VIRY.CZ

Zdravím nevedome som otvoril nejaky subor (vir) ,hlasil ho aj nod ocakavujuc ze napriek viru budu fungovat aj ten program za "ktory sa vir vydaval". Naneštastie program sa neotvoril len mi to pospúštalo nejaké vírusy. Urobil som už kontrolu nodom nie som si však istý či je už všetko preč preto prikladám log.
Ďakujem


Logfile of random's system information tool 1.09 (written by random/random)
Run by Dominik at 2012-01-16 15:19:36
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 52 GB (52%) free of 100 GB
Total RAM: 4093 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:19:41, on 16. 1. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Dominik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - HKCU\..\Run: [iTIcTKXhQQ.exe] C:\Users\Dominik\AppData\Roaming\QeMdPTsheYqnLgFLHTWk\QeMdPTsheYqnLgFLHTWk\0.0.0.0\iTIcTKXhQQ.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9243AF4A-6B8E-45C1-BF42-146FACA697D8}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9034 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2a0
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\WLANExt.exe 25271520
\??\C:\Windows\system32\conhost.exe "1055626699-75261096512248178681387236140168887777717369538231449733908357055481
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
"C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --extension-process --enable-print-preview --channel=3068.009EEA80.1781661889 /prefetch:3
"C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll" --lang=sk --channel=3068.058BF700.1354752438 /prefetch:4
"C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=CacheListSize/CacheListSize_14/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=3068.058BAA80.1062908173 /prefetch:3
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\rundll32.exe "C:\Users\Dominik\AppData\Local\Google\Chrome\APPLIC~1\160912~1.75\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Dominik\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll" --lang=sk --channel=3068.05AB5380.551974801 --flash-broker=3480 /prefetch:4
"C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Dominik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" --lang=sk --channel=3068.05A98380.710276164 /prefetch:4
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\wbem\WmiApSrv.exe
"C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=CacheListSize/CacheListSize_14/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=3068.09F80600.888279900 /prefetch:3
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Dominik\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29 3844768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-29 2716216]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe []
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1840720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 136176]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
"Sony Ericsson PC Companion"=C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2009-06-18 772096]
"iTIcTKXhQQ.exe"=C:\Users\Dominik\AppData\Roaming\QeMdPTsheYqnLgFLHTWk\QeMdPTsheYqnLgFLHTWk\0.0.0.0\iTIcTKXhQQ.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SSBkgdUpdate"=C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-16 15:19:37 ----D---- C:\Program Files\trend micro
2012-01-16 15:19:36 ----D---- C:\rsit
2012-01-15 21:16:25 ----D---- C:\Users\Dominik\AppData\Roaming\Mozilla
2012-01-15 21:05:32 ----D---- C:\Users\Dominik\AppData\Roaming\QeMdPTsheYqnLgFLHTWk
2012-01-15 21:05:32 ----D---- C:\ProgramData\Facebook Password Cracker
2012-01-11 15:57:23 ----A---- C:\Windows\system32\quartz.dll
2012-01-11 15:57:22 ----A---- C:\Windows\SYSWOW64\quartz.dll
2012-01-11 15:57:22 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-01-11 15:57:22 ----A---- C:\Windows\system32\qdvd.dll
2012-01-11 15:57:21 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-01-11 15:57:21 ----A---- C:\Windows\system32\jscript.dll
2012-01-11 15:57:19 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2012-01-11 15:57:19 ----A---- C:\Windows\system32\ntdll.dll
2012-01-11 15:57:18 ----A---- C:\Windows\SYSWOW64\packager.dll
2012-01-11 15:57:18 ----A---- C:\Windows\system32\packager.dll
2012-01-08 21:16:49 ----D---- C:\Program Files (x86)\MSXML 4.0
2012-01-07 14:46:23 ----D---- C:\Users\Dominik\AppData\Roaming\Canon
2012-01-07 14:44:04 ----D---- C:\ProgramData\InstallShield
2012-01-07 14:44:04 ----A---- C:\Windows\MAXLINK.INI
2012-01-07 14:43:56 ----D---- C:\Users\Dominik\AppData\Roaming\ScanSoft
2012-01-07 14:43:49 ----D---- C:\ProgramData\ScanSoft
2012-01-07 14:43:11 ----D---- C:\Program Files (x86)\ScanSoft
2012-01-07 14:41:52 ----D---- C:\Program Files\Common Files\CANON
2012-01-07 14:41:06 ----D---- C:\Program Files\Canon
2012-01-07 14:38:56 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2012-01-07 14:38:28 ----A---- C:\Windows\system32\CNMLM94.DLL
2012-01-07 14:38:19 ----A---- C:\Windows\system32\CNC520O.DLL
2012-01-07 14:38:18 ----A---- C:\Windows\system32\CNC520L.DLL
2012-01-07 14:38:18 ----A---- C:\Windows\system32\CNC520I.DLL
2012-01-07 14:38:18 ----A---- C:\Windows\system32\CNC520C.DLL
2012-01-07 14:37:55 ----HD---- C:\Program Files\CanonBJ
2012-01-06 19:37:53 ----D---- C:\Program Files (x86)\Canon
2012-01-02 19:54:50 ----D---- C:\ProgramData\Readon
2012-01-02 19:49:07 ----D---- C:\Program Files (x86)\Readon Technology
2011-12-29 16:00:11 ----D---- C:\Users\Dominik\AppData\Roaming\vlc
2011-12-29 15:58:15 ----D---- C:\Program Files (x86)\VideoLAN
2011-12-29 14:00:14 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2011-12-29 14:00:14 ----A---- C:\Windows\system32\FntCache.dll
2011-12-29 14:00:14 ----A---- C:\Windows\system32\DWrite.dll
2011-12-29 14:00:14 ----A---- C:\Windows\system32\d2d1.dll
2011-12-29 14:00:13 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2011-12-28 12:26:35 ----D---- C:\Windows\Minidump
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018whnt.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018wh.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018unic.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018obex.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018nd5.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018mgmt.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018mdm.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018mdfl.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018cr.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018cmnt.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018cm.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018bus.sys
2011-12-27 15:36:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-12-27 15:36:23 ----D---- C:\ProgramData\Sony Ericsson
2011-12-27 15:36:23 ----D---- C:\Program Files (x86)\Sony Ericsson
2011-12-27 14:17:50 ----D---- C:\Users\Dominik\AppData\Roaming\Red Alert 3
2011-12-27 14:09:47 ----D---- C:\Program Files (x86)\Electronic Arts
2011-12-27 14:09:46 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-12-27 14:09:46 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-12-27 14:09:46 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-12-27 14:09:46 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-12-27 14:09:45 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-12-27 14:09:45 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-12-27 14:09:45 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-12-27 14:09:45 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-12-27 14:09:45 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-12-27 14:09:45 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-12-27 14:09:44 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2011-12-27 14:09:44 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-12-26 13:40:14 ----D---- C:\Windows\Hewlett-Packard
2011-12-26 13:19:31 ----HD---- C:\ProgramData\CanonBJ
2011-12-26 13:14:15 ----D---- C:\Program Files (x86)\Microsoft Works
2011-12-26 13:14:00 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-12-26 13:13:29 ----D---- C:\Windows\PCHEALTH
2011-12-26 13:11:59 ----D---- C:\Program Files\Microsoft Office
2011-12-26 13:11:54 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-12-26 13:11:27 ----D---- C:\Program Files (x86)\Microsoft Office
2011-12-26 13:11:26 ----D---- C:\ProgramData\Microsoft Help
2011-12-26 13:09:38 ----RHD---- C:\MSOCache
2011-12-26 13:04:34 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-12-26 13:04:28 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-12-26 13:04:04 ----D---- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Lite
2011-12-26 13:04:02 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-12-24 12:54:40 ----D---- C:\ProgramData\Adobe
2011-12-24 12:54:35 ----D---- C:\Program Files (x86)\Adobe
2011-12-24 12:48:45 ----D---- C:\Dev-Pas
2011-12-21 08:24:04 ----SHD---- C:\Config.Msi
2011-12-19 21:09:11 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-12-19 20:38:54 ----D---- C:\ProgramData\Uninstall
2011-12-19 20:38:48 ----D---- C:\Program Files\Hewlett-Packard
2011-12-19 20:38:28 ----D---- C:\Users\Dominik\AppData\Roaming\Roxio Log Files
2011-12-19 20:36:41 ----A---- C:\Windows\system32\wwansvc.dll
2011-12-19 20:36:16 ----D---- C:\system.sav
2011-12-19 20:36:12 ----D---- C:\Program Files (x86)\Hewlett-Packard
2011-12-19 18:26:26 ----A---- C:\Windows\system32\drivers\btwrchid.sys
2011-12-19 18:26:26 ----A---- C:\Windows\system32\drivers\btwl2cap.sys
2011-12-19 18:26:26 ----A---- C:\Windows\system32\drivers\btwavdt.sys
2011-12-19 18:26:25 ----A---- C:\Windows\system32\drivers\btwaudio.sys
2011-12-19 18:25:58 ----D---- C:\Program Files\WIDCOMM
2011-12-19 16:54:32 ----D---- C:\ObsoleteNodEnabler
2011-12-19 16:52:22 ----D---- C:\ProgramData\ESET
2011-12-19 16:52:22 ----D---- C:\Program Files\ESET
2011-12-19 16:31:59 ----A---- C:\Windows\system32\AESTCo64.dll
2011-12-19 16:23:28 ----D---- C:\Users\Dominik\AppData\Roaming\Skype
2011-12-19 16:23:24 ----RD---- C:\Program Files (x86)\Skype
2011-12-19 16:23:20 ----D---- C:\ProgramData\Skype
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbohci.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-12-19 16:02:13 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-12-19 16:02:13 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-12-19 16:02:12 ----A---- C:\Windows\SYSWOW64\esent.dll
2011-12-19 16:02:12 ----A---- C:\Windows\system32\fsutil.exe
2011-12-19 16:02:12 ----A---- C:\Windows\system32\esent.dll
2011-12-19 16:02:12 ----A---- C:\Windows\system32\drivers\amdxata.sys
2011-12-19 16:02:11 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\storport.sys
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\nvstor.sys
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\nvraid.sys
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\amdsata.sys
2011-12-19 15:35:30 ----D---- C:\Windows\SYSWOW64\drivers\sk-SK
2011-12-19 15:35:29 ----D---- C:\Windows\sk-SK
2011-12-19 15:35:26 ----D---- C:\Windows\system32\drivers\sk-SK
2011-12-19 14:54:30 ----D---- C:\Users\Dominik\AppData\Roaming\WinRAR
2011-12-19 14:53:40 ----D---- C:\Program Files\WinRAR
2011-12-19 14:53:19 ----A---- C:\Windows\system32\MRT.exe
2011-12-19 14:47:04 ----D---- C:\Users\Dominik\AppData\Roaming\Macromedia
2011-12-19 14:47:04 ----D---- C:\Users\Dominik\AppData\Roaming\Adobe
2011-12-19 14:46:56 ----D---- C:\Windows\system32\Macromed
2011-12-19 14:46:39 ----D---- C:\Windows\SYSWOW64\Macromed
2011-12-19 14:44:54 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2011-12-19 14:44:54 ----A---- C:\Windows\system32\prevhost.exe
2011-12-19 14:41:14 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-12-19 14:41:14 ----A---- C:\Windows\system32\vbscript.dll
2011-12-19 14:41:13 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-12-19 14:41:13 ----A---- C:\Windows\system32\xmllite.dll
2011-12-19 14:41:10 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-12-19 14:41:09 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2011-12-19 14:41:09 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-12-19 14:41:09 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-19 14:41:08 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-12-19 14:41:08 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\system32\odbctrac.dll
2011-12-19 14:41:08 ----A---- C:\Windows\system32\odbccu32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\system32\odbccr32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\system32\odbccp32.dll
2011-12-19 14:41:07 ----A---- C:\Windows\system32\tquery.dll
2011-12-19 14:41:07 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-12-19 14:41:07 ----A---- C:\Windows\system32\mssrch.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-12-19 14:41:06 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-12-19 14:41:06 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-12-19 14:41:06 ----A---- C:\Windows\system32\mssvp.dll
2011-12-19 14:41:06 ----A---- C:\Windows\system32\mssphtb.dll
2011-12-19 14:41:06 ----A---- C:\Windows\system32\mssph.dll
2011-12-19 14:41:06 ----A---- C:\Windows\system32\msscntrs.dll
2011-12-19 14:41:05 ----A---- C:\Windows\SYSWOW64\sbe.dll
2011-12-19 14:41:05 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2011-12-19 14:41:05 ----A---- C:\Windows\system32\sbe.dll
2011-12-19 14:41:05 ----A---- C:\Windows\system32\CPFilters.dll
2011-12-19 14:41:02 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2011-12-19 14:41:02 ----A---- C:\Windows\system32\poqexec.exe
2011-12-19 14:41:01 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-12-19 14:41:01 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-12-19 14:41:01 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-12-19 14:40:59 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2011-12-19 14:40:59 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2011-12-19 14:40:59 ----A---- C:\Windows\system32\mfc42u.dll
2011-12-19 14:40:59 ----A---- C:\Windows\system32\mfc42.dll
2011-12-19 14:40:57 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2011-12-19 14:40:57 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2011-12-19 14:40:57 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-12-19 14:40:57 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-12-19 14:40:57 ----A---- C:\Windows\system32\dnsapi.dll
2011-12-19 14:40:52 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-19 14:40:52 ----A---- C:\Windows\system32\mshtml.dll
2011-12-19 14:40:51 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-19 14:40:51 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-19 14:40:51 ----A---- C:\Windows\system32\wininet.dll
2011-12-19 14:40:51 ----A---- C:\Windows\system32\iertutil.dll
2011-12-19 14:40:51 ----A---- C:\Windows\system32\ieframe.dll
2011-12-19 14:40:50 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\urlmon.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\url.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\msfeeds.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\ieui.dll
2011-12-19 14:40:48 ----A---- C:\Windows\system32\drivers\afd.sys
2011-12-19 14:40:46 ----A---- C:\Windows\explorer.exe
2011-12-19 14:40:45 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-12-19 14:40:45 ----A---- C:\Windows\SYSWOW64\explorer.exe
2011-12-19 14:40:45 ----A---- C:\Windows\system32\kerberos.dll
2011-12-19 14:40:44 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-12-19 14:40:44 ----A---- C:\Windows\system32\XpsPrint.dll
2011-12-19 14:40:31 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2011-12-19 14:40:31 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-12-19 14:40:31 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-12-19 14:40:31 ----A---- C:\Windows\system32\fontsub.dll
2011-12-19 14:40:31 ----A---- C:\Windows\system32\atmlib.dll
2011-12-19 14:40:31 ----A---- C:\Windows\system32\atmfd.dll
2011-12-19 14:40:18 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-19 14:40:18 ----A---- C:\Windows\system32\EncDec.dll
2011-12-19 14:39:52 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-12-19 14:39:51 ----A---- C:\Windows\system32\win32k.sys
2011-12-19 14:39:51 ----A---- C:\Windows\system32\KernelBase.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\user.exe
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-12-19 14:39:50 ----A---- C:\Windows\system32\wow64win.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\wow64cpu.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\wow64.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\winsrv.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\ntvdm64.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\kernel32.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\conhost.exe
2011-12-19 14:39:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-12-19 14:39:40 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-12-19 14:39:40 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-12-19 14:39:25 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-19 14:39:25 ----A---- C:\Windows\system32\tzres.dll
2011-12-19 14:38:45 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-12-19 14:38:45 ----A---- C:\Windows\system32\psisdecd.dll
2011-12-19 14:38:44 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-12-19 14:38:44 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-12-19 14:38:44 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-12-19 14:38:44 ----A---- C:\Windows\system32\drivers\srv.sys
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-12-19 14:38:43 ----A---- C:\Windows\system32\oleaut32.dll
2011-12-19 14:38:43 ----A---- C:\Windows\system32\oleacc.dll
2011-12-19 14:38:42 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-12-19 14:38:42 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-12-19 14:38:42 ----A---- C:\Windows\system32\d3d10_1.dll
2011-12-19 14:38:41 ----A---- C:\Windows\system32\winresume.exe
2011-12-19 14:38:41 ----A---- C:\Windows\system32\winload.exe
2011-12-19 14:38:41 ----A---- C:\Windows\system32\kdusb.dll
2011-12-19 14:38:41 ----A---- C:\Windows\system32\kdcom.dll
2011-12-19 14:38:41 ----A---- C:\Windows\system32\kd1394.dll
2011-12-19 14:38:40 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-12-19 14:38:40 ----A---- C:\Windows\system32\inetcomm.dll
2011-12-19 14:38:39 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-12-19 14:33:55 ----D---- C:\Program Files\ATI Technologies
2011-12-19 14:33:53 ----D---- C:\Program Files\ATI
2011-12-19 14:23:06 ----A---- C:\Windows\system32\yk62x64ver.dll
2011-12-19 14:22:43 ----D---- C:\Program Files (x86)\Marvell
2011-12-19 14:22:19 ----D---- C:\Program Files (x86)\Cisco
2011-12-19 14:22:17 ----SHD---- C:\Windows\Installer
2011-12-19 14:21:25 ----A---- C:\Windows\system32\drivers\BCMWL664.SYS
2011-12-19 14:21:25 ----A---- C:\Windows\system32\bcmwlrc.dll
2011-12-19 14:21:25 ----A---- C:\Windows\system32\bcmwlcoi.dll
2011-12-19 14:21:25 ----A---- C:\Windows\system32\bcmihvui64.dll
2011-12-19 14:21:25 ----A---- C:\Windows\system32\bcmihvsrv64.dll
2011-12-19 14:21:24 ----D---- C:\Program Files\Broadcom
2011-12-19 14:20:39 ----N---- C:\Windows\SYSWOW64\agrsmdel.exe
2011-12-19 14:20:39 ----N---- C:\Windows\SYSWOW64\agrscoin.dll
2011-12-19 14:20:39 ----N---- C:\Windows\SYSWOW64\agrsco64.dll
2011-12-19 14:20:33 ----D---- C:\Program Files\LSI SoftModem
2011-12-19 14:20:29 ----D---- C:\Windows\Options
2011-12-19 14:20:10 ----D---- C:\SwSetup
2011-12-19 06:51:39 ----D---- C:\Windows\Panther
2011-12-18 22:11:42 ----D---- C:\Users\Dominik\AppData\Roaming\Identities
2011-12-18 22:11:20 ----SD---- C:\Users\Dominik\AppData\Roaming\Microsoft
2011-12-18 22:11:20 ----D---- C:\Users\Dominik\AppData\Roaming\Media Center Programs
2011-12-18 22:10:02 ----D---- C:\Windows\SYSWOW64\Wat
2011-12-18 22:10:02 ----D---- C:\Windows\system32\Wat
2011-12-18 22:09:27 ----SHD---- C:\Recovery
2011-12-18 22:09:25 ----D---- C:\Windows\SoftwareDistribution
2011-12-18 21:52:59 ----D---- C:\Windows\Prefetch
2011-12-18 21:52:21 ----ASH---- C:\pagefile.sys
2011-12-18 21:52:18 ----SHD---- C:\System Volume Information
2011-12-18 21:52:18 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2012-01-16 15:19:38 ----D---- C:\Windows\Temp
2012-01-16 15:19:37 ----RD---- C:\Program Files
2012-01-16 15:16:22 ----D---- C:\Windows\System32
2012-01-16 15:16:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-16 15:12:37 ----D---- C:\Windows\system32\config
2012-01-15 21:05:32 ----HD---- C:\ProgramData
2012-01-12 14:27:21 ----D---- C:\Windows\Microsoft.NET
2012-01-12 14:27:19 ----RSD---- C:\Windows\assembly
2012-01-12 14:12:38 ----D---- C:\Windows\system32\wdi
2012-01-12 08:47:21 ----D---- C:\Windows\winsxs
2012-01-12 08:46:05 ----D---- C:\Windows\SysWOW64
2012-01-12 08:46:05 ----D---- C:\Windows\ehome
2012-01-11 15:57:04 ----D---- C:\Windows\system32\catroot
2012-01-11 15:56:49 ----D---- C:\Windows\system32\catroot2
2012-01-10 21:20:04 ----SHD---- C:\$Recycle.Bin
2012-01-09 22:28:45 ----D---- C:\Windows
2012-01-09 19:26:54 ----D---- C:\Windows\system32\drivers
2012-01-09 19:26:52 ----D---- C:\Windows\system32\DriverStore
2012-01-09 19:26:52 ----D---- C:\Windows\inf
2012-01-08 21:16:49 ----RD---- C:\Program Files (x86)
2012-01-07 14:45:13 ----RSD---- C:\Windows\Media
2012-01-07 14:43:49 ----D---- C:\Program Files (x86)\Common Files
2012-01-07 14:43:48 ----D---- C:\Windows\Downloaded Program Files
2012-01-07 14:41:52 ----D---- C:\Program Files\Common Files
2012-01-07 14:38:55 ----D---- C:\Windows\twain_32
2012-01-07 14:36:27 ----D---- C:\Windows\system32\FxsTmp
2011-12-28 18:23:15 ----D---- C:\Windows\rescache
2011-12-28 18:21:13 ----D---- C:\Windows\Logs
2011-12-27 15:38:19 ----D---- C:\Windows\ModemLogs
2011-12-27 15:36:52 ----D---- C:\Windows\system32\drivers\UMDF
2011-12-26 13:14:06 ----D---- C:\Program Files (x86)\MSBuild
2011-12-26 13:13:52 ----D---- C:\Windows\ShellNew
2011-12-26 13:13:36 ----RSD---- C:\Windows\Fonts
2011-12-26 13:13:29 ----SD---- C:\ProgramData\Microsoft
2011-12-26 13:12:59 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-12-26 13:11:44 ----A---- C:\Windows\win.ini
2011-12-21 08:24:28 ----D---- C:\Windows\system32\LogFiles
2011-12-19 21:09:12 ----D---- C:\Windows\SYSWOW64\en-US
2011-12-19 21:09:12 ----D---- C:\Windows\system32\en-US
2011-12-19 20:36:29 ----D---- C:\Windows\SYSWOW64\drivers
2011-12-19 20:09:49 ----D---- C:\Windows\system32\Tasks
2011-12-19 18:26:16 ----SD---- C:\Windows\system32\Microsoft
2011-12-19 15:52:22 ----D---- C:\Windows\AppPatch
2011-12-19 15:52:05 ----D---- C:\Windows\SYSWOW64\sk-SK
2011-12-19 15:52:05 ----D---- C:\Windows\system32\sk-SK
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Sidebar
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Photo Viewer
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Media Player
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Mail
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Journal
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Defender
2011-12-19 15:35:34 ----D---- C:\Program Files\Internet Explorer
2011-12-19 15:35:34 ----D---- C:\Program Files\DVD Maker
2011-12-19 15:35:34 ----D---- C:\Program Files\Common Files\System
2011-12-19 15:35:34 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-12-19 15:35:34 ----D---- C:\Program Files (x86)\Windows Mail
2011-12-19 15:35:33 ----D---- C:\Windows\SYSWOW64\migwiz
2011-12-19 15:35:33 ----D---- C:\Windows\servicing
2011-12-19 15:35:33 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-12-19 15:35:33 ----D---- C:\Program Files (x86)\Windows Media Player
2011-12-19 15:35:33 ----D---- C:\Program Files (x86)\Windows Defender
2011-12-19 15:35:33 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-19 15:35:30 ----D---- C:\Windows\SYSWOW64\WCN
2011-12-19 15:35:30 ----D---- C:\Windows\SYSWOW64\wbem
2011-12-19 15:35:29 ----D---- C:\Windows\system32\sysprep
2011-12-19 15:35:29 ----D---- C:\Windows\system32\oobe
2011-12-19 15:35:29 ----D---- C:\Windows\system32\migwiz
2011-12-19 15:35:29 ----D---- C:\Windows\PolicyDefinitions
2011-12-19 15:35:26 ----D---- C:\Windows\system32\WCN
2011-12-19 15:35:26 ----D---- C:\Windows\system32\wbem
2011-12-19 15:29:50 ----D---- C:\Windows\Tasks
2011-12-19 14:58:11 ----D---- C:\Windows\SYSWOW64\migration
2011-12-19 14:58:11 ----D---- C:\Windows\system32\migration
2011-12-19 14:58:11 ----D---- C:\Windows\system32\Boot
2011-12-19 14:53:21 ----D---- C:\Windows\debug
2011-12-19 14:21:30 ----D---- C:\Windows\system32\zh-TW
2011-12-19 14:21:30 ----D---- C:\Windows\system32\zh-HK
2011-12-19 14:21:29 ----D---- C:\Windows\system32\zh-CN
2011-12-19 14:21:29 ----D---- C:\Windows\system32\tr-TR
2011-12-19 14:21:29 ----D---- C:\Windows\system32\th-TH
2011-12-19 14:21:29 ----D---- C:\Windows\system32\sv-SE
2011-12-19 14:21:29 ----D---- C:\Windows\system32\sl-SI
2011-12-19 14:21:29 ----D---- C:\Windows\system32\ru-RU
2011-12-19 14:21:29 ----D---- C:\Windows\system32\ro-RO
2011-12-19 14:21:28 ----D---- C:\Windows\system32\pt-PT
2011-12-19 14:21:28 ----D---- C:\Windows\system32\pt-BR
2011-12-19 14:21:28 ----D---- C:\Windows\system32\pl-PL
2011-12-19 14:21:28 ----D---- C:\Windows\system32\nl-NL
2011-12-19 14:21:28 ----D---- C:\Windows\system32\nb-NO
2011-12-19 14:21:28 ----D---- C:\Windows\system32\lv-LV
2011-12-19 14:21:28 ----D---- C:\Windows\system32\lt-LT
2011-12-19 14:21:27 ----D---- C:\Windows\system32\ko-KR
2011-12-19 14:21:27 ----D---- C:\Windows\system32\ja-JP
2011-12-19 14:21:27 ----D---- C:\Windows\system32\it-IT
2011-12-19 14:21:27 ----D---- C:\Windows\system32\hu-HU
2011-12-19 14:21:27 ----D---- C:\Windows\system32\hr-HR
2011-12-19 14:21:27 ----D---- C:\Windows\system32\he-IL
2011-12-19 14:21:27 ----D---- C:\Windows\system32\fr-FR
2011-12-19 14:21:27 ----D---- C:\Windows\system32\fi-FI
2011-12-19 14:21:27 ----D---- C:\Windows\system32\et-EE
2011-12-19 14:21:26 ----D---- C:\Windows\system32\es-ES
2011-12-19 14:21:26 ----D---- C:\Windows\system32\el-GR
2011-12-19 14:21:26 ----D---- C:\Windows\system32\de-DE
2011-12-19 14:21:26 ----D---- C:\Windows\system32\da-DK
2011-12-19 14:21:26 ----D---- C:\Windows\system32\cs-CZ
2011-12-19 14:21:26 ----D---- C:\Windows\system32\bg-BG
2011-12-19 14:21:26 ----D---- C:\Windows\system32\ar-SA
2011-12-19 06:51:08 ----D---- C:\Windows\Setup
2011-12-18 22:14:25 ----D---- C:\Windows\system32\NDF
2011-12-18 22:11:19 ----RD---- C:\Users
2011-12-18 22:10:14 ----A---- C:\Windows\SYSWOW64\slwga.dll
2011-12-18 22:10:14 ----A---- C:\Windows\system32\systemcpl.dll
2011-12-18 22:10:14 ----A---- C:\Windows\system32\slwga.dll
2011-12-18 22:10:13 ----A---- C:\Windows\SYSWOW64\user32.dll
2011-12-18 22:10:13 ----A---- C:\Windows\system32\user32.dll
2011-12-18 22:09:43 ----D---- C:\Windows\system32\restore
2011-12-18 22:06:13 ----D---- C:\Windows\system32\CodeIntegrity
2011-12-18 21:52:54 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-09-29 136584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-09-29 144824]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 123200]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-04-06 1208320]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-24 119312]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-12-19 3063360]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-26 279616]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-10-18 38424]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-03-27 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-30 864032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-29 735960]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-29 23296]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-18 1255736]

-----------------EOF-----------------

Zdravim a pekne odpoledne preji

A myslite ze cracknuty NOD chrani tak jak ma

Mohu mit dotaz, proc si bezny uzivatel kupuje nejvyssi licenci Windows Ultimate, ktera je urcena spise pro velke korporace, kdyz stejne nevyuzije nic vic nez nabizi verze Home Premium

Zdravím nemám cracknutý nod (teda aspoň o tom neviem ) mám skúšobnú verziu
O windowse som nerozhdoval ja ten už bol v notebook keď som ho dostal

Tohle C:\ObsoleteNodEnabler asi nebude simulator akvarijnich rybicek Zkusebni mozna je, ale ne v souladu s licencnimi podminkami ESETu

ro fakt neviem jak sa tam dostalo :-O (vymazal som to), každopádne môžeme vedieť či je log v poriadku ?

Uz jednou jste tu mel problem s nelegalnim ESETem, co jsem se dival do internich poznamek - z toho nejaky dusledek bude vyvozen

Zaliskane haveti je to jak jetel, ale pravidla fora hovori jasne ohledne pomoci s nelegalnim SW

Pokud chcete pomoci, odinstalujte nelegalni NOD a nainstalujte free reseni (Avast, Avira ci MSE)

Pak dejte novy log z RSIT

Hotovo. Inak fakt so nemal nejaký nelegálny Nod zrejme išlo len o nejaké pozostatky z minula. Každopádne už mám avast.
Ďakujem.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dominik at 2012-01-16 17:14:09
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 53 GB (53%) free of 100 GB
Total RAM: 4093 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:14:15, on 16. 1. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\trend micro\Dominik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - HKCU\..\Run: [iTIcTKXhQQ.exe] C:\Users\Dominik\AppData\Roaming\QeMdPTsheYqnLgFLHTWk\QeMdPTsheYqnLgFLHTWk\0.0.0.0\iTIcTKXhQQ.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9243AF4A-6B8E-45C1-BF42-146FACA697D8}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8857 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2f4
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 40032432
\??\C:\Windows\system32\conhost.exe "1644522971-7133104354948136002081645713-18054329872054905020-1062850728-2013535191
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
taskhost.exe USER
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Dominik\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29 3844768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe []
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1840720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 136176]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
"Sony Ericsson PC Companion"=C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2009-06-18 772096]
"iTIcTKXhQQ.exe"=C:\Users\Dominik\AppData\Roaming\QeMdPTsheYqnLgFLHTWk\QeMdPTsheYqnLgFLHTWk\0.0.0.0\iTIcTKXhQQ.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SSBkgdUpdate"=C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-16 17:06:49 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-01-16 17:06:48 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-01-16 17:06:45 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-01-16 17:06:45 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2012-01-16 17:06:44 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-01-16 17:06:43 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-01-16 17:06:43 ----A---- C:\Windows\system32\aswBoot.exe
2012-01-16 17:05:59 ----A---- C:\Windows\avastSS.scr
2012-01-16 17:05:57 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2012-01-16 17:05:49 ----D---- C:\ProgramData\AVAST Software
2012-01-16 17:05:49 ----D---- C:\Program Files\AVAST Software
2012-01-16 15:19:37 ----D---- C:\Program Files\trend micro
2012-01-16 15:19:36 ----D---- C:\rsit
2012-01-15 21:16:25 ----D---- C:\Users\Dominik\AppData\Roaming\Mozilla
2012-01-15 21:05:32 ----D---- C:\Users\Dominik\AppData\Roaming\QeMdPTsheYqnLgFLHTWk
2012-01-15 21:05:32 ----D---- C:\ProgramData\Facebook Password Cracker
2012-01-11 15:57:23 ----A---- C:\Windows\system32\quartz.dll
2012-01-11 15:57:22 ----A---- C:\Windows\SYSWOW64\quartz.dll
2012-01-11 15:57:22 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-01-11 15:57:22 ----A---- C:\Windows\system32\qdvd.dll
2012-01-11 15:57:21 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-01-11 15:57:21 ----A---- C:\Windows\system32\jscript.dll
2012-01-11 15:57:19 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2012-01-11 15:57:19 ----A---- C:\Windows\system32\ntdll.dll
2012-01-11 15:57:18 ----A---- C:\Windows\SYSWOW64\packager.dll
2012-01-11 15:57:18 ----A---- C:\Windows\system32\packager.dll
2012-01-08 21:16:49 ----D---- C:\Program Files (x86)\MSXML 4.0
2012-01-07 14:46:23 ----D---- C:\Users\Dominik\AppData\Roaming\Canon
2012-01-07 14:44:04 ----D---- C:\ProgramData\InstallShield
2012-01-07 14:44:04 ----A---- C:\Windows\MAXLINK.INI
2012-01-07 14:43:56 ----D---- C:\Users\Dominik\AppData\Roaming\ScanSoft
2012-01-07 14:43:49 ----D---- C:\ProgramData\ScanSoft
2012-01-07 14:43:11 ----D---- C:\Program Files (x86)\ScanSoft
2012-01-07 14:41:52 ----D---- C:\Program Files\Common Files\CANON
2012-01-07 14:41:06 ----D---- C:\Program Files\Canon
2012-01-07 14:38:56 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2012-01-07 14:38:28 ----A---- C:\Windows\system32\CNMLM94.DLL
2012-01-07 14:38:19 ----A---- C:\Windows\system32\CNC520O.DLL
2012-01-07 14:38:18 ----A---- C:\Windows\system32\CNC520L.DLL
2012-01-07 14:38:18 ----A---- C:\Windows\system32\CNC520I.DLL
2012-01-07 14:38:18 ----A---- C:\Windows\system32\CNC520C.DLL
2012-01-07 14:37:55 ----HD---- C:\Program Files\CanonBJ
2012-01-06 19:37:53 ----D---- C:\Program Files (x86)\Canon
2012-01-02 19:54:50 ----D---- C:\ProgramData\Readon
2012-01-02 19:49:07 ----D---- C:\Program Files (x86)\Readon Technology
2011-12-29 16:00:11 ----D---- C:\Users\Dominik\AppData\Roaming\vlc
2011-12-29 15:58:15 ----D---- C:\Program Files (x86)\VideoLAN
2011-12-29 14:00:14 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2011-12-29 14:00:14 ----A---- C:\Windows\system32\FntCache.dll
2011-12-29 14:00:14 ----A---- C:\Windows\system32\DWrite.dll
2011-12-29 14:00:14 ----A---- C:\Windows\system32\d2d1.dll
2011-12-29 14:00:13 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2011-12-28 12:26:35 ----D---- C:\Windows\Minidump
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018whnt.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018wh.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018unic.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018obex.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018nd5.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018mgmt.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018mdm.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018mdfl.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018cr.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018cmnt.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018cm.sys
2011-12-27 15:36:25 ----A---- C:\Windows\system32\drivers\s1018bus.sys
2011-12-27 15:36:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-12-27 15:36:23 ----D---- C:\ProgramData\Sony Ericsson
2011-12-27 15:36:23 ----D---- C:\Program Files (x86)\Sony Ericsson
2011-12-27 14:17:50 ----D---- C:\Users\Dominik\AppData\Roaming\Red Alert 3
2011-12-27 14:09:47 ----D---- C:\Program Files (x86)\Electronic Arts
2011-12-27 14:09:46 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-12-27 14:09:46 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-12-27 14:09:46 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-12-27 14:09:46 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-12-27 14:09:45 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-12-27 14:09:45 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-12-27 14:09:45 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-12-27 14:09:45 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-12-27 14:09:45 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-12-27 14:09:45 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-12-27 14:09:44 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2011-12-27 14:09:44 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-12-26 13:40:14 ----D---- C:\Windows\Hewlett-Packard
2011-12-26 13:19:31 ----HD---- C:\ProgramData\CanonBJ
2011-12-26 13:14:15 ----D---- C:\Program Files (x86)\Microsoft Works
2011-12-26 13:14:00 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-12-26 13:13:29 ----D---- C:\Windows\PCHEALTH
2011-12-26 13:11:59 ----D---- C:\Program Files\Microsoft Office
2011-12-26 13:11:54 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-12-26 13:11:27 ----D---- C:\Program Files (x86)\Microsoft Office
2011-12-26 13:11:26 ----D---- C:\ProgramData\Microsoft Help
2011-12-26 13:09:38 ----RHD---- C:\MSOCache
2011-12-26 13:04:34 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-12-26 13:04:28 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-12-26 13:04:04 ----D---- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Lite
2011-12-26 13:04:02 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-12-24 12:54:40 ----D---- C:\ProgramData\Adobe
2011-12-24 12:54:35 ----D---- C:\Program Files (x86)\Adobe
2011-12-24 12:48:45 ----D---- C:\Dev-Pas
2011-12-21 08:24:04 ----SHD---- C:\Config.Msi
2011-12-19 21:09:11 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-12-19 20:38:54 ----D---- C:\ProgramData\Uninstall
2011-12-19 20:38:48 ----D---- C:\Program Files\Hewlett-Packard
2011-12-19 20:38:28 ----D---- C:\Users\Dominik\AppData\Roaming\Roxio Log Files
2011-12-19 20:36:41 ----A---- C:\Windows\system32\wwansvc.dll
2011-12-19 20:36:16 ----D---- C:\system.sav
2011-12-19 20:36:12 ----D---- C:\Program Files (x86)\Hewlett-Packard
2011-12-19 18:26:26 ----A---- C:\Windows\system32\drivers\btwrchid.sys
2011-12-19 18:26:26 ----A---- C:\Windows\system32\drivers\btwl2cap.sys
2011-12-19 18:26:26 ----A---- C:\Windows\system32\drivers\btwavdt.sys
2011-12-19 18:26:25 ----A---- C:\Windows\system32\drivers\btwaudio.sys
2011-12-19 18:25:58 ----D---- C:\Program Files\WIDCOMM
2011-12-19 16:52:22 ----D---- C:\ProgramData\ESET
2011-12-19 16:31:59 ----A---- C:\Windows\system32\AESTCo64.dll
2011-12-19 16:23:28 ----D---- C:\Users\Dominik\AppData\Roaming\Skype
2011-12-19 16:23:24 ----RD---- C:\Program Files (x86)\Skype
2011-12-19 16:23:20 ----D---- C:\ProgramData\Skype
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbohci.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-12-19 16:02:14 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-12-19 16:02:13 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-12-19 16:02:13 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-12-19 16:02:12 ----A---- C:\Windows\SYSWOW64\esent.dll
2011-12-19 16:02:12 ----A---- C:\Windows\system32\fsutil.exe
2011-12-19 16:02:12 ----A---- C:\Windows\system32\esent.dll
2011-12-19 16:02:12 ----A---- C:\Windows\system32\drivers\amdxata.sys
2011-12-19 16:02:11 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\storport.sys
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\nvstor.sys
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\nvraid.sys
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2011-12-19 16:02:11 ----A---- C:\Windows\system32\drivers\amdsata.sys
2011-12-19 15:35:30 ----D---- C:\Windows\SYSWOW64\drivers\sk-SK
2011-12-19 15:35:29 ----D---- C:\Windows\sk-SK
2011-12-19 15:35:26 ----D---- C:\Windows\system32\drivers\sk-SK
2011-12-19 14:54:30 ----D---- C:\Users\Dominik\AppData\Roaming\WinRAR
2011-12-19 14:53:40 ----D---- C:\Program Files\WinRAR
2011-12-19 14:53:19 ----A---- C:\Windows\system32\MRT.exe
2011-12-19 14:47:04 ----D---- C:\Users\Dominik\AppData\Roaming\Macromedia
2011-12-19 14:47:04 ----D---- C:\Users\Dominik\AppData\Roaming\Adobe
2011-12-19 14:46:56 ----D---- C:\Windows\system32\Macromed
2011-12-19 14:46:39 ----D---- C:\Windows\SYSWOW64\Macromed
2011-12-19 14:44:54 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2011-12-19 14:44:54 ----A---- C:\Windows\system32\prevhost.exe
2011-12-19 14:41:14 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-12-19 14:41:14 ----A---- C:\Windows\system32\vbscript.dll
2011-12-19 14:41:13 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-12-19 14:41:13 ----A---- C:\Windows\system32\xmllite.dll
2011-12-19 14:41:10 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-12-19 14:41:09 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2011-12-19 14:41:09 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-12-19 14:41:09 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-19 14:41:08 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-12-19 14:41:08 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\system32\odbctrac.dll
2011-12-19 14:41:08 ----A---- C:\Windows\system32\odbccu32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\system32\odbccr32.dll
2011-12-19 14:41:08 ----A---- C:\Windows\system32\odbccp32.dll
2011-12-19 14:41:07 ----A---- C:\Windows\system32\tquery.dll
2011-12-19 14:41:07 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-12-19 14:41:07 ----A---- C:\Windows\system32\mssrch.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-12-19 14:41:06 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-12-19 14:41:06 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-12-19 14:41:06 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-12-19 14:41:06 ----A---- C:\Windows\system32\mssvp.dll
2011-12-19 14:41:06 ----A---- C:\Windows\system32\mssphtb.dll
2011-12-19 14:41:06 ----A---- C:\Windows\system32\mssph.dll
2011-12-19 14:41:06 ----A---- C:\Windows\system32\msscntrs.dll
2011-12-19 14:41:05 ----A---- C:\Windows\SYSWOW64\sbe.dll
2011-12-19 14:41:05 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2011-12-19 14:41:05 ----A---- C:\Windows\system32\sbe.dll
2011-12-19 14:41:05 ----A---- C:\Windows\system32\CPFilters.dll
2011-12-19 14:41:02 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2011-12-19 14:41:02 ----A---- C:\Windows\system32\poqexec.exe
2011-12-19 14:41:01 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-12-19 14:41:01 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-12-19 14:41:01 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-12-19 14:40:59 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2011-12-19 14:40:59 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2011-12-19 14:40:59 ----A---- C:\Windows\system32\mfc42u.dll
2011-12-19 14:40:59 ----A---- C:\Windows\system32\mfc42.dll
2011-12-19 14:40:57 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2011-12-19 14:40:57 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2011-12-19 14:40:57 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-12-19 14:40:57 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-12-19 14:40:57 ----A---- C:\Windows\system32\dnsapi.dll
2011-12-19 14:40:52 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-19 14:40:52 ----A---- C:\Windows\system32\mshtml.dll
2011-12-19 14:40:51 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-19 14:40:51 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-19 14:40:51 ----A---- C:\Windows\system32\wininet.dll
2011-12-19 14:40:51 ----A---- C:\Windows\system32\iertutil.dll
2011-12-19 14:40:51 ----A---- C:\Windows\system32\ieframe.dll
2011-12-19 14:40:50 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-19 14:40:49 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\urlmon.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\url.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\msfeeds.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-19 14:40:49 ----A---- C:\Windows\system32\ieui.dll
2011-12-19 14:40:48 ----A---- C:\Windows\system32\drivers\afd.sys
2011-12-19 14:40:46 ----A---- C:\Windows\explorer.exe
2011-12-19 14:40:45 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-12-19 14:40:45 ----A---- C:\Windows\SYSWOW64\explorer.exe
2011-12-19 14:40:45 ----A---- C:\Windows\system32\kerberos.dll
2011-12-19 14:40:44 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-12-19 14:40:44 ----A---- C:\Windows\system32\XpsPrint.dll
2011-12-19 14:40:31 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2011-12-19 14:40:31 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-12-19 14:40:31 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-12-19 14:40:31 ----A---- C:\Windows\system32\fontsub.dll
2011-12-19 14:40:31 ----A---- C:\Windows\system32\atmlib.dll
2011-12-19 14:40:31 ----A---- C:\Windows\system32\atmfd.dll
2011-12-19 14:40:18 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-19 14:40:18 ----A---- C:\Windows\system32\EncDec.dll
2011-12-19 14:39:52 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-12-19 14:39:51 ----A---- C:\Windows\system32\win32k.sys
2011-12-19 14:39:51 ----A---- C:\Windows\system32\KernelBase.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-12-19 14:39:50 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\user.exe
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-12-19 14:39:50 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-12-19 14:39:50 ----A---- C:\Windows\system32\wow64win.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\wow64cpu.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\wow64.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\winsrv.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\ntvdm64.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\kernel32.dll
2011-12-19 14:39:50 ----A---- C:\Windows\system32\conhost.exe
2011-12-19 14:39:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-12-19 14:39:40 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-12-19 14:39:40 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-12-19 14:39:25 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-19 14:39:25 ----A---- C:\Windows\system32\tzres.dll
2011-12-19 14:38:45 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-12-19 14:38:45 ----A---- C:\Windows\system32\psisdecd.dll
2011-12-19 14:38:44 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-12-19 14:38:44 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-12-19 14:38:44 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-12-19 14:38:44 ----A---- C:\Windows\system32\drivers\srv.sys
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-12-19 14:38:43 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-12-19 14:38:43 ----A---- C:\Windows\system32\oleaut32.dll
2011-12-19 14:38:43 ----A---- C:\Windows\system32\oleacc.dll
2011-12-19 14:38:42 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-12-19 14:38:42 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-12-19 14:38:42 ----A---- C:\Windows\system32\d3d10_1.dll
2011-12-19 14:38:41 ----A---- C:\Windows\system32\winresume.exe
2011-12-19 14:38:41 ----A---- C:\Windows\system32\winload.exe
2011-12-19 14:38:41 ----A---- C:\Windows\system32\kdusb.dll
2011-12-19 14:38:41 ----A---- C:\Windows\system32\kdcom.dll
2011-12-19 14:38:41 ----A---- C:\Windows\system32\kd1394.dll
2011-12-19 14:38:40 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-12-19 14:38:40 ----A---- C:\Windows\system32\inetcomm.dll
2011-12-19 14:38:39 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-12-19 14:33:55 ----D---- C:\Program Files\ATI Technologies
2011-12-19 14:33:53 ----D---- C:\Program Files\ATI
2011-12-19 14:23:06 ----A---- C:\Windows\system32\yk62x64ver.dll
2011-12-19 14:22:43 ----D---- C:\Program Files (x86)\Marvell
2011-12-19 14:22:19 ----D---- C:\Program Files (x86)\Cisco
2011-12-19 14:22:17 ----SHD---- C:\Windows\Installer
2011-12-19 14:21:25 ----A---- C:\Windows\system32\drivers\BCMWL664.SYS
2011-12-19 14:21:25 ----A---- C:\Windows\system32\bcmwlrc.dll
2011-12-19 14:21:25 ----A---- C:\Windows\system32\bcmwlcoi.dll
2011-12-19 14:21:25 ----A---- C:\Windows\system32\bcmihvui64.dll
2011-12-19 14:21:25 ----A---- C:\Windows\system32\bcmihvsrv64.dll
2011-12-19 14:21:24 ----D---- C:\Program Files\Broadcom
2011-12-19 14:20:39 ----N---- C:\Windows\SYSWOW64\agrsmdel.exe
2011-12-19 14:20:39 ----N---- C:\Windows\SYSWOW64\agrscoin.dll
2011-12-19 14:20:39 ----N---- C:\Windows\SYSWOW64\agrsco64.dll
2011-12-19 14:20:33 ----D---- C:\Program Files\LSI SoftModem
2011-12-19 14:20:29 ----D---- C:\Windows\Options
2011-12-19 14:20:10 ----D---- C:\SwSetup
2011-12-19 06:51:39 ----D---- C:\Windows\Panther
2011-12-18 22:11:42 ----D---- C:\Users\Dominik\AppData\Roaming\Identities
2011-12-18 22:11:20 ----SD---- C:\Users\Dominik\AppData\Roaming\Microsoft
2011-12-18 22:11:20 ----D---- C:\Users\Dominik\AppData\Roaming\Media Center Programs
2011-12-18 22:10:02 ----D---- C:\Windows\SYSWOW64\Wat
2011-12-18 22:10:02 ----D---- C:\Windows\system32\Wat
2011-12-18 22:09:27 ----SHD---- C:\Recovery
2011-12-18 22:09:25 ----D---- C:\Windows\SoftwareDistribution
2011-12-18 21:52:59 ----D---- C:\Windows\Prefetch
2011-12-18 21:52:21 ----ASH---- C:\pagefile.sys
2011-12-18 21:52:18 ----SHD---- C:\System Volume Information
2011-12-18 21:52:18 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2012-01-16 17:13:57 ----D---- C:\Windows\Temp
2012-01-16 17:09:33 ----RD---- C:\Program Files
2012-01-16 17:09:28 ----D---- C:\Windows\system32\drivers
2012-01-16 17:08:02 ----D---- C:\Windows\system32\Tasks
2012-01-16 17:06:43 ----D---- C:\Windows\SysWOW64
2012-01-16 17:06:43 ----D---- C:\Windows\System32
2012-01-16 17:06:38 ----D---- C:\Windows\winsxs
2012-01-16 17:06:17 ----D---- C:\Windows\system32\config
2012-01-16 17:05:59 ----D---- C:\Windows
2012-01-16 17:05:49 ----HD---- C:\ProgramData
2012-01-16 15:16:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-12 14:27:21 ----D---- C:\Windows\Microsoft.NET
2012-01-12 14:27:19 ----RSD---- C:\Windows\assembly
2012-01-12 14:12:38 ----D---- C:\Windows\system32\wdi
2012-01-12 08:46:05 ----D---- C:\Windows\ehome
2012-01-11 15:57:04 ----D---- C:\Windows\system32\catroot
2012-01-11 15:56:49 ----D---- C:\Windows\system32\catroot2
2012-01-10 21:20:04 ----SHD---- C:\$Recycle.Bin
2012-01-09 19:26:52 ----D---- C:\Windows\system32\DriverStore
2012-01-09 19:26:52 ----D---- C:\Windows\inf
2012-01-08 21:16:49 ----RD---- C:\Program Files (x86)
2012-01-07 14:45:13 ----RSD---- C:\Windows\Media
2012-01-07 14:43:49 ----D---- C:\Program Files (x86)\Common Files
2012-01-07 14:43:48 ----D---- C:\Windows\Downloaded Program Files
2012-01-07 14:41:52 ----D---- C:\Program Files\Common Files
2012-01-07 14:38:55 ----D---- C:\Windows\twain_32
2012-01-07 14:36:27 ----D---- C:\Windows\system32\FxsTmp
2011-12-28 18:23:15 ----D---- C:\Windows\rescache
2011-12-28 18:21:13 ----D---- C:\Windows\Logs
2011-12-27 15:38:19 ----D---- C:\Windows\ModemLogs
2011-12-27 15:36:52 ----D---- C:\Windows\system32\drivers\UMDF
2011-12-26 13:14:06 ----D---- C:\Program Files (x86)\MSBuild
2011-12-26 13:13:52 ----D---- C:\Windows\ShellNew
2011-12-26 13:13:36 ----RSD---- C:\Windows\Fonts
2011-12-26 13:13:29 ----SD---- C:\ProgramData\Microsoft
2011-12-26 13:12:59 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-12-26 13:11:44 ----A---- C:\Windows\win.ini
2011-12-21 08:24:28 ----D---- C:\Windows\system32\LogFiles
2011-12-19 21:09:12 ----D---- C:\Windows\SYSWOW64\en-US
2011-12-19 21:09:12 ----D---- C:\Windows\system32\en-US
2011-12-19 20:36:29 ----D---- C:\Windows\SYSWOW64\drivers
2011-12-19 18:26:16 ----SD---- C:\Windows\system32\Microsoft
2011-12-19 15:52:22 ----D---- C:\Windows\AppPatch
2011-12-19 15:52:05 ----D---- C:\Windows\SYSWOW64\sk-SK
2011-12-19 15:52:05 ----D---- C:\Windows\system32\sk-SK
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Sidebar
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Photo Viewer
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Media Player
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Mail
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Journal
2011-12-19 15:35:34 ----D---- C:\Program Files\Windows Defender
2011-12-19 15:35:34 ----D---- C:\Program Files\Internet Explorer
2011-12-19 15:35:34 ----D---- C:\Program Files\DVD Maker
2011-12-19 15:35:34 ----D---- C:\Program Files\Common Files\System
2011-12-19 15:35:34 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-12-19 15:35:34 ----D---- C:\Program Files (x86)\Windows Mail
2011-12-19 15:35:33 ----D---- C:\Windows\SYSWOW64\migwiz
2011-12-19 15:35:33 ----D---- C:\Windows\servicing
2011-12-19 15:35:33 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-12-19 15:35:33 ----D---- C:\Program Files (x86)\Windows Media Player
2011-12-19 15:35:33 ----D---- C:\Program Files (x86)\Windows Defender
2011-12-19 15:35:33 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-19 15:35:30 ----D---- C:\Windows\SYSWOW64\WCN
2011-12-19 15:35:30 ----D---- C:\Windows\SYSWOW64\wbem
2011-12-19 15:35:29 ----D---- C:\Windows\system32\sysprep
2011-12-19 15:35:29 ----D---- C:\Windows\system32\oobe
2011-12-19 15:35:29 ----D---- C:\Windows\system32\migwiz
2011-12-19 15:35:29 ----D---- C:\Windows\PolicyDefinitions
2011-12-19 15:35:26 ----D---- C:\Windows\system32\WCN
2011-12-19 15:35:26 ----D---- C:\Windows\system32\wbem
2011-12-19 15:29:50 ----D---- C:\Windows\Tasks
2011-12-19 14:58:11 ----D---- C:\Windows\SYSWOW64\migration
2011-12-19 14:58:11 ----D---- C:\Windows\system32\migration
2011-12-19 14:58:11 ----D---- C:\Windows\system32\Boot
2011-12-19 14:53:21 ----D---- C:\Windows\debug
2011-12-19 14:21:30 ----D---- C:\Windows\system32\zh-TW
2011-12-19 14:21:30 ----D---- C:\Windows\system32\zh-HK
2011-12-19 14:21:29 ----D---- C:\Windows\system32\zh-CN
2011-12-19 14:21:29 ----D---- C:\Windows\system32\tr-TR
2011-12-19 14:21:29 ----D---- C:\Windows\system32\th-TH
2011-12-19 14:21:29 ----D---- C:\Windows\system32\sv-SE
2011-12-19 14:21:29 ----D---- C:\Windows\system32\sl-SI
2011-12-19 14:21:29 ----D---- C:\Windows\system32\ru-RU
2011-12-19 14:21:29 ----D---- C:\Windows\system32\ro-RO
2011-12-19 14:21:28 ----D---- C:\Windows\system32\pt-PT
2011-12-19 14:21:28 ----D---- C:\Windows\system32\pt-BR
2011-12-19 14:21:28 ----D---- C:\Windows\system32\pl-PL
2011-12-19 14:21:28 ----D---- C:\Windows\system32\nl-NL
2011-12-19 14:21:28 ----D---- C:\Windows\system32\nb-NO
2011-12-19 14:21:28 ----D---- C:\Windows\system32\lv-LV
2011-12-19 14:21:28 ----D---- C:\Windows\system32\lt-LT
2011-12-19 14:21:27 ----D---- C:\Windows\system32\ko-KR
2011-12-19 14:21:27 ----D---- C:\Windows\system32\ja-JP
2011-12-19 14:21:27 ----D---- C:\Windows\system32\it-IT
2011-12-19 14:21:27 ----D---- C:\Windows\system32\hu-HU
2011-12-19 14:21:27 ----D---- C:\Windows\system32\hr-HR
2011-12-19 14:21:27 ----D---- C:\Windows\system32\he-IL
2011-12-19 14:21:27 ----D---- C:\Windows\system32\fr-FR
2011-12-19 14:21:27 ----D---- C:\Windows\system32\fi-FI
2011-12-19 14:21:27 ----D---- C:\Windows\system32\et-EE
2011-12-19 14:21:26 ----D---- C:\Windows\system32\es-ES
2011-12-19 14:21:26 ----D---- C:\Windows\system32\el-GR
2011-12-19 14:21:26 ----D---- C:\Windows\system32\de-DE
2011-12-19 14:21:26 ----D---- C:\Windows\system32\da-DK
2011-12-19 14:21:26 ----D---- C:\Windows\system32\cs-CZ
2011-12-19 14:21:26 ----D---- C:\Windows\system32\bg-BG
2011-12-19 14:21:26 ----D---- C:\Windows\system32\ar-SA
2011-12-19 06:51:08 ----D---- C:\Windows\Setup
2011-12-18 22:14:25 ----D---- C:\Windows\system32\NDF
2011-12-18 22:11:19 ----RD---- C:\Users
2011-12-18 22:10:14 ----A---- C:\Windows\SYSWOW64\slwga.dll
2011-12-18 22:10:14 ----A---- C:\Windows\system32\systemcpl.dll
2011-12-18 22:10:14 ----A---- C:\Windows\system32\slwga.dll
2011-12-18 22:10:13 ----A---- C:\Windows\SYSWOW64\user32.dll
2011-12-18 22:10:13 ----A---- C:\Windows\system32\user32.dll
2011-12-18 22:09:43 ----D---- C:\Windows\system32\restore
2011-12-18 22:06:13 ----D---- C:\Windows\system32\CodeIntegrity
2011-12-18 21:52:54 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 42328]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 591192]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 304472]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 58712]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-04-06 1208320]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-24 119312]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-12-19 3063360]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-26 279616]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-10-18 38424]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-03-27 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-30 864032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-18 1255736]

-----------------EOF-----------------

Minule jste tam mel jiny crack Nehodlam to dale pitvat, jednani bylo ohodnoceno warnem + prislusnym rankem, pokud se bude situace s nelegal bezp.SW opakovat bude pomoc okamzite odmitnuta

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost 2 a potvrte enterem
• Utilita provede svou cinnost a da log - ten sem vlozte
• Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Dominik [Admin rights]
Mode: Remove -- Date : 01/16/2012 19:15:28

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : iTIcTKXhQQ.exe (C:\Users\Dominik\AppData\Roaming\QeMdPTsheYqnLgFLHTWk\QeMdPTsheYqnLgFLHTWk\0.0.0.0\iTIcTKXhQQ.exe) -> DELETED
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{9243AF4A-6B8E-45C1-BF42-146FACA697D8} : NameServer (160.218.161.60 194.228.211.33) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{9243AF4A-6B8E-45C1-BF42-146FACA697D8} : NameServer (160.218.161.60 194.228.211.33) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3341a6474fdc8ae92ce6e7976ac9a996
[BSP] e11bd6ebcbe6dad296d14b8aa0abaf74 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 104 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 206848 | Size: 104752 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 204802048 | Size: 393092 Mo
3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 972560384 | Size: 2147 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Dominik [Admin rights]
Mode: HOSTSFix -- Date : 01/16/2012 19:15:41

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Dominik [Admin rights]
Mode: ProxyFix -- Date : 01/16/2012 19:15:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 12-01-16.02 - Dominik . 01. 2012 20:10:27.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.4093.2788 [GMT 1:00]
Running from: c:\users\Dominik\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-16 19:14 . 2012-01-16 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-16 14:19 . 2012-01-16 14:19 -------- d-----w- C:\rsit
2012-01-15 20:05 . 2012-01-15 20:05 -------- d-----w- c:\programdata\Facebook Password Cracker
2012-01-13 11:43 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B02FDA3A-1EA4-4AD3-86BF-A340F3048D34}\mpengine.dll
2012-01-11 14:57 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:57 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:57 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 14:57 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 14:57 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:57 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 14:57 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:57 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-08 20:16 . 2012-01-08 20:16 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-07 13:44 . 2012-01-07 13:44 -------- d-----w- c:\programdata\InstallShield
2012-01-07 13:43 . 2012-01-07 13:43 -------- d-----w- c:\programdata\ScanSoft
2012-01-07 13:43 . 2012-01-07 13:43 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared
2012-01-07 13:43 . 2012-01-07 13:43 -------- d-----w- c:\program files (x86)\ScanSoft
2012-01-07 13:42 . 2012-01-07 13:43 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-01-07 13:41 . 2012-01-07 13:41 -------- d-----w- c:\program files\Common Files\CANON
2012-01-07 13:41 . 2012-01-07 13:41 -------- d-----w- c:\program files\Canon
2012-01-07 13:39 . 2007-05-21 20:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP94.DLL
2012-01-07 13:39 . 2007-05-21 20:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD94.DLL
2012-01-07 13:38 . 2012-01-07 13:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-01-07 13:38 . 2007-05-21 20:00 258560 ----a-w- c:\windows\system32\CNMLM94.DLL
2012-01-07 13:38 . 2007-03-15 05:13 229888 ----a-w- c:\windows\system32\CNC520O.DLL
2012-01-07 13:38 . 2007-03-23 07:33 1439744 ----a-w- c:\windows\system32\CNC520C.DLL
2012-01-07 13:38 . 2007-03-23 07:32 92672 ----a-w- c:\windows\system32\CNC520I.DLL
2012-01-07 13:38 . 2007-03-19 01:24 246272 ----a-w- c:\windows\system32\CNC520L.DLL
2012-01-06 18:37 . 2012-01-07 13:45 -------- d-----w- c:\program files (x86)\Canon
2012-01-02 18:54 . 2012-01-02 18:54 -------- d-----w- c:\programdata\Readon
2012-01-02 18:49 . 2012-01-02 18:49 -------- d-----w- c:\program files (x86)\Readon Technology
2011-12-30 13:20 . 2011-12-30 13:20 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-29 14:58 . 2011-12-29 14:58 -------- d-----w- c:\program files (x86)\VideoLAN
2011-12-29 13:00 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-12-29 13:00 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-12-29 13:00 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-12-29 13:00 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-12-29 13:00 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-12-28 12:30 . 2011-12-28 12:30 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-12-27 13:09 . 2011-12-27 13:09 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-12-27 13:09 . 2008-05-30 13:11 540688 ----a-w- c:\windows\system32\d3dx10_38.dll
2011-12-27 13:09 . 2008-05-30 13:11 467984 ----a-w- c:\windows\SysWow64\d3dx10_38.dll
2011-12-27 13:09 . 2008-05-30 13:11 1941528 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2011-12-27 13:09 . 2008-05-30 13:11 1491992 ----a-w- c:\windows\SysWow64\D3DCompiler_38.dll
2011-12-27 13:09 . 2008-05-30 13:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-12-27 13:09 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
2011-12-27 13:09 . 2007-07-19 17:14 508264 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-12-27 13:09 . 2007-07-19 17:14 444776 ----a-w- c:\windows\SysWow64\d3dx10_35.dll
2011-12-27 13:09 . 2007-07-19 17:14 1985904 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2011-12-27 13:09 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\SysWow64\D3DCompiler_35.dll
2011-12-27 13:09 . 2007-07-19 17:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-12-27 13:09 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2011-12-26 12:40 . 2011-12-26 12:40 -------- d-----w- c:\windows\Hewlett-Packard
2011-12-26 12:19 . 2011-12-26 12:19 -------- d--h--w- c:\programdata\CanonBJ
2011-12-26 12:19 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2011-12-26 12:14 . 2011-12-26 12:14 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-12-26 12:13 . 2011-12-26 12:13 -------- d-----w- c:\windows\PCHEALTH
2011-12-26 12:11 . 2011-12-26 12:11 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-12-26 12:11 . 2011-12-26 12:15 -------- d-----w- c:\programdata\Microsoft Help
2011-12-26 12:09 . 2011-12-26 12:09 -------- d-----r- C:\MSOCache
2011-12-26 12:04 . 2011-12-26 12:04 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-26 12:04 . 2011-12-26 12:04 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-12-26 12:04 . 2011-12-26 12:04 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-12-24 11:54 . 2011-12-24 11:54 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-12-24 11:48 . 2011-12-24 11:49 -------- d-----w- C:\Dev-Pas
2011-12-23 17:17 . 2011-12-30 13:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-12-23 17:17 . 2011-12-23 17:17 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-19 20:09 . 2011-12-26 12:13 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-12-19 19:38 . 2011-12-19 19:38 -------- d-----w- c:\programdata\Uninstall
2011-12-19 19:38 . 2011-12-19 19:38 -------- d-----w- c:\program files (x86)\Common Files\Roxio Shared
2011-12-19 19:38 . 2011-12-19 19:38 -------- d-----w- c:\program files\Hewlett-Packard
2011-12-19 19:36 . 2011-03-22 05:25 229888 ----a-w- c:\windows\system32\wwansvc.dll
2011-12-19 19:36 . 2011-12-19 19:36 -------- d-----w- C:\system.sav
2011-12-19 19:36 . 2011-12-19 19:36 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2011-12-19 17:26 . 2009-07-01 11:46 132648 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-12-19 17:26 . 2009-07-01 11:46 21160 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-12-19 17:26 . 2009-04-07 14:33 35104 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2011-12-19 17:26 . 2009-07-01 11:46 98344 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-12-19 17:25 . 2011-12-19 17:25 -------- d-----w- c:\program files\WIDCOMM
2011-12-19 15:31 . 2009-03-01 22:47 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2011-12-19 15:23 . 2011-12-19 15:23 -------- d-----r- c:\program files (x86)\Skype
2011-12-19 15:23 . 2011-12-19 15:23 -------- d-----w- c:\programdata\Skype
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\windows\SysWow64\wbem\sk-SK
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\windows\SysWow64\drivers\sk-SK
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\windows\sk-SK
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\windows\system32\wbem\sk-SK
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\windows\system32\drivers\sk-SK
2011-12-19 13:46 . 2011-12-19 13:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-19 13:46 . 2011-12-19 13:46 -------- d-----w- c:\windows\system32\Macromed
2011-12-19 13:46 . 2011-12-19 13:46 -------- d-----w- c:\windows\SysWow64\Macromed
2011-12-19 13:44 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-12-19 13:44 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-12-19 13:40 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-12-19 13:39 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-19 13:38 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-19 13:33 . 2011-12-19 13:33 -------- d-----w- c:\program files\ATI Technologies
2011-12-19 13:33 . 2011-12-19 13:33 -------- d-----w- c:\program files\ATI
2011-12-19 13:23 . 2011-12-19 13:23 10240 ----a-w- c:\windows\system32\yk62x64ver.dll
2011-12-19 13:22 . 2011-12-19 13:22 -------- d-----w- c:\program files (x86)\Marvell
2011-12-19 13:22 . 2011-12-19 13:22 -------- d-----w- c:\program files (x86)\Cisco
2011-12-19 13:22 . 2012-01-16 16:10 -------- d-sh--w- c:\windows\Installer
2011-12-19 13:21 . 2011-12-19 13:21 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-12-19 13:21 . 2011-12-19 13:21 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-12-19 13:21 . 2011-12-19 13:21 3891200 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2011-12-19 13:21 . 2011-12-19 13:21 3555840 ----a-w- c:\windows\system32\bcmihvui64.dll
2011-12-19 13:21 . 2011-12-19 13:21 3063360 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2011-12-19 13:21 . 2011-12-19 13:21 -------- d-----w- c:\program files\Broadcom
2011-12-19 13:20 . 2009-03-27 17:12 13824 ------w- c:\windows\SysWow64\agrscoin.dll
2011-12-19 13:20 . 2009-03-27 17:12 14848 ------w- c:\windows\SysWow64\agrsco64.dll
2011-12-19 13:20 . 2009-03-27 17:03 61440 ------w- c:\windows\SysWow64\agrsmdel.exe
2011-12-19 13:20 . 2011-12-19 13:20 -------- d-----w- c:\program files\LSI SoftModem
2011-12-19 13:20 . 2011-12-19 13:20 -------- d-----w- c:\windows\Options
2011-12-19 13:20 . 2011-12-26 12:39 -------- d-----w- C:\SwSetup
2011-12-19 05:51 . 2011-12-18 21:10 -------- d-----w- c:\windows\Panther
2011-12-18 21:11 . 2012-01-10 20:15 -------- d-----w- c:\users\Dominik
2011-12-18 21:10 . 2011-12-18 21:10 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-18 21:10 . 2011-12-18 21:10 -------- d-----w- c:\windows\system32\Wat
2011-12-18 21:09 . 2011-12-18 21:09 -------- d-----w- C:\Recovery
2011-12-18 20:54 . 2011-12-18 20:54 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 21:10 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2011-12-18 21:10 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-12-18 21:10 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2011-12-18 21:10 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2011-12-18 21:10 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2011-11-15 13:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-12-18 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-12-18 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-06-18 772096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000Core.job
- c:\users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 14:29]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000UA.job
- c:\users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 14:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9243AF4A-6B8E-45C1-BF42-146FACA697D8}: NameServer = 160.218.161.60 194.228.211.33
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-16 20:16:48
ComboFix-quarantined-files.txt 2012-01-16 19:16
.
Pre-Run: 59 442 941 952 bytes free
Post-Run: 58 984 792 064 bytes free
.
- - End Of File - - 7A6CC3753FF0B8DF8B1C0142A87A493E

Tohle c:\programdata\Facebook Password Cracker je co prosim

no to je presne ten vir čo som pustil

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Fcopy::
  c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll | c:\windows\system32\user32.dll
  c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | c:\windows\SysWOW64\user32.dll
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"=-
  "DAEMON Tools Lite"=-
  "Sony Ericsson PC Companion"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "SSBkgdUpdate"=-
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000UA.job
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  Folder::
  c:\programdata\Facebook Password Cracker
  
  ClearJavaCache::
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 12-01-16.02 - Dominik . 01. 2012 17:58:52.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.4093.2857 [GMT 1:00]
Running from: c:\users\Dominik\Desktop\ComboFix.exe
Command switches used :: c:\users\Dominik\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Facebook Password Cracker
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-553501304-2295129646-1275366660-1000UA.job
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 17:06 . 2012-01-17 17:06 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3691266F-0D10-4349-B7A5-0541D11C6FE0}\offreg.dll
2012-01-17 17:03 . 2012-01-17 17:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 16:36 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3691266F-0D10-4349-B7A5-0541D11C6FE0}\mpengine.dll
2012-01-16 16:06 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-16 16:06 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-16 16:06 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-16 16:06 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-16 16:06 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-16 16:06 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-16 16:06 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-16 16:05 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-16 16:05 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-16 16:05 . 2012-01-16 16:05 -------- d-----w- c:\programdata\AVAST Software
2012-01-16 16:05 . 2012-01-16 16:05 -------- d-----w- c:\program files\AVAST Software
2012-01-16 14:19 . 2012-01-16 16:14 -------- d-----w- c:\program files\trend micro
2012-01-16 14:19 . 2012-01-16 14:19 -------- d-----w- C:\rsit
2012-01-11 14:57 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:57 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:57 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 14:57 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 14:57 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:57 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 14:57 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:57 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-08 20:16 . 2012-01-08 20:16 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-07 13:44 . 2012-01-07 13:44 -------- d-----w- c:\programdata\InstallShield
2012-01-07 13:43 . 2012-01-07 13:43 -------- d-----w- c:\programdata\ScanSoft
2012-01-07 13:43 . 2012-01-07 13:43 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared
2012-01-07 13:43 . 2012-01-07 13:43 -------- d-----w- c:\program files (x86)\ScanSoft
2012-01-07 13:42 . 2012-01-07 13:43 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-01-07 13:41 . 2012-01-07 13:41 -------- d-----w- c:\program files\Common Files\CANON
2012-01-07 13:41 . 2012-01-07 13:41 -------- d-----w- c:\program files\Canon
2012-01-07 13:39 . 2007-05-21 20:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP94.DLL
2012-01-07 13:39 . 2007-05-21 20:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD94.DLL
2012-01-07 13:38 . 2012-01-07 13:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-01-07 13:38 . 2007-05-21 20:00 258560 ----a-w- c:\windows\system32\CNMLM94.DLL
2012-01-07 13:38 . 2007-03-15 05:13 229888 ----a-w- c:\windows\system32\CNC520O.DLL
2012-01-07 13:38 . 2007-03-23 07:33 1439744 ----a-w- c:\windows\system32\CNC520C.DLL
2012-01-07 13:38 . 2007-03-23 07:32 92672 ----a-w- c:\windows\system32\CNC520I.DLL
2012-01-07 13:38 . 2007-03-19 01:24 246272 ----a-w- c:\windows\system32\CNC520L.DLL
2012-01-06 18:37 . 2012-01-07 13:45 -------- d-----w- c:\program files (x86)\Canon
2012-01-02 18:54 . 2012-01-02 18:54 -------- d-----w- c:\programdata\Readon
2012-01-02 18:49 . 2012-01-02 18:49 -------- d-----w- c:\program files (x86)\Readon Technology
2011-12-30 13:20 . 2011-12-30 13:20 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-29 14:58 . 2011-12-29 14:58 -------- d-----w- c:\program files (x86)\VideoLAN
2011-12-29 13:00 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-12-29 13:00 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-12-29 13:00 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-12-29 13:00 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-12-29 13:00 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-12-28 12:30 . 2011-12-28 12:30 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-12-27 13:09 . 2011-12-27 13:09 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-12-27 13:09 . 2008-05-30 13:11 540688 ----a-w- c:\windows\system32\d3dx10_38.dll
2011-12-27 13:09 . 2008-05-30 13:11 467984 ----a-w- c:\windows\SysWow64\d3dx10_38.dll
2011-12-27 13:09 . 2008-05-30 13:11 1941528 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2011-12-27 13:09 . 2008-05-30 13:11 1491992 ----a-w- c:\windows\SysWow64\D3DCompiler_38.dll
2011-12-27 13:09 . 2008-05-30 13:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-12-27 13:09 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
2011-12-27 13:09 . 2007-07-19 17:14 508264 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-12-27 13:09 . 2007-07-19 17:14 444776 ----a-w- c:\windows\SysWow64\d3dx10_35.dll
2011-12-27 13:09 . 2007-07-19 17:14 1985904 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2011-12-27 13:09 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\SysWow64\D3DCompiler_35.dll
2011-12-27 13:09 . 2007-07-19 17:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-12-27 13:09 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2011-12-26 12:40 . 2011-12-26 12:40 -------- d-----w- c:\windows\Hewlett-Packard
2011-12-26 12:19 . 2011-12-26 12:19 -------- d--h--w- c:\programdata\CanonBJ
2011-12-26 12:19 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2011-12-26 12:14 . 2011-12-26 12:14 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-12-26 12:13 . 2011-12-26 12:13 -------- d-----w- c:\windows\PCHEALTH
2011-12-26 12:11 . 2011-12-26 12:11 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-12-26 12:11 . 2011-12-26 12:15 -------- d-----w- c:\programdata\Microsoft Help
2011-12-26 12:09 . 2011-12-26 12:09 -------- d-----r- C:\MSOCache
2011-12-26 12:04 . 2011-12-26 12:04 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-26 12:04 . 2011-12-26 12:04 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-12-26 12:04 . 2011-12-26 12:04 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-12-24 11:54 . 2011-12-24 11:54 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-12-24 11:48 . 2011-12-24 11:49 -------- d-----w- C:\Dev-Pas
2011-12-23 17:17 . 2011-12-30 13:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-12-23 17:17 . 2011-12-23 17:17 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-19 20:09 . 2011-12-26 12:13 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-12-19 19:38 . 2011-12-19 19:38 -------- d-----w- c:\programdata\Uninstall
2011-12-19 19:38 . 2011-12-19 19:38 -------- d-----w- c:\program files (x86)\Common Files\Roxio Shared
2011-12-19 19:38 . 2011-12-19 19:38 -------- d-----w- c:\program files\Hewlett-Packard
2011-12-19 19:36 . 2011-03-22 05:25 229888 ----a-w- c:\windows\system32\wwansvc.dll
2011-12-19 19:36 . 2011-12-19 19:36 -------- d-----w- C:\system.sav
2011-12-19 19:36 . 2011-12-19 19:36 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2011-12-19 17:26 . 2009-07-01 11:46 132648 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-12-19 17:26 . 2009-07-01 11:46 21160 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-12-19 17:26 . 2009-04-07 14:33 35104 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2011-12-19 17:26 . 2009-07-01 11:46 98344 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-12-19 17:25 . 2011-12-19 17:25 -------- d-----w- c:\program files\WIDCOMM
2011-12-19 15:31 . 2009-03-01 22:47 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2011-12-19 15:23 . 2011-12-19 15:23 -------- d-----r- c:\program files (x86)\Skype
2011-12-19 15:23 . 2011-12-19 15:23 -------- d-----w- c:\programdata\Skype
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\windows\SysWow64\wbem\sk-SK
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\windows\SysWow64\drivers\sk-SK
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\windows\sk-SK
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\windows\system32\wbem\sk-SK
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\windows\system32\drivers\sk-SK
2011-12-19 13:46 . 2011-12-19 13:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-19 13:46 . 2011-12-19 13:46 -------- d-----w- c:\windows\system32\Macromed
2011-12-19 13:46 . 2011-12-19 13:46 -------- d-----w- c:\windows\SysWow64\Macromed
2011-12-19 13:44 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-12-19 13:44 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-12-19 13:40 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-12-19 13:39 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-19 13:38 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-19 13:33 . 2011-12-19 13:33 -------- d-----w- c:\program files\ATI Technologies
2011-12-19 13:33 . 2011-12-19 13:33 -------- d-----w- c:\program files\ATI
2011-12-19 13:23 . 2011-12-19 13:23 10240 ----a-w- c:\windows\system32\yk62x64ver.dll
2011-12-19 13:22 . 2011-12-19 13:22 -------- d-----w- c:\program files (x86)\Marvell
2011-12-19 13:22 . 2011-12-19 13:22 -------- d-----w- c:\program files (x86)\Cisco
2011-12-19 13:22 . 2012-01-16 16:10 -------- d-sh--w- c:\windows\Installer
2011-12-19 13:21 . 2011-12-19 13:21 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-12-19 13:21 . 2011-12-19 13:21 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-12-19 13:21 . 2011-12-19 13:21 3891200 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2011-12-19 13:21 . 2011-12-19 13:21 3555840 ----a-w- c:\windows\system32\bcmihvui64.dll
2011-12-19 13:21 . 2011-12-19 13:21 3063360 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2011-12-19 13:21 . 2011-12-19 13:21 -------- d-----w- c:\program files\Broadcom
2011-12-19 13:20 . 2009-03-27 17:12 13824 ------w- c:\windows\SysWow64\agrscoin.dll
2011-12-19 13:20 . 2009-03-27 17:12 14848 ------w- c:\windows\SysWow64\agrsco64.dll
2011-12-19 13:20 . 2009-03-27 17:03 61440 ------w- c:\windows\SysWow64\agrsmdel.exe
2011-12-19 13:20 . 2011-12-19 13:20 -------- d-----w- c:\program files\LSI SoftModem
2011-12-19 13:20 . 2011-12-19 13:20 -------- d-----w- c:\windows\Options
2011-12-19 13:20 . 2011-12-26 12:39 -------- d-----w- C:\SwSetup
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 21:10 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2011-12-18 21:10 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-12-18 21:10 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2011-11-15 13:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-16_19.14.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-16 16:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-17 17:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-17 17:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-16 16:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-16 16:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-17 17:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-01-17 16:35 29432 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-17 16:35 43922 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-19 13:26 . 2012-01-17 17:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-19 13:26 . 2012-01-16 16:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-01-17 16:39 89040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-19 13:26 . 2012-01-17 17:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-19 13:26 . 2012-01-16 16:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-19 13:26 . 2012-01-17 17:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-19 13:26 . 2012-01-16 16:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-18 21:17 . 2012-01-16 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-18 21:17 . 2012-01-17 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-18 21:17 . 2012-01-16 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-18 21:17 . 2012-01-17 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-18 21:13 . 2012-01-17 16:35 6276 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-553501304-2295129646-1275366660-1000_UserData.bin
+ 2011-12-18 20:55 . 2012-01-17 17:03 1885 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-12-18 20:55 . 2012-01-16 16:11 1885 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-01-16 16:11 . 2012-01-16 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-17 17:04 . 2012-01-17 17:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-16 16:11 . 2012-01-16 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-17 17:04 . 2012-01-17 17:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-01-17 16:36 967606 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-17 16:36 442818 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-01-17 17:03 389728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-16 16:11 389728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [BU]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9243AF4A-6B8E-45C1-BF42-146FACA697D8}: NameServer = 160.218.161.60 194.228.211.33
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-01-17 18:13:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 17:13
ComboFix2.txt 2012-01-16 19:16
.
Pre-Run: 60 178 120 704 bytes free
Post-Run: 59 966 308 352 bytes free
.
- - End Of File - - BF81B6EE47E3046B3533D7D1A66DC9CF