19 11:37:24 | 000,524,288 | -HS- | C] () -- C:\Users\Viktor\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.05.19 11:37:24 | 000,524,288 | -HS- | C] () -- C:\Users\Viktor\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.19 11:37:24 | 000,262,144 | -H-- | C] () -- C:\Users\Viktor\ntuser.dat.LOG1
[2010.05.19 11:37:24 | 000,065,536 | -HS- | C] () -- C:\Users\Viktor\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.19 11:37:24 | 000,000,020 | -HS- | C] () -- C:\Users\Viktor\ntuser.ini
[2010.05.19 11:37:24 | 000,000,000 | -H-- | C] () -- C:\Users\Viktor\ntuser.dat.LOG2
[2009.06.25 22:47:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010.05.20 10:12:47 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\Babylon
[2010.05.20 09:59:35 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\GHISLER
[2010.05.20 17:11:47 | 000,000,000 | ---D | M] -- C:\Users\Viktor\AppData\Roaming\uTorrent
[2010.05.20 17:49:29 | 000,004,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"EPSON SX410 Series" = C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU "C:\Windows\TEMP\E_SE021.tmp" /EF "HKCU" -- [2008.10.02 02:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION)

< c:\windows\*.* /U >


< MD5 for: AGP440.SYS >
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.19 07:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010.05.20 13:41:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2010.05.20 13:41:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010.05.20 13:41:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.01.19 06:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2010.05.20 13:41:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2010.05.20 13:36:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.05.20 13:36:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010.05.20 13:35:59 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010.05.20 13:35:58 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.08.27 05:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010.05.20 14:24:14 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.08.27 04:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2010.05.20 14:24:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2010.05.20 13:36:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: HAL.DLL >
[2006.11.02 11:51:12 | 000,160,872 | ---- | M] (Microsoft Corporation) MD5=E3A21FC3407DA84C5FF41B5088A67C3B -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: LSASS.EXE >
[2009.09.10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2010.05.20 14:19:03 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2010.05.20 14:19:05 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2010.05.20 13:20:03 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2010.05.20 14:19:01 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2010.05.20 13:20:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2010.05.20 14:19:09 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\System32\lsass.exe
[2010.05.20 14:19:09 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2010.05.20 14:18:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2010.05.20 14:19:07 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2010.05.20 13:19:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2009.02.13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
[2010.05.20 13:19:58 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: SCECLI.DLL >
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: SMSS.EXE >
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\System32\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe

< MD5 for: USERINIT.EXE >
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007.08.12 00:00:04 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2010.05.20 13:19:12 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< End of report >

Re: trojan win32 katusha

Napsal: 20 kvě 2010 22:02
od motji
Vy jste použil combofix a tímjste smazal stopy, nikde nic nevidím :roll:
Prosím složku C:\Qoobox dejte do raru nebo zipu a pošlete na http://www.leteckaposta.cz. Link ke stránce mi vložte do sz, díky :)

:arrow: Dejte soubor otestovat na http://www.virustotal.com

C:\Windows\System32\ATIDEMGX.dll
C:\Windows\System32\rsaenh.dll
C:\Windows\System32\SLC.dll
C:\Windows\System32\ws2_32.dll


-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače



:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Re: trojan win32 katusha

Napsal: 21 kvě 2010 16:21
od Ula
Dobry den, log je cisty a ty 4 soubory take.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4124

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

21.5.2010 17:14:05
mbam-log-2010-05-21 (17-14-05).txt

Typ skenu: Rychlý sken
Skenované objekty: 116237
Uplynulý čas: 9 minuta(y), 27 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Soubor ws2_32.dll přijatý 2010.05.21 14:59:55 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)


Soubor SLC.dll přijatý 2010.05.21 14:59:32 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)

Soubor rsaenh.dll přijatý 2010.05.21 14:58:58 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)

Soubor ATIDEMGX.dll přijatý 2010.05.21 14:58:16 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)

Co se tyce souboru z Combofixu, pritel si program odnekud stahnul a zkousel pustit, ale combofix se nejak zasekl a musel pc restartovat, a na C je ve slozce pouze zaloha registru, zadny jiny soubor ne, tak nevim, zda to budete chtit poslat. Dekuji.

Re: trojan win32 katusha

Napsal: 21 kvě 2010 16:34
od Ula
Dneska Comodo neco smazalo a po restartu uz nevyskakovala hlaska, ze je tam vir a nejde smazat. Ale po instalaci nejakych novych programu, ktere vyzadovaly restart se stalo, ze windows vubec nenabehli a muselo se pc vypnout a znovu zapnout. a po kazdem restartu se to tak stane, ze nabehne jen cerna obrazovka - muze to mit souvislost s updaty od microsoftu, ktere cekali na instalaci? Dekujeme moc za pomoc.

Re: trojan win32 katusha

Napsal: 21 kvě 2010 20:25
od motji
Dejte obnovu systému k datu před instalací.
Běžte do nouzového režimu (po restartu mačkejte F8)

Pokud se do pc nedostanete vůbec, napište.

Re: trojan win32 katusha

Napsal: 22 kvě 2010 13:22
od Ula
Zkouseli jsme obnovu systemu, system se restartoval a nabehl, ale napsal, ze obnova nelze provest a ma se vybrat jine datum pro obnovu. Kazdopadne bylo to, jako by obnova probehla, protoze vir byl zpatky kde byl predtim a pc normalne uz restartovat jde - po restartu windows nabehnou. Comodo neco zas smazalo, tak snad by to melo byt v poradku. Mame pro jistotu poslat nejaky log na kontrolu? A jeste bych se jen chtela zeptat, pri vymazu jednoho trojana co byl v nejakem souboru na plose, tak i se souborem zmizel z plochy kos a ikona pc. Asi je to hloupa otazka, ale odkud muzeme ikony kose a pocitace vratit na plochu?

Dekujeme moc za pomoc.

Re: trojan win32 katusha

Napsal: 22 kvě 2010 14:00
od motji
Poprosím o nový log ze Rsitu.
Můžete prosím zjistit, co všechno antivir smazal - jaké soubory?
Ten koš by se měl po restartu vrátit na plochu :o .

Re: trojan win32 katusha

Napsal: 24 kvě 2010 17:22
od motji
Jak to tu vypadá? :)

Re: trojan win32 katusha

Napsal: 27 kvě 2010 20:27
od Ula
Dobry vecer, omlouvam se za spozdeni, nebyla jsem v CR a pritel to nechava na mne :) Zasilam log


Logfile of random's system information tool 1.07 (written by random/random)
Run by Viktor at 2010-05-27 21:25:13
Microsoft® Windows Vista™ Home Premium
System drive C: has 151 GB (67%) free of 228 GB
Total RAM: 3070 MB (63% free)


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E9FAB13D-4600-49E1-90D1-EE961C859D39} - HopSurf toolbar - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll [2010-05-19 1331392]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2010-05-20 1006264]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-04-09 2029456]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON SX410 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [2008-10-02 199680]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

C:\Users\Viktor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6fcaddd-64b7-11df-aafe-0003254d0f3e}]
shell\AutoRun\command - H:\Torchlight_Setup.exe


======List of files/folders created in the last 1 months======

2010-05-26 19:56:17 ----D---- C:\Program Files\Microsoft Works
2010-05-26 19:55:53 ----D---- C:\Program Files\Microsoft Visual Studio
2010-05-26 19:55:53 ----D---- C:\Program Files\Common Files\DESIGNER
2010-05-26 19:55:02 ----D---- C:\Program Files\Microsoft.NET
2010-05-26 19:51:52 ----D---- C:\Program Files\Microsoft Office
2010-05-26 19:50:17 ----RHD---- C:\MSOCache
2010-05-24 03:00:59 ----SHD---- C:\Config.Msi
2010-05-23 17:45:25 ----D---- C:\ProgramData\Sun
2010-05-23 17:45:23 ----D---- C:\Program Files\Common Files\Java
2010-05-23 17:44:52 ----A---- C:\Windows\system32\javaws.exe
2010-05-23 17:44:52 ----A---- C:\Windows\system32\deployJava1.dll
2010-05-23 17:44:51 ----A---- C:\Windows\system32\javaw.exe
2010-05-23 17:44:51 ----A---- C:\Windows\system32\java.exe
2010-05-23 17:44:23 ----D---- C:\Program Files\Java
2010-05-22 12:59:40 ----D---- C:\Users\Viktor\AppData\Roaming\skypePM
2010-05-22 12:56:42 ----D---- C:\Users\Viktor\AppData\Roaming\Skype
2010-05-22 12:56:17 ----D---- C:\Program Files\Common Files\Skype
2010-05-22 12:56:16 ----RD---- C:\Program Files\Skype
2010-05-22 12:56:10 ----D---- C:\ProgramData\Skype
2010-05-22 07:56:01 ----D---- C:\Program Files\Microsoft
2010-05-22 07:36:09 ----D---- C:\Program Files\Windows Live SkyDrive
2010-05-22 07:36:01 ----D---- C:\Program Files\Windows Live
2010-05-22 07:34:27 ----D---- C:\Program Files\Common Files\Windows Live
2010-05-21 22:02:41 ----A---- C:\Windows\system32\es.dll
2010-05-21 17:03:20 ----D---- C:\Users\Viktor\AppData\Roaming\Malwarebytes
2010-05-21 17:03:12 ----D---- C:\ProgramData\Malwarebytes
2010-05-21 17:03:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-21 12:32:05 ----D---- C:\ATI
2010-05-21 12:18:53 ----D---- C:\Users\Viktor\AppData\Roaming\runic games
2010-05-21 12:14:05 ----D---- C:\Program Files\Runic Games
2010-05-21 10:57:24 ----D---- C:\Program Files\Elaborate Bytes
2010-05-21 08:49:10 ----D---- C:\Program Files\PMlabs
2010-05-20 22:00:49 ----A---- C:\Windows\iun6002.exe
2010-05-20 22:00:44 ----D---- C:\Program Files\Codec Pack - All In 1
2010-05-20 21:59:53 ----A---- C:\Windows\Codec Pack - All In 1 Setup Log.txt
2010-05-20 18:48:34 ----D---- C:\Program Files\CCleaner
2010-05-20 18:09:17 ----D---- C:\rsit
2010-05-20 18:09:17 ----D---- C:\Program Files\trend micro
2010-05-20 18:03:22 ----D---- C:\32788R22FWJFW
2010-05-20 17:52:37 ----D---- C:\32788R22FWJFW.0.tmp
2010-05-20 16:48:29 ----A---- C:\Start_.cmd
2010-05-20 16:48:26 ----A---- C:\Windows\system32\CF9555.exe
2010-05-20 16:48:25 ----A---- C:\Windows\system32\swsc.exe
2010-05-20 16:45:37 ----D---- C:\Qoobox
2010-05-20 16:45:30 ----A---- C:\Bug.txt
2010-05-20 16:45:27 ----A---- C:\Windows\system32\cmd.execf
2010-05-20 15:52:23 ----D---- C:\ProgramData\Adobe
2010-05-20 15:52:23 ----D---- C:\Program Files\Common Files\Adobe
2010-05-20 15:51:50 ----D---- C:\Program Files\Adobe
2010-05-20 14:36:06 ----A---- C:\Windows\system32\t2embed.dll
2010-05-20 14:36:05 ----A---- C:\Windows\system32\lpk.dll
2010-05-20 14:36:05 ----A---- C:\Windows\system32\atmlib.dll
2010-05-20 14:36:05 ----A---- C:\Windows\system32\atmfd.dll
2010-05-20 14:36:04 ----A---- C:\Windows\system32\fontsub.dll
2010-05-20 14:36:04 ----A---- C:\Windows\system32\dciman32.dll
2010-05-20 14:34:48 ----A---- C:\Windows\system32\winipsec.dll
2010-05-20 14:34:48 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2010-05-20 14:34:47 ----A---- C:\Windows\system32\polstore.dll
2010-05-20 14:34:47 ----A---- C:\Windows\system32\IPSECSVC.DLL
2010-05-20 14:33:31 ----A---- C:\Windows\system32\riched32.dll
2010-05-20 14:33:31 ----A---- C:\Windows\system32\riched20.dll
2010-05-20 14:33:26 ----A---- C:\Windows\system32\rasser.dll
2010-05-20 14:33:26 ----A---- C:\Windows\system32\rasdiag.dll
2010-05-20 14:33:26 ----A---- C:\Windows\system32\rascfg.dll
2010-05-20 14:33:25 ----A---- C:\Windows\system32\rasmxs.dll
2010-05-20 14:33:24 ----A---- C:\Windows\system32\netcfgx.dll
2010-05-20 14:33:24 ----A---- C:\Windows\system32\msftedit.dll
2010-05-20 14:33:23 ----A---- C:\Windows\system32\icsunattend.exe
2010-05-20 14:33:22 ----A---- C:\Windows\system32\ipnathlp.dll
2010-05-20 14:33:21 ----A---- C:\Windows\system32\wshqos.dll
2010-05-20 14:33:20 ----A---- C:\Windows\system32\traffic.dll
2010-05-20 14:33:20 ----A---- C:\Windows\system32\pacerprf.dll
2010-05-20 14:33:18 ----A---- C:\Windows\system32\dps.dll
2010-05-20 14:33:18 ----A---- C:\Windows\system32\cdd.dll
2010-05-20 14:31:02 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-05-20 14:31:02 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-05-20 14:31:02 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-05-20 14:28:00 ----A---- C:\Windows\system32\ACCTRES.dll
2010-05-20 14:27:59 ----A---- C:\Windows\system32\msoert2.dll
2010-05-20 14:27:59 ----A---- C:\Windows\system32\msoeacct.dll
2010-05-20 14:26:25 ----A---- C:\Windows\system32\TCPSVCS.EXE
2010-05-20 14:26:25 ----A---- C:\Windows\system32\netevent.dll
2010-05-20 14:26:25 ----A---- C:\Windows\system32\MRINFO.EXE
2010-05-20 14:26:24 ----A---- C:\Windows\system32\ROUTE.EXE
2010-05-20 14:26:24 ----A---- C:\Windows\system32\NETSTAT.EXE
2010-05-20 14:26:24 ----A---- C:\Windows\system32\netiohlp.dll
2010-05-20 14:26:24 ----A---- C:\Windows\system32\HOSTNAME.EXE
2010-05-20 14:26:24 ----A---- C:\Windows\system32\finger.exe
2010-05-20 14:26:23 ----A---- C:\Windows\system32\ARP.EXE
2010-05-20 14:24:18 ----A---- C:\Windows\system32\wtsapi32.dll
2010-05-20 14:24:12 ----A---- C:\Windows\system32\sysmain.dll
2010-05-20 14:23:05 ----A---- C:\Windows\system32\WebClnt.dll
2010-05-20 14:22:02 ----A---- C:\Windows\system32\L2SecHC.dll
2010-05-20 14:22:00 ----A---- C:\Windows\system32\wlansvc.dll
2010-05-20 14:22:00 ----A---- C:\Windows\system32\wlanmsm.dll
2010-05-20 14:22:00 ----A---- C:\Windows\system32\wlanhlp.dll
2010-05-20 14:22:00 ----A---- C:\Windows\system32\wlanapi.dll
2010-05-20 14:21:59 ----A---- C:\Windows\system32\wlansec.dll
2010-05-20 14:20:33 ----A---- C:\Windows\system32\msxml3.dll
2010-05-20 14:20:32 ----A---- C:\Windows\system32\msxml3r.dll
2010-05-20 14:20:31 ----A---- C:\Windows\system32\msxml6r.dll
2010-05-20 14:20:31 ----A---- C:\Windows\system32\msxml6.dll
2010-05-20 14:19:10 ----A---- C:\Windows\system32\wdigest.dll
2010-05-20 14:19:10 ----A---- C:\Windows\system32\msv1_0.dll
2010-05-20 14:19:09 ----A---- C:\Windows\system32\secur32.dll
2010-05-20 14:19:09 ----A---- C:\Windows\system32\lsass.exe
2010-05-20 14:19:08 ----A---- C:\Windows\system32\lsasrv.dll
2010-05-20 14:16:48 ----A---- C:\Windows\system32\winsrv.dll
2010-05-20 14:16:48 ----A---- C:\Windows\system32\csrsrv.dll
2010-05-20 14:15:48 ----A---- C:\Windows\system32\mf.dll
2010-05-20 14:15:47 ----A---- C:\Windows\system32\rrinstaller.exe
2010-05-20 14:15:47 ----A---- C:\Windows\system32\mfps.dll
2010-05-20 14:15:47 ----A---- C:\Windows\system32\mfpmp.exe
2010-05-20 14:15:47 ----A---- C:\Windows\system32\mferror.dll
2010-05-20 14:15:44 ----A---- C:\Windows\system32\WMVCORE.DLL
2010-05-20 14:14:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-05-20 14:14:14 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-05-20 14:11:05 ----A---- C:\Windows\system32\winhttp.dll
2010-05-20 14:10:04 ----A---- C:\Windows\system32\vbscript.dll
2010-05-20 14:09:02 ----A---- C:\Windows\system32\atl.dll
2010-05-20 14:07:10 ----A---- C:\Windows\system32\gdi32.dll
2010-05-20 14:05:22 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2010-05-20 14:04:30 ----A---- C:\Windows\system32\xolehlp.dll
2010-05-20 14:04:30 ----A---- C:\Windows\system32\msdtcprx.dll
2010-05-20 14:03:31 ----A---- C:\Windows\system32\wkssvc.dll
2010-05-20 14:01:28 ----A---- C:\Windows\system32\tsgqec.dll
2010-05-20 14:01:28 ----A---- C:\Windows\system32\aaclient.dll
2010-05-20 14:01:27 ----A---- C:\Windows\system32\mstscax.dll
2010-05-20 14:00:20 ----A---- C:\Windows\system32\wmpeffects.dll
2010-05-20 13:58:22 ----A---- C:\Windows\system32\msscp.dll
2010-05-20 13:56:23 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2010-05-20 13:55:25 ----A---- C:\Windows\system32\FirewallAPI.dll
2010-05-20 13:55:24 ----A---- C:\Windows\system32\MPSSVC.dll
2010-05-20 13:55:24 ----A---- C:\Windows\system32\icfupgd.dll
2010-05-20 13:55:23 ----A---- C:\Windows\system32\wfapigp.dll
2010-05-20 13:55:23 ----A---- C:\Windows\system32\cmifw.dll
2010-05-20 13:54:29 ----A---- C:\Windows\system32\netapi32.dll
2010-05-20 13:48:32 ----A---- C:\Windows\system32\mcmde.dll
2010-05-20 13:48:30 ----A---- C:\Windows\system32\EncDec.dll
2010-05-20 13:48:28 ----A---- C:\Windows\system32\psisdecd.dll
2010-05-20 13:45:15 ----A---- C:\Windows\system32\shell32.dll
2010-05-20 13:44:01 ----A---- C:\Windows\system32\tzres.dll
2010-05-20 13:42:53 ----A---- C:\Windows\system32\localspl.dll
2010-05-20 13:40:22 ----A---- C:\Windows\system32\DWWIN.EXE
2010-05-20 13:38:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-05-20 13:38:31 ----A---- C:\Windows\system32\advpack.dll
2010-05-20 13:38:30 ----A---- C:\Windows\system32\ieaksie.dll
2010-05-20 13:38:30 ----A---- C:\Windows\system32\admparse.dll
2010-05-20 13:38:29 ----A---- C:\Windows\system32\ieakui.dll
2010-05-20 13:38:28 ----A---- C:\Windows\system32\ieapfltr.dll
2010-05-20 13:38:27 ----A---- C:\Windows\system32\iepeers.dll
2010-05-20 13:38:25 ----A---- C:\Windows\system32\wininet.dll
2010-05-20 13:38:25 ----A---- C:\Windows\system32\jsproxy.dll
2010-05-20 13:38:24 ----A---- C:\Windows\system32\dxtrans.dll
2010-05-20 13:38:23 ----A---- C:\Windows\system32\dxtmsft.dll
2010-05-20 13:38:22 ----A---- C:\Windows\system32\msfeeds.dll
2010-05-20 13:38:20 ----A---- C:\Windows\system32\ieui.dll
2010-05-20 13:38:19 ----A---- C:\Windows\system32\ieframe.dll
2010-05-20 13:38:16 ----A---- C:\Windows\system32\mshtmled.dll
2010-05-20 13:38:15 ----A---- C:\Windows\system32\mshtmler.dll
2010-05-20 13:38:15 ----A---- C:\Windows\system32\ieencode.dll
2010-05-20 13:38:14 ----A---- C:\Windows\system32\mshtml.dll
2010-05-20 13:38:10 ----A---- C:\Windows\system32\mstime.dll
2010-05-20 13:38:09 ----A---- C:\Windows\system32\icardie.dll
2010-05-20 13:38:05 ----A---- C:\Windows\system32\ieUnatt.exe
2010-05-20 13:38:04 ----A---- C:\Windows\system32\occache.dll
2010-05-20 13:38:03 ----A---- C:\Windows\system32\urlmon.dll
2010-05-20 13:38:02 ----A---- C:\Windows\system32\pngfilt.dll
2010-05-20 13:38:02 ----A---- C:\Windows\system32\iertutil.dll
2010-05-20 13:38:00 ----A---- C:\Windows\system32\iesetup.dll
2010-05-20 13:38:00 ----A---- C:\Windows\system32\iernonce.dll
2010-05-20 13:38:00 ----A---- C:\Windows\system32\ie4uinit.exe
2010-05-20 13:36:00 ----A---- C:\Windows\explorer.exe
2010-05-20 13:35:25 ----A---- C:\Windows\system32\hcrstco.dll
2010-05-20 13:35:25 ----A---- C:\Windows\system32\hccoin.dll
2010-05-20 13:34:59 ----A---- C:\Windows\system32\netcfg.exe
2010-05-20 13:33:48 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2010-05-20 13:33:48 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2010-05-20 13:33:47 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2010-05-20 13:33:47 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2010-05-20 13:33:47 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2010-05-20 13:33:46 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2010-05-20 13:33:46 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2010-05-20 13:33:46 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2010-05-20 13:33:45 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2010-05-20 13:33:44 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2010-05-20 13:33:43 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2010-05-20 13:33:43 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2010-05-20 13:33:42 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2010-05-20 13:33:42 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2010-05-20 13:33:41 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2010-05-20 13:33:40 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2010-05-20 13:33:39 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2010-05-20 13:33:38 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2010-05-20 13:33:38 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2010-05-20 13:33:37 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2010-05-20 13:33:36 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2010-05-20 13:33:36 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2010-05-20 13:33:35 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2010-05-20 13:33:35 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2010-05-20 13:33:34 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2010-05-20 13:33:34 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2010-05-20 13:33:34 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2010-05-20 13:33:33 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2010-05-20 13:33:32 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2010-05-20 13:33:32 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2010-05-20 13:33:31 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2010-05-20 13:33:30 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2010-05-20 13:33:29 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2010-05-20 13:33:29 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2010-05-20 13:33:28 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2010-05-20 13:33:27 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2010-05-20 13:33:27 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2010-05-20 13:33:26 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2010-05-20 13:33:25 ----A---- C:\Windows\system32\NlsModels0011.dll
2010-05-20 13:33:25 ----A---- C:\Windows\system32\NlsData0045.dll
2010-05-20 13:33:24 ----A---- C:\Windows\system32\NlsData0047.dll
2010-05-20 13:33:24 ----A---- C:\Windows\system32\NlsData0046.dll
2010-05-20 13:33:23 ----A---- C:\Windows\system32\NlsData0049.dll
2010-05-20 13:33:22 ----A---- C:\Windows\system32\NlsData0039.dll
2010-05-20 13:33:22 ----A---- C:\Windows\system32\NlsData0020.dll
2010-05-20 13:33:21 ----A---- C:\Windows\system32\NlsData0024.dll
2010-05-20 13:33:21 ----A---- C:\Windows\system32\NlsData0022.dll
2010-05-20 13:33:21 ----A---- C:\Windows\system32\NlsData0021.dll
2010-05-20 13:33:20 ----A---- C:\Windows\system32\NlsData0027.dll
2010-05-20 13:33:20 ----A---- C:\Windows\system32\NlsData0026.dll
2010-05-20 13:33:20 ----A---- C:\Windows\system32\NlsData0010.dll
2010-05-20 13:33:19 ----A---- C:\Windows\system32\NlsData0013.dll
2010-05-20 13:33:19 ----A---- C:\Windows\system32\NlsData0011.dll
2010-05-20 13:33:18 ----A---- C:\Windows\system32\NlsData0019.dll
2010-05-20 13:33:18 ----A---- C:\Windows\system32\NlsData0018.dll
2010-05-20 13:33:18 ----A---- C:\Windows\system32\NlsData0000.dll
2010-05-20 13:33:17 ----A---- C:\Windows\system32\NlsData0001.dll
2010-05-20 13:33:16 ----A---- C:\Windows\system32\NlsData0003.dll
2010-05-20 13:33:16 ----A---- C:\Windows\system32\NlsData0002.dll
2010-05-20 13:33:15 ----A---- C:\Windows\system32\NlsData0009.dll
2010-05-20 13:33:15 ----A---- C:\Windows\system32\NlsData0007.dll
2010-05-20 13:33:14 ----A---- C:\Windows\system32\NlsData004a.dll
2010-05-20 13:33:13 ----A---- C:\Windows\system32\NlsData004c.dll
2010-05-20 13:33:13 ----A---- C:\Windows\system32\NlsData004b.dll
2010-05-20 13:33:12 ----A---- C:\Windows\system32\NlsData004e.dll
2010-05-20 13:33:12 ----A---- C:\Windows\system32\NlsData003e.dll
2010-05-20 13:33:12 ----A---- C:\Windows\system32\NlsData002a.dll
2010-05-20 13:33:11 ----A---- C:\Windows\system32\NlsData001d.dll
2010-05-20 13:33:11 ----A---- C:\Windows\system32\NlsData001b.dll
2010-05-20 13:33:11 ----A---- C:\Windows\system32\NlsData001a.dll
2010-05-20 13:33:10 ----A---- C:\Windows\system32\NlsData000a.dll
2010-05-20 13:33:09 ----A---- C:\Windows\system32\NlsData000c.dll
2010-05-20 13:33:08 ----A---- C:\Windows\system32\NlsData000d.dll
2010-05-20 13:33:07 ----A---- C:\Windows\system32\NlsData0414.dll
2010-05-20 13:33:07 ----A---- C:\Windows\system32\NlsData000f.dll
2010-05-20 13:33:06 ----A---- C:\Windows\system32\NlsData0416.dll
2010-05-20 13:33:06 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2010-05-20 13:33:05 ----A---- C:\Windows\system32\NlsData081a.dll
2010-05-20 13:33:05 ----A---- C:\Windows\system32\NlsData0816.dll
2010-05-20 13:33:04 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2010-05-20 13:33:04 ----A---- C:\Windows\system32\NlsData0c1a.dll
2010-05-20 13:28:43 ----A---- C:\Windows\system32\setupapi.dll
2010-05-20 13:27:30 ----A---- C:\Windows\system32\srdelayed.exe
2010-05-20 13:27:30 ----A---- C:\Windows\system32\srcore.dll
2010-05-20 13:27:30 ----A---- C:\Windows\system32\srclient.dll
2010-05-20 13:27:30 ----A---- C:\Windows\system32\rstrui.exe
2010-05-20 13:27:28 ----A---- C:\Windows\system32\wpd_ci.dll
2010-05-20 13:27:27 ----A---- C:\Windows\system32\winresume.exe
2010-05-20 13:27:27 ----A---- C:\Windows\system32\kd1394.dll
2010-05-20 13:27:26 ----A---- C:\Windows\system32\winload.exe
2010-05-20 13:27:25 ----A---- C:\Windows\system32\ci.dll
2010-05-20 13:27:24 ----A---- C:\Windows\system32\cfgmgr32.dll
2010-05-20 13:27:23 ----A---- C:\Windows\system32\umpnpmgr.dll
2010-05-20 13:27:23 ----A---- C:\Windows\system32\drvinst.exe
2010-05-20 13:27:22 ----A---- C:\Windows\system32\dpx.dll
2010-05-20 13:27:21 ----A---- C:\Windows\system32\oleaut32.dll
2010-05-20 13:27:21 ----A---- C:\Windows\system32\kbd106n.dll
2010-05-20 13:27:20 ----A---- C:\Windows\system32\unlodctr.exe
2010-05-20 13:27:20 ----A---- C:\Windows\system32\lodctr.exe
2010-05-20 13:27:20 ----A---- C:\Windows\system32\loadperf.dll
2010-05-20 13:27:19 ----A---- C:\Windows\system32\prflbmsg.dll
2010-05-20 13:27:17 ----A---- C:\Windows\system32\schedsvc.dll
2010-05-20 13:27:15 ----A---- C:\Windows\system32\f3ahvoas.dll
2010-05-20 13:27:15 ----A---- C:\Windows\system32\batt.dll
2010-05-20 13:27:14 ----A---- C:\Windows\system32\dispci.dll
2010-05-20 13:25:27 ----A---- C:\Windows\system32\rpcss.dll
2010-05-20 13:25:24 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-05-20 13:25:24 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-05-20 13:25:20 ----A---- C:\Windows\system32\iasads.dll
2010-05-20 13:25:19 ----A---- C:\Windows\system32\sdohlp.dll
2010-05-20 13:25:19 ----A---- C:\Windows\system32\iasrecst.dll
2010-05-20 13:25:19 ----A---- C:\Windows\system32\iasdatastore.dll
2010-05-20 13:23:33 ----A---- C:\Windows\system32\jscript.dll
2010-05-20 13:22:52 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-05-20 13:22:50 ----A---- C:\Windows\system32\tcpipcfg.dll
2010-05-20 13:22:50 ----A---- C:\Windows\system32\netiougc.exe
2010-05-20 13:21:16 ----A---- C:\Windows\system32\LAPRXY.DLL
2010-05-20 13:21:16 ----A---- C:\Windows\system32\asferror.dll
2010-05-20 13:21:15 ----A---- C:\Windows\system32\WMASF.DLL
2010-05-20 13:20:49 ----A---- C:\Windows\system32\browserchoice.exe
2010-05-20 13:20:04 ----A---- C:\Windows\system32\kernel32.dll
2010-05-20 13:20:01 ----A---- C:\Windows\system32\apilogen.dll
2010-05-20 13:20:01 ----A---- C:\Windows\system32\amxread.dll
2010-05-20 13:19:12 ----A---- C:\Windows\system32\SLC.dll
2010-05-20 13:19:11 ----A---- C:\Windows\system32\slwmi.dll
2010-05-20 13:19:11 ----A---- C:\Windows\system32\mcbuilder.exe
2010-05-20 13:19:09 ----A---- C:\Windows\system32\SLCommDlg.dll
2010-05-20 13:19:08 ----A---- C:\Windows\system32\SLUINotify.dll
2010-05-20 13:19:08 ----A---- C:\Windows\system32\SLUI.exe
2010-05-20 13:19:08 ----A---- C:\Windows\system32\SLLUA.exe
2010-05-20 13:19:06 ----A---- C:\Windows\system32\SLsvc.exe
2010-05-20 13:19:06 ----A---- C:\Windows\system32\slcinst.dll
2010-05-20 13:18:24 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-05-20 13:18:23 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-05-20 13:18:22 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-05-20 13:16:08 ----A---- C:\Windows\system32\ntprint.exe
2010-05-20 13:16:08 ----A---- C:\Windows\system32\ntprint.dll
2010-05-20 13:16:04 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2010-05-20 13:16:04 ----A---- C:\Windows\system32\dhcpcsvc.dll
2010-05-20 13:16:04 ----A---- C:\Windows\system32\dhcpcmonitor.dll
2010-05-20 13:16:03 ----A---- C:\Windows\system32\authui.dll
2010-05-20 13:15:58 ----A---- C:\Windows\system32\sendmail.dll
2010-05-20 13:15:21 ----A---- C:\Windows\system32\win32spl.dll
2010-05-20 13:15:21 ----A---- C:\Windows\system32\printcom.dll
2010-05-20 13:13:57 ----A---- C:\Windows\system32\wshrm.dll
2010-05-20 13:13:18 ----A---- C:\Windows\system32\wmpdxm.dll
2010-05-20 13:12:26 ----A---- C:\Windows\system32\msdrm.dll
2010-05-20 13:12:25 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-05-20 13:12:24 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-05-20 13:12:23 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-05-20 13:12:23 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-05-20 13:12:22 ----A---- C:\Windows\system32\secproc.dll
2010-05-20 13:12:21 ----A---- C:\Windows\system32\RMActivate.exe
2010-05-20 13:12:20 ----A---- C:\Windows\system32\secproc_isv.dll
2010-05-20 13:12:20 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-05-20 13:11:44 ----A---- C:\Windows\system32\sbunattend.exe
2010-05-20 13:11:18 ----A---- C:\Windows\system32\dnsrslvr.dll
2010-05-20 13:11:18 ----A---- C:\Windows\system32\dnsapi.dll
2010-05-20 13:11:17 ----A---- C:\Windows\system32\dnscacheugc.exe
2010-05-20 13:11:01 ----A---- C:\Windows\system32\schannel.dll
2010-05-20 13:05:48 ----A---- C:\Windows\system32\infocardapi.dll
2010-05-20 13:05:48 ----A---- C:\Windows\system32\icardres.dll
2010-05-20 13:05:48 ----A---- C:\Windows\system32\icardagt.exe
2010-05-20 13:05:44 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-05-20 13:05:42 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2010-05-20 13:05:42 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-05-20 13:05:42 ----A---- C:\Windows\system32\PresentationHost.exe
2010-05-20 11:34:52 ----A---- C:\Windows\system32\netfxperf.dll
2010-05-20 11:34:52 ----A---- C:\Windows\system32\dfshim.dll
2010-05-20 11:34:49 ----A---- C:\Windows\system32\mscories.dll
2010-05-20 11:34:49 ----A---- C:\Windows\system32\mscorier.dll
2010-05-20 11:34:49 ----A---- C:\Windows\system32\mscoree.dll
2010-05-20 11:17:19 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-05-20 11:17:15 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-05-20 11:17:15 ----A---- C:\Windows\system32\gameux.dll
2010-05-20 11:16:21 ----A---- C:\Windows\system32\logagent.exe
2010-05-20 11:16:20 ----A---- C:\Windows\system32\WMNetMgr.dll
2010-05-20 11:15:03 ----A---- C:\Windows\system32\INETRES.dll
2010-05-20 11:15:03 ----A---- C:\Windows\system32\inetcomm.dll
2010-05-20 11:14:27 ----A---- C:\Windows\system32\msasn1.dll
2010-05-20 11:13:51 ----A---- C:\Windows\system32\connect.dll
2010-05-20 11:13:21 ----A---- C:\Windows\system32\wmi.dll
2010-05-20 11:13:21 ----A---- C:\Windows\system32\imagehlp.dll
2010-05-20 11:12:58 ----A---- C:\Windows\system32\rpcrt4.dll
2010-05-20 11:11:46 ----A---- C:\Windows\system32\httpapi.dll
2010-05-20 11:11:45 ----A---- C:\Windows\system32\nshhttp.dll
2010-05-20 11:08:38 ----A---- C:\Windows\system32\crypt32.dll
2010-05-20 11:08:20 ----A---- C:\Windows\system32\rastls.dll
2010-05-20 11:08:20 ----A---- C:\Windows\system32\raschap.dll
2010-05-20 11:07:54 ----A---- C:\Windows\system32\WSDApi.dll
2010-05-20 11:07:19 ----A---- C:\Windows\system32\user32.dll
2010-05-20 11:06:04 ----A---- C:\Windows\system32\tsbyuv.dll
2010-05-20 11:06:04 ----A---- C:\Windows\system32\msyuv.dll
2010-05-20 11:06:04 ----A---- C:\Windows\system32\iyuv_32.dll
2010-05-20 11:06:03 ----A---- C:\Windows\system32\quartz.dll
2010-05-20 11:06:02 ----A---- C:\Windows\system32\avicap32.dll
2010-05-20 11:06:01 ----A---- C:\Windows\system32\msvidc32.dll
2010-05-20 11:06:01 ----A---- C:\Windows\system32\msvfw32.dll
2010-05-20 11:06:01 ----A---- C:\Windows\system32\msrle32.dll
2010-05-20 11:06:01 ----A---- C:\Windows\system32\mciavi32.dll
2010-05-20 11:06:01 ----A---- C:\Windows\system32\avifil32.dll
2010-05-20 11:05:07 ----A---- C:\Windows\system32\qmgr.dll
2010-05-20 11:04:52 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2010-05-20 11:04:17 ----A---- C:\Windows\system32\wmploc.DLL
2010-05-20 11:04:16 ----A---- C:\Windows\system32\wmp.dll
2010-05-20 11:04:16 ----A---- C:\Windows\system32\spwmp.dll
2010-05-20 11:04:15 ----A---- C:\Windows\system32\dxmasf.dll
2010-05-20 11:04:10 ----A---- C:\Windows\system32\unregmp2.exe
2010-05-20 10:12:47 ----D---- C:\Users\Viktor\AppData\Roaming\Babylon
2010-05-20 10:12:47 ----D---- C:\ProgramData\Babylon
2010-05-20 09:59:35 ----D---- C:\Users\Viktor\AppData\Roaming\GHISLER
2010-05-20 09:55:00 ----D---- C:\Program Files\StrongDC++
2010-05-20 09:22:05 ----A---- C:\Users\Viktor\AppData\Roaming\QuickZip45.ini
2010-05-20 09:21:55 ----D---- C:\Program Files\QuickZip4
2010-05-20 07:42:30 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-19 21:24:37 ----D---- C:\Windows\Panther
2010-05-19 21:24:23 ----RAS---- C:\BOOTSECT.BAK

Re: trojan win32 katusha

Napsal: 27 kvě 2010 20:28
od Ula
2010-05-19 21:24:21 ----SHD---- C:\Boot
2010-05-19 21:23:46 ----D---- C:\Windows\system32\OEM
2010-05-19 16:36:56 ----D---- C:\Windows\Minidump
2010-05-19 15:29:54 ----D---- C:\Users\Viktor\AppData\Roaming\uTorrent
2010-05-19 13:58:59 ----D---- C:\Windows\PCHEALTH
2010-05-19 13:56:44 ----D---- C:\ProgramData\Microsoft Help
2010-05-19 13:44:48 ----D---- C:\Users\Viktor\AppData\Roaming\Macromedia
2010-05-19 13:44:48 ----D---- C:\Users\Viktor\AppData\Roaming\Adobe
2010-05-19 13:44:44 ----D---- C:\Windows\system32\Macromed
2010-05-19 13:13:59 ----D---- C:\ProgramData\UDL
2010-05-19 13:13:17 ----D---- C:\Program Files\Epson Software
2010-05-19 13:13:15 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-19 13:10:22 ----A---- C:\Windows\system32\PICSDK2.dll
2010-05-19 13:10:22 ----A---- C:\Windows\system32\PICSDK.ini
2010-05-19 13:10:22 ----A---- C:\Windows\system32\PICSDK.dll
2010-05-19 13:10:22 ----A---- C:\Windows\system32\PICEntry.dll
2010-05-19 13:10:22 ----A---- C:\Windows\system32\EpPicPrt.dll
2010-05-19 13:10:22 ----A---- C:\Windows\system32\EPPicMgr.dll
2010-05-19 13:10:20 ----D---- C:\Users\Viktor\AppData\Roaming\InstallShield
2010-05-19 13:09:18 ----A---- C:\Windows\system32\E_DCINST.DLL
2010-05-19 13:09:10 ----A---- C:\Windows\system32\E_FLBFCE.DLL
2010-05-19 13:09:06 ----A---- C:\Windows\system32\E_FD4BFCE.DLL
2010-05-19 13:08:50 ----D---- C:\ProgramData\EPSON
2010-05-19 13:07:47 ----A---- C:\Windows\system32\eswiaud.dll
2010-05-19 13:07:38 ----D---- C:\Program Files\epson
2010-05-19 12:41:49 ----HD---- C:\VritualRoot
2010-05-19 12:41:34 ----D---- C:\ProgramData\COMODO
2010-05-19 12:38:16 ----D---- C:\Users\Viktor\AppData\Roaming\Comodo
2010-05-19 12:38:16 ----D---- C:\Program Files\Comodo
2010-05-19 12:37:39 ----D---- C:\ProgramData\Comodo Downloader
2010-05-19 12:29:21 ----D---- C:\Users\Viktor\AppData\Roaming\ATI
2010-05-19 12:29:21 ----D---- C:\ProgramData\ATI
2010-05-19 12:25:22 ----D---- C:\Program Files\ATI Technologies
2010-05-19 12:25:19 ----D---- C:\Program Files\ATI
2010-05-19 12:22:27 ----D---- C:\cabs
2010-05-19 12:03:08 ----SHD---- C:\Windows\Installer
2010-05-19 11:54:59 ----D---- C:\Users\Viktor\AppData\Roaming\Mozilla
2010-05-19 11:54:51 ----D---- C:\Program Files\Mozilla Firefox
2010-05-19 11:44:19 ----A---- C:\Windows\system32\wintrust.dll
2010-05-19 11:44:00 ----A---- C:\Windows\system32\cabview.dll
2010-05-19 11:37:44 ----D---- C:\Users\Viktor\AppData\Roaming\Identities
2010-05-19 11:37:24 ----SD---- C:\Users\Viktor\AppData\Roaming\Microsoft
2010-05-19 11:37:24 ----D---- C:\Users\Viktor\AppData\Roaming\Media Center Programs
2010-05-19 11:36:53 ----A---- C:\Windows\system32\wups2.dll
2010-05-19 11:36:53 ----A---- C:\Windows\system32\wucltux.dll
2010-05-19 11:36:53 ----A---- C:\Windows\system32\wuaueng.dll
2010-05-19 11:36:53 ----A---- C:\Windows\system32\wuauclt.exe
2010-05-19 11:36:19 ----A---- C:\Windows\system32\wups.dll
2010-05-19 11:36:19 ----A---- C:\Windows\system32\wudriver.dll
2010-05-19 11:36:19 ----A---- C:\Windows\system32\wuapi.dll
2010-05-19 11:35:44 ----A---- C:\Windows\system32\wuwebv.dll
2010-05-19 11:35:43 ----A---- C:\Windows\system32\wuapp.exe
2010-05-19 11:28:25 ----D---- C:\Windows\SoftwareDistribution
2010-05-19 11:27:10 ----D---- C:\Windows\Debug
2010-05-19 11:25:44 ----D---- C:\Windows\Prefetch
2010-05-19 11:25:29 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2010-05-27 21:25:19 ----D---- C:\Windows\Temp
2010-05-27 21:19:31 ----D---- C:\Windows
2010-05-27 15:20:59 ----D---- C:\Windows\system32\catroot2
2010-05-27 15:20:59 ----D---- C:\Windows\system32\catroot
2010-05-27 15:20:25 ----D---- C:\Windows\winsxs
2010-05-27 03:01:50 ----D---- C:\Windows\servicing
2010-05-26 19:58:44 ----RSD---- C:\Windows\assembly
2010-05-26 19:56:17 ----RD---- C:\Program Files
2010-05-26 19:55:53 ----D---- C:\Windows\System32
2010-05-26 19:55:53 ----D---- C:\Program Files\Common Files
2010-05-26 19:55:51 ----D---- C:\Program Files\Common Files\microsoft shared
2010-05-26 19:55:49 ----D---- C:\Windows\ShellNew
2010-05-26 19:55:16 ----RSD---- C:\Windows\Fonts
2010-05-26 19:52:45 ----A---- C:\Windows\win.ini
2010-05-26 19:52:41 ----D---- C:\Program Files\Common Files\System
2010-05-26 19:35:26 ----SD---- C:\ProgramData\Microsoft
2010-05-26 03:00:54 ----D---- C:\Windows\system32\WDI
2010-05-25 19:48:07 ----D---- C:\Windows\inf
2010-05-25 19:48:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-23 17:45:25 ----HD---- C:\ProgramData
2010-05-22 12:56:39 ----D---- C:\Windows\system32\Tasks
2010-05-21 22:48:48 ----D---- C:\Windows\Microsoft.NET
2010-05-21 17:03:13 ----D---- C:\Windows\system32\drivers
2010-05-20 16:48:25 ----D---- C:\Windows\system32\en-US
2010-05-20 15:18:31 ----ASH---- C:\Program Files\desktop.ini
2010-05-20 15:18:13 ----D---- C:\Windows\rescache
2010-05-20 15:11:50 ----D---- C:\Windows\system32\ras
2010-05-20 15:11:50 ----D---- C:\Windows\system32\icsxml
2010-05-20 15:11:50 ----D---- C:\Program Files\Windows Calendar
2010-05-20 15:11:47 ----D---- C:\Program Files\Windows Mail
2010-05-20 15:11:46 ----D---- C:\Windows\system32\wbem
2010-05-20 15:11:42 ----D---- C:\Program Files\Windows Defender
2010-05-20 15:11:38 ----D---- C:\Windows\ehome
2010-05-20 15:11:38 ----D---- C:\Program Files\Movie Maker
2010-05-20 15:11:36 ----D---- C:\Program Files\Internet Explorer
2010-05-20 15:11:35 ----D---- C:\Windows\system32\migration
2010-05-20 15:11:34 ----D---- C:\Windows\AppPatch
2010-05-20 15:11:23 ----D---- C:\Windows\system32\manifeststore
2010-05-20 15:11:22 ----D---- C:\Windows\system32\SLUI
2010-05-20 15:11:18 ----D---- C:\Program Files\Windows Sidebar
2010-05-20 13:06:20 ----D---- C:\Windows\system32\XPSViewer
2010-05-20 12:15:29 ----D---- C:\Program Files\Windows Media Player
2010-05-19 13:07:38 ----D---- C:\Windows\twain_32
2010-05-19 11:42:46 ----D---- C:\Windows\Logs
2010-05-19 11:38:10 ----SHD---- C:\$Recycle.Bin
2010-05-19 11:37:14 ----RD---- C:\Users
2010-05-19 11:34:41 ----D---- C:\Windows\system32\restore
2010-04-30 11:51:08 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2010-04-09 16744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-04-09 218560]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-04-09 30112]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-04-09 74408]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-03-09 104464]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 2930176]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2010-05-20 14208]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-06-25 176128]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-08-11 610304]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-04-09 1769216]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz