Dobry den udelal jsem scen MWAV potrebuji nejake vysvetleni
Napsal: 20 bře 2012 22:24
Co tam bylo za havet a jestli to odstranilo moc neumim anglicky(vubec:-)
20 3 2012 22:00:29 - ***** Scanning Registry and File system for Adware/Spyware *****
20 3 2012 22:00:29 - Loading Spyware Signatures from new External Database [Name: C:\SYSTEM~2\spydb.avs, Size: 981864]...
20 3 2012 22:00:29 - Indexed Spyware Databases Successfully Created...
20 3 2012 22:00:33 - Offending file found: C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\0
20 3 2012 22:00:33 - System found infected with Generic Protect Antivirus (0)! Action taken: File Deleted.
20 3 2012 22:00:33 - Object "Generic Protect Antivirus" found in File System! Action Taken: File Deleted.
20 3 2012 22:00:36 - Offending file found: C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\43
20 3 2012 22:00:36 - System found infected with XPAntivirus (43)! Action taken: File Deleted.
20 3 2012 22:00:36 - Object "XPAntivirus" found in File System! Action Taken: File Deleted.
20 3 2012 22:00:39 - Offending file found: C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\bsslogs\0
20 3 2012 22:00:39 - System found infected with Generic Protect Antivirus (0)! Action taken: File Deleted.
20 3 2012 22:00:39 - Object "Generic Protect Antivirus" found in File System! Action Taken: File Deleted.
20 3 2012 22:00:42 - Offending file found: C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\bsslogs\43
20 3 2012 22:00:42 - System found infected with XPAntivirus (43)! Action taken: File Deleted.
20 3 2012 22:00:42 - Object "XPAntivirus" found in File System! Action Taken: File Deleted.
20 3 2012 22:00:43 - ***** Scanning Registry Files *****
20 3 2012 22:00:43 - Clearing Temporary sub-folders as Spyware/Adware found in system...
20 3 2012 22:00:43 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
20 3 2012 22:00:43 - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
20 3 2012 22:00:43 - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
20 3 2012 22:00:43 - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
20 3 2012 22:00:43 - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
20 3 2012 22:00:43 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
20 3 2012 22:00:43 - ***** Scanning System32 Folders *****
20 3 2012 22:01:00 - C:\System odklon\TMP000000B7FF44EE531DA9C60C not Scanned. Possibly password protected...
20 3 2012 22:01:00 - ***** Scanning All Drives *****
20 3 2012 22:01:00 - ***** C:,E: *****
20 3 2012 22:01:00 - Scanning C:\ Drive
20 3 2012 22:02:14 - Scanning File C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3266
20 3 2012 22:02:14 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3266
20 3 2012 22:02:14 - Scanning File C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3268
20 3 2012 22:02:14 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3268
20 3 2012 22:02:14 - Scanning File C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3269
20 3 2012 22:02:14 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3269
20 3 2012 22:02:14 - Scanning File C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3270
20 3 2012 22:02:14 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3270
20 3 2012 22:02:14 - Scanning File C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3271
20 3 2012 22:02:14 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3271
20 3 2012 22:02:15 - C:\ProgramData\Kaspersky Lab\AVP12\Data\iswift.dat not Scanned. Possibly password protected...
20 3 2012 22:02:15 - C:\ProgramData\Kaspersky Lab\AVP12\Data\sfdb.dat not Scanned. Possibly password protected...
20 3 2012 22:02:38 - C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\file_cache\meta not Scanned. Possibly password protected...
20 3 2012 22:02:41 - C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin not Scanned. Possibly password protected...
20 3 2012 22:02:48 - C:\System odklon\TMP000000B7FF44EE531DA9C60C not Scanned. Possibly password protected...
20 3 2012 22:02:48 - C:\System Volume Information\ISwift3.dat not Scanned. Possibly password protected...
20 3 2012 22:02:48 - C:\System Volume Information\Syscache.hve not Scanned. Possibly password protected...
20 3 2012 22:02:48 - C:\System Volume Information\Syscache.hve.LOG1 not Scanned. Possibly password protected...
20 3 2012 22:02:48 - C:\Users\Dada\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 not Scanned. Possibly password protected...
20 3 2012 22:02:53 - Scanning File C:\Users\Dada\AppData\Roaming\TZAC\tizek32.sys (????)
20 3 2012 22:02:53 - File C:\Users\Dada\AppData\Roaming\TZAC\tizek32.sys infected by "TR/Spy.190976.30 (ES)" Virus! Action Taken: File Renamed.
20 3 2012 22:03:01 - C:\Users\Dada\ntuser.dat.LOG1 not Scanned. Possibly password protected...
20 3 2012 22:03:56 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected...
20 3 2012 22:03:56 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected...
20 3 2012 22:03:56 - C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 not Scanned. Possibly password protected...
20 3 2012 22:03:56 - C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 not Scanned. Possibly password protected...
20 3 2012 22:04:04 - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
20 3 2012 22:04:04 - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...
20 3 2012 22:04:42 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl not Scanned. Possibly password protected...
20 3 2012 22:04:42 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl not Scanned. Possibly password protected...
20 3 2012 22:04:42 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl not Scanned. Possibly password protected...
20 3 2012 22:04:42 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl not Scanned. Possibly password protected...
20 3 2012 22:08:09 - Scanning E:\ Drive
20 3 2012 22:08:09 - E:\Boot\BCD not Scanned. Possibly password protected...
20 3 2012 22:08:21 - Scanning File E:\zaloha programy\programy WINDOWS\DTLite4453-0297.exe
20 3 2012 22:08:21 - File E:\zaloha programy\programy WINDOWS\DTLite4453-0297.exe infected by "Win32/OpenCandy (ES)" Virus! Action Taken: File Renamed.
20 3 2012 22:08:28 - Closing all applications and shutting down PC...
20 3 2012 22:08:30 - ***** Checking for specific ITW Viruses *****
20 3 2012 22:08:30 - ***** Scanning complete. *****
20 3 2012 22:08:30 - Total Objects Scanned: 161844
20 3 2012 22:08:30 - Total Critical Objects: 6
20 3 2012 22:08:30 - Total Disinfected Objects: 0
20 3 2012 22:08:30 - Total Objects Renamed: 2
20 3 2012 22:08:30 - Total Deleted Objects: 4
20 3 2012 22:08:30 - Total Errors: 0
20 3 2012 22:08:30 - Time Elapsed: 00:08:13
20 3 2012 22:08:30 - Virus Database Date: 20 Mar 2012
20 3 2012 22:08:30 - Virus Database Count: 6943449
Mam KIS a divim se ze tam neco nechal projit dekuji.
RSIS
Logfile of random's system information tool 1.09 (written by random/random)
Run by Dada at 2012-03-20 22:32:25
Microsoft Windows 7 Home Basic Service Pack 1
System drive C: has 8 GB (26%) free of 31 GB
Total RAM: 8189 MB (84% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:32:28, on 20.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\EXPERTool\TBPANEL.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\trend micro\Dada.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PhenomMsrTweaker service (PhenomMsrTweaker) - Unknown owner - C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5835 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files (x86)\EXPERTool\TBPANEL.exe" /A
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
KHALMNPR.EXE /API
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\Dada\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GlaryInitialize.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Dada\AppData\Roaming\Mozilla\Firefox\Profiles\61jqqhs5.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [2011-04-24 91536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-03-05 79240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [2011-04-24 292752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24 86416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2011-12-26 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-12-26 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24 229776]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-10-29 1680976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"=C:\Program Files (x86)\EXPERTool\TBPanel.exe [2011-08-02 2273608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise Memory Optimizer]
C:\Program Files (x86)\Wise PC Engineer\WiseMemOptimizer.exe a []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Dada^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
C:\PROGRA~2\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\System32\klogon.dll [2011-04-24 234896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-10-28 66640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=1
"NoDriveTypeAutoRun"=153
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-03-20 22:32:25 ----D---- C:\rsit
2012-03-20 22:32:25 ----D---- C:\Program Files\trend micro
2012-03-20 22:12:25 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-03-20 22:12:23 ----A---- C:\Windows\ntbtlog.txt
2012-03-20 21:58:54 ----AD---- C:\Windows\VDLL.DLL
2012-03-20 21:58:54 ----AD---- C:\Windows\SYSWOW64\runouce.exe
2012-03-20 21:58:54 ----AD---- C:\Windows\RUNDL132.EXE
2012-03-20 21:58:54 ----AD---- C:\Windows\logo_1.exe
2012-03-20 21:53:52 ----A---- C:\Windows\SYSWOW64\msvcr80.dll
2012-03-20 21:53:51 ----A---- C:\Windows\SYSWOW64\msvcp80.dll
2012-03-20 21:53:50 ----A---- C:\Windows\SYSWOW64\msvcp90.dll
2012-03-20 21:53:49 ----A---- C:\Windows\SYSWOW64\msvcr90.dll
2012-03-20 21:53:48 ----A---- C:\Windows\SYSWOW64\eEmpty.exe
2012-03-20 21:53:43 ----D---- C:\ProgramData\MicroWorld
2012-03-20 21:49:34 ----D---- C:\Users\Dada\AppData\Roaming\Download Manager
2012-03-15 19:11:28 ----D---- C:\Program Files (x86)\DExUS
2012-03-15 19:07:39 ----D---- C:\Program Files (x86)\GamePark
2012-03-15 08:20:12 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-03-15 08:20:11 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-03-15 08:20:11 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-03-14 16:49:07 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-14 16:49:07 ----A---- C:\Windows\system32\win32k.sys
2012-03-14 16:49:07 ----A---- C:\Windows\system32\DWrite.dll
2012-03-14 16:48:47 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-14 16:48:47 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-14 16:48:47 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-14 16:48:41 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-14 16:48:40 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-14 16:48:40 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-14 16:48:40 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-11 14:58:32 ----D---- C:\Users\Dada\AppData\Roaming\NVIDIA
2012-03-11 14:40:52 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2012-03-11 14:40:52 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2012-03-11 14:40:52 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2012-03-11 14:40:52 ----A---- C:\Windows\system32\XAudio2_7.dll
2012-03-11 14:40:52 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2012-03-11 14:40:52 ----A---- C:\Windows\system32\xactengine3_7.dll
2012-03-11 14:40:51 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2012-03-11 14:40:51 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2012-03-11 14:40:51 ----A---- C:\Windows\system32\d3dcsx_43.dll
2012-03-11 14:40:51 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2012-03-11 14:40:50 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2012-03-11 14:40:50 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2012-03-11 14:40:50 ----A---- C:\Windows\system32\d3dx11_43.dll
2012-03-11 14:40:50 ----A---- C:\Windows\system32\d3dx10_43.dll
2012-03-11 14:40:49 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2012-03-11 14:40:49 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2012-03-11 14:40:49 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2012-03-11 14:40:49 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-03-11 14:40:49 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-03-11 14:40:49 ----A---- C:\Windows\system32\D3DX9_43.dll
2012-03-11 14:40:48 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2012-03-11 14:40:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2012-03-11 14:40:48 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-03-11 14:40:48 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2012-03-11 14:40:47 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2012-03-11 14:40:47 ----A---- C:\Windows\system32\XAudio2_5.dll
2012-03-11 14:40:46 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2012-03-11 14:40:46 ----A---- C:\Windows\system32\xactengine3_5.dll
2012-03-11 14:40:45 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2012-03-11 14:40:45 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2012-03-11 14:40:45 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2012-03-11 14:40:45 ----A---- C:\Windows\system32\d3dx11_42.dll
2012-03-11 14:40:45 ----A---- C:\Windows\system32\d3dcsx_42.dll
2012-03-11 14:40:45 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2012-03-11 14:40:44 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2012-03-11 14:40:44 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2012-03-11 14:40:44 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2012-03-11 14:40:44 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2012-03-11 14:40:44 ----A---- C:\Windows\system32\D3DX9_42.dll
2012-03-11 14:40:44 ----A---- C:\Windows\system32\d3dx10_42.dll
2012-03-11 14:40:44 ----A---- C:\Windows\system32\d3dx10_41.dll
2012-03-11 14:40:44 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2012-03-11 14:40:43 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2012-03-11 14:40:43 ----A---- C:\Windows\system32\D3DX9_41.dll
2012-03-11 14:40:42 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2012-03-11 14:40:42 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2012-03-11 14:40:42 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2012-03-11 14:40:42 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2012-03-11 14:40:42 ----A---- C:\Windows\system32\XAudio2_4.dll
2012-03-11 14:40:42 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2012-03-11 14:40:42 ----A---- C:\Windows\system32\xactengine3_4.dll
2012-03-11 14:40:42 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2012-03-11 14:40:41 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2012-03-11 14:40:41 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2012-03-11 14:40:41 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2012-03-11 14:40:41 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2012-03-11 14:40:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2012-03-11 14:40:41 ----A---- C:\Windows\system32\XAudio2_3.dll
2012-03-11 14:40:41 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2012-03-11 14:40:41 ----A---- C:\Windows\system32\D3DX9_40.dll
2012-03-11 14:40:41 ----A---- C:\Windows\system32\d3dx10_40.dll
2012-03-11 14:40:41 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2012-03-11 14:40:40 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2012-03-11 14:40:40 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2012-03-11 14:40:40 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2012-03-11 14:40:40 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2012-03-11 14:40:40 ----A---- C:\Windows\system32\XAudio2_2.dll
2012-03-11 14:40:40 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2012-03-11 14:40:40 ----A---- C:\Windows\system32\xactengine3_3.dll
2012-03-11 14:40:40 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2012-03-11 14:40:39 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2012-03-11 14:40:39 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2012-03-11 14:40:39 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2012-03-11 14:40:39 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2012-03-11 14:40:39 ----A---- C:\Windows\system32\xactengine3_2.dll
2012-03-11 14:40:39 ----A---- C:\Windows\system32\D3DX9_39.dll
2012-03-11 14:40:39 ----A---- C:\Windows\system32\d3dx10_39.dll
2012-03-11 14:40:39 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\XAudio2_1.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\xactengine3_1.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\d3dx10_38.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2012-03-11 14:40:37 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-03-11 14:40:37 ----A---- C:\Windows\system32\D3DX9_38.dll
2012-03-11 14:39:32 ----D---- C:\Windows\SYSWOW64\directx
2012-03-11 14:38:35 ----D---- C:\ProgramData\NVIDIA
2012-03-11 14:38:21 ----A---- C:\Windows\system32\nvvsvc.exe
2012-03-11 14:38:21 ----A---- C:\Windows\system32\nvsvc64.dll
2012-03-11 14:38:21 ----A---- C:\Windows\system32\nvshext.dll
2012-03-11 14:38:21 ----A---- C:\Windows\system32\nvmctray.dll
2012-03-11 14:38:21 ----A---- C:\Windows\system32\nvcpl.dll
2012-03-11 14:37:47 ----D---- C:\ProgramData\NVIDIA Corporation
2012-03-11 14:37:40 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-03-11 14:36:52 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2012-03-11 14:36:52 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2012-03-11 14:36:52 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2012-03-11 14:36:52 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2012-03-11 14:36:52 ----A---- C:\Windows\system32\OpenCL.dll
2012-03-11 14:36:52 ----A---- C:\Windows\system32\nvwgf2umx.dll
2012-03-11 14:36:52 ----A---- C:\Windows\system32\nvumdshimx.dll
2012-03-11 14:36:52 ----A---- C:\Windows\system32\nvoglv64.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvinitx.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvgenco64.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvdispco64.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvdecodemft.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvd3dumx.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvcuvid.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvcuda.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvcompiler.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvapi64.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-03-11 14:21:06 ----A---- C:\Windows\system32\rtvcvfw32.dll
2012-03-11 13:11:27 ----RA---- C:\Windows\system32\drivers\Entech64.sys
2012-03-11 13:11:27 ----D---- C:\Windows\SYSWOW64\Futuremark
2012-03-11 13:11:08 ----D---- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2012-03-11 13:10:57 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-03-11 13:10:57 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2012-03-11 13:10:57 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-03-11 13:10:57 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-03-11 13:10:57 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-03-11 13:10:57 ----A---- C:\Windows\system32\XAudio2_0.dll
2012-03-11 13:10:57 ----A---- C:\Windows\system32\xactengine3_0.dll
2012-03-11 13:10:57 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2012-03-11 13:10:57 ----A---- C:\Windows\system32\d3dx10_37.dll
2012-03-11 13:10:57 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2012-03-11 13:10:56 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2012-03-11 13:10:56 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-03-11 13:10:56 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-03-11 13:10:56 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-03-11 13:10:56 ----A---- C:\Windows\system32\xactengine2_10.dll
2012-03-11 13:10:56 ----A---- C:\Windows\system32\D3DX9_37.dll
2012-03-11 13:10:56 ----A---- C:\Windows\system32\d3dx10_36.dll
2012-03-11 13:10:56 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2012-03-11 13:10:55 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2012-03-11 13:10:55 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-03-11 13:10:55 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-03-11 13:10:55 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-03-11 13:10:55 ----A---- C:\Windows\system32\xactengine2_9.dll
2012-03-11 13:10:55 ----A---- C:\Windows\system32\d3dx9_36.dll
2012-03-11 13:10:55 ----A---- C:\Windows\system32\d3dx10_35.dll
2012-03-11 13:10:55 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2012-03-11 13:10:54 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2012-03-11 13:10:54 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-03-11 13:10:54 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2012-03-11 13:10:54 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-03-11 13:10:54 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2012-03-11 13:10:54 ----A---- C:\Windows\system32\d3dx9_35.dll
2012-03-11 13:06:23 ----D---- C:\Windows\Sun
2012-03-07 02:29:37 ----D---- C:\Users\Dada\AppData\Roaming\SUPERAntiSpyware.com
2012-03-07 02:29:25 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-03-07 02:29:25 ----D---- C:\Program Files\SUPERAntiSpyware
2012-03-07 02:21:23 ----D---- C:\Users\Dada\AppData\Roaming\WinRAR
2012-03-06 20:36:46 ----A---- C:\Windows\system32\mshtmled.dll
2012-03-06 20:36:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-03-06 20:36:44 ----A---- C:\Windows\SYSWOW64\url.dll
2012-03-06 20:36:44 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-03-06 20:36:44 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-03-06 20:36:44 ----A---- C:\Windows\system32\url.dll
2012-03-06 20:36:44 ----A---- C:\Windows\system32\jscript9.dll
2012-03-06 20:36:44 ----A---- C:\Windows\system32\iertutil.dll
2012-03-06 20:36:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-03-06 20:36:43 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-03-06 20:36:43 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-03-06 20:36:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-03-06 20:36:43 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-03-06 20:36:43 ----A---- C:\Windows\system32\wininet.dll
2012-03-06 20:36:43 ----A---- C:\Windows\system32\urlmon.dll
2012-03-06 20:36:43 ----A---- C:\Windows\system32\jsproxy.dll
2012-03-06 20:36:43 ----A---- C:\Windows\system32\jscript.dll
2012-03-06 20:36:43 ----A---- C:\Windows\system32\ieui.dll
2012-03-06 20:36:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-03-06 20:36:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-03-06 20:36:41 ----A---- C:\Windows\system32\mshtml.dll
2012-03-06 20:36:41 ----A---- C:\Windows\system32\ieframe.dll
2012-03-05 10:36:46 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-03-05 10:36:41 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2012-03-05 10:35:18 ----A---- C:\Windows\system32\javaws.exe
2012-03-05 10:35:18 ----A---- C:\Windows\system32\javaw.exe
2012-03-05 10:35:18 ----A---- C:\Windows\system32\java.exe
2012-03-05 10:35:16 ----D---- C:\Program Files\Java
2012-03-05 10:34:27 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-03-05 10:34:27 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-03-05 10:34:27 ----A---- C:\Windows\system32\shell32.dll
2012-03-05 10:34:27 ----A---- C:\Windows\system32\ntshrui.dll
2012-03-05 10:34:20 ----A---- C:\Windows\system32\drivers\afd.sys
2012-03-05 10:34:15 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-03-05 10:34:15 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-03-05 10:34:15 ----A---- C:\Windows\system32\schannel.dll
2012-03-05 10:34:15 ----A---- C:\Windows\system32\msvcrt.dll
2012-03-05 10:34:15 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-03-05 10:34:13 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-03-05 10:34:13 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-03-05 10:34:13 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\webio.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\sspisrv.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\sspicli.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\secur32.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\lsass.exe
2012-03-05 10:34:13 ----A---- C:\Windows\system32\lsasrv.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-03-05 10:34:13 ----A---- C:\Windows\system32\drivers\cng.sys
2012-03-05 10:33:00 ----D---- C:\Program Files (x86)\Glary Utilities
2012-02-29 20:21:24 ----A---- C:\Windows\SYSWOW64\xfcodec.dll
2012-02-29 20:21:24 ----A---- C:\Windows\system32\xfcodec64.dll
======List of files/folders modified in the last 1 month======
2012-03-20 22:32:28 ----D---- C:\System odklon
2012-03-20 22:32:25 ----RD---- C:\Program Files
2012-03-20 22:26:43 ----D---- C:\ProgramData\Kaspersky Lab
2012-03-20 22:15:50 ----D---- C:\Users\Dada\AppData\Roaming\TZAC
2012-03-20 22:15:37 ----D---- C:\Windows\system32\config
2012-03-20 22:13:38 ----D---- C:\Windows
2012-03-20 22:13:20 ----D---- C:\Windows\inf
2012-03-20 22:12:29 ----D---- C:\Windows\system32\LogFiles
2012-03-20 22:12:25 ----D---- C:\Windows\System32
2012-03-20 21:58:54 ----D---- C:\Windows\SysWOW64
2012-03-20 21:54:44 ----A---- C:\Windows\win.ini
2012-03-20 21:53:45 ----D---- C:\Program Files (x86)\Common Files
2012-03-20 21:53:43 ----HD---- C:\ProgramData
2012-03-20 21:22:50 ----D---- C:\ProgramData\Xfire
2012-03-20 21:22:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-03-20 21:15:53 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-03-20 21:15:47 ----D---- C:\Users\Dada\AppData\Roaming\HLSW
2012-03-19 14:27:33 ----D---- C:\Users\Dada\AppData\Roaming\vlc
2012-03-17 13:20:45 ----D---- C:\Users\Dada\AppData\Roaming\Xfire
2012-03-17 12:54:23 ----D---- C:\Windows\SoftwareDistribution
2012-03-16 14:36:03 ----D---- C:\Windows\Temp
2012-03-15 23:21:24 ----D---- C:\Windows\system32\catroot2
2012-03-15 23:19:39 ----D---- C:\Windows\debug
2012-03-15 19:11:28 ----RD---- C:\Program Files (x86)
2012-03-15 08:21:25 ----D---- C:\Windows\winsxs
2012-03-15 08:20:47 ----D---- C:\Windows\system32\drivers
2012-03-15 08:20:13 ----D---- C:\Windows\system32\catroot
2012-03-15 08:19:42 ----A---- C:\Windows\system32\MRT.exe
2012-03-12 22:49:04 ----SD---- C:\ProgramData\Microsoft
2012-03-12 22:48:39 ----D---- C:\Windows\SYSWOW64\config
2012-03-12 22:48:39 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-03-11 21:29:07 ----D---- C:\Windows\Logs
2012-03-11 19:15:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-03-11 18:21:06 ----D---- C:\Windows\system32\Tasks
2012-03-11 15:03:57 ----D---- C:\Windows\LiveKernelReports
2012-03-11 14:39:31 ----SHD---- C:\Windows\Installer
2012-03-11 14:39:31 ----SHD---- C:\Config.Msi
2012-03-11 14:38:19 ----D---- C:\Windows\Help
2012-03-11 14:38:19 ----D---- C:\Program Files\NVIDIA Corporation
2012-03-11 14:37:25 ----D---- C:\Windows\system32\DriverStore
2012-03-11 13:10:44 ----RSD---- C:\Windows\assembly
2012-03-09 20:58:01 ----D---- C:\Windows\system32\wdi
2012-03-08 22:10:27 ----D---- C:\Windows\rescache
2012-03-08 21:55:14 ----D---- C:\Windows\Microsoft.NET
2012-03-06 20:42:23 ----D---- C:\Windows\SYSWOW64\migration
2012-03-06 20:42:23 ----D---- C:\Windows\system32\migration
2012-03-06 20:42:23 ----D---- C:\Program Files\Internet Explorer
2012-03-06 20:42:23 ----D---- C:\Program Files (x86)\Internet Explorer
2012-03-05 21:50:49 ----D---- C:\Users\Dada\AppData\Roaming\TS3Client
2012-03-05 11:13:51 ----D---- C:\Program Files (x86)\Xfire
2012-03-05 11:10:53 ----SD---- C:\Users\Dada\AppData\Roaming\Microsoft
2012-03-05 11:00:32 ----D---- C:\Windows\pss
2012-03-05 10:51:39 ----D---- C:\ProgramData\Logishrd
2012-03-05 10:51:39 ----D---- C:\Program Files\Windows Media Player
2012-03-05 10:51:39 ----D---- C:\Program Files (x86)\Windows Media Player
2012-03-05 10:37:42 ----D---- C:\Users\Dada\AppData\Roaming\DAEMON Tools Lite
2012-03-05 10:35:34 ----D---- C:\Program Files\CCleaner
2012-03-05 10:35:16 ----A---- C:\Windows\system32\npdeployJava1.dll
2012-03-05 10:35:16 ----A---- C:\Windows\system32\deployJava1.dll
2012-03-05 10:33:02 ----D---- C:\Windows\Tasks
2012-02-23 09:18:36 ----N---- C:\Windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2011-03-04 460888]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-05 283200]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2011-12-26 615728]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R3 Cardex;Cardex; \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [2007-03-16 15648]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-08-24 63568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-08-24 57936]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2010-08-24 41040]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
R3 tizekdrv;tizekdrv; \??\C:\Users\Dada\AppData\Roaming\TZAC\tizek64.sys [2011-12-26 241848]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\PhenomMsrTweaker\WinRing0x64.sys [2010-06-03 14544]
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
S3 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-10 889664]
R2 PhenomMsrTweaker;PhenomMsrTweaker service; C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe [2010-06-03 188416]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-12-27 75136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-12 140672]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-26 79360]
S4 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2010-01-27 286720]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-10-28 357456]
-----------------EOF-----------------
20 3 2012 22:00:29 - ***** Scanning Registry and File system for Adware/Spyware *****
20 3 2012 22:00:29 - Loading Spyware Signatures from new External Database [Name: C:\SYSTEM~2\spydb.avs, Size: 981864]...
20 3 2012 22:00:29 - Indexed Spyware Databases Successfully Created...
20 3 2012 22:00:33 - Offending file found: C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\0
20 3 2012 22:00:33 - System found infected with Generic Protect Antivirus (0)! Action taken: File Deleted.
20 3 2012 22:00:33 - Object "Generic Protect Antivirus" found in File System! Action Taken: File Deleted.
20 3 2012 22:00:36 - Offending file found: C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\amlogs\43
20 3 2012 22:00:36 - System found infected with XPAntivirus (43)! Action taken: File Deleted.
20 3 2012 22:00:36 - Object "XPAntivirus" found in File System! Action Taken: File Deleted.
20 3 2012 22:00:39 - Offending file found: C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\bsslogs\0
20 3 2012 22:00:39 - System found infected with Generic Protect Antivirus (0)! Action taken: File Deleted.
20 3 2012 22:00:39 - Object "Generic Protect Antivirus" found in File System! Action Taken: File Deleted.
20 3 2012 22:00:42 - Offending file found: C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\bsslogs\43
20 3 2012 22:00:42 - System found infected with XPAntivirus (43)! Action taken: File Deleted.
20 3 2012 22:00:42 - Object "XPAntivirus" found in File System! Action Taken: File Deleted.
20 3 2012 22:00:43 - ***** Scanning Registry Files *****
20 3 2012 22:00:43 - Clearing Temporary sub-folders as Spyware/Adware found in system...
20 3 2012 22:00:43 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
20 3 2012 22:00:43 - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
20 3 2012 22:00:43 - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
20 3 2012 22:00:43 - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
20 3 2012 22:00:43 - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
20 3 2012 22:00:43 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
20 3 2012 22:00:43 - ***** Scanning System32 Folders *****
20 3 2012 22:01:00 - C:\System odklon\TMP000000B7FF44EE531DA9C60C not Scanned. Possibly password protected...
20 3 2012 22:01:00 - ***** Scanning All Drives *****
20 3 2012 22:01:00 - ***** C:,E: *****
20 3 2012 22:01:00 - Scanning C:\ Drive
20 3 2012 22:02:14 - Scanning File C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3266
20 3 2012 22:02:14 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3266
20 3 2012 22:02:14 - Scanning File C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3268
20 3 2012 22:02:14 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3268
20 3 2012 22:02:14 - Scanning File C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3269
20 3 2012 22:02:14 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3269
20 3 2012 22:02:14 - Scanning File C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3270
20 3 2012 22:02:14 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3270
20 3 2012 22:02:14 - Scanning File C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3271
20 3 2012 22:02:14 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Kaspersky Lab\AVP12\Bases\klava\strg3271
20 3 2012 22:02:15 - C:\ProgramData\Kaspersky Lab\AVP12\Data\iswift.dat not Scanned. Possibly password protected...
20 3 2012 22:02:15 - C:\ProgramData\Kaspersky Lab\AVP12\Data\sfdb.dat not Scanned. Possibly password protected...
20 3 2012 22:02:38 - C:\ProgramData\Kaspersky Lab\AVP12\SysWHist\file_cache\meta not Scanned. Possibly password protected...
20 3 2012 22:02:41 - C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin not Scanned. Possibly password protected...
20 3 2012 22:02:48 - C:\System odklon\TMP000000B7FF44EE531DA9C60C not Scanned. Possibly password protected...
20 3 2012 22:02:48 - C:\System Volume Information\ISwift3.dat not Scanned. Possibly password protected...
20 3 2012 22:02:48 - C:\System Volume Information\Syscache.hve not Scanned. Possibly password protected...
20 3 2012 22:02:48 - C:\System Volume Information\Syscache.hve.LOG1 not Scanned. Possibly password protected...
20 3 2012 22:02:48 - C:\Users\Dada\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 not Scanned. Possibly password protected...
20 3 2012 22:02:53 - Scanning File C:\Users\Dada\AppData\Roaming\TZAC\tizek32.sys (????)
20 3 2012 22:02:53 - File C:\Users\Dada\AppData\Roaming\TZAC\tizek32.sys infected by "TR/Spy.190976.30 (ES)" Virus! Action Taken: File Renamed.
20 3 2012 22:03:01 - C:\Users\Dada\ntuser.dat.LOG1 not Scanned. Possibly password protected...
20 3 2012 22:03:56 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected...
20 3 2012 22:03:56 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected...
20 3 2012 22:03:56 - C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 not Scanned. Possibly password protected...
20 3 2012 22:03:56 - C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 not Scanned. Possibly password protected...
20 3 2012 22:04:04 - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
20 3 2012 22:04:04 - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...
20 3 2012 22:04:42 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl not Scanned. Possibly password protected...
20 3 2012 22:04:42 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl not Scanned. Possibly password protected...
20 3 2012 22:04:42 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl not Scanned. Possibly password protected...
20 3 2012 22:04:42 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl not Scanned. Possibly password protected...
20 3 2012 22:08:09 - Scanning E:\ Drive
20 3 2012 22:08:09 - E:\Boot\BCD not Scanned. Possibly password protected...
20 3 2012 22:08:21 - Scanning File E:\zaloha programy\programy WINDOWS\DTLite4453-0297.exe
20 3 2012 22:08:21 - File E:\zaloha programy\programy WINDOWS\DTLite4453-0297.exe infected by "Win32/OpenCandy (ES)" Virus! Action Taken: File Renamed.
20 3 2012 22:08:28 - Closing all applications and shutting down PC...
20 3 2012 22:08:30 - ***** Checking for specific ITW Viruses *****
20 3 2012 22:08:30 - ***** Scanning complete. *****
20 3 2012 22:08:30 - Total Objects Scanned: 161844
20 3 2012 22:08:30 - Total Critical Objects: 6
20 3 2012 22:08:30 - Total Disinfected Objects: 0
20 3 2012 22:08:30 - Total Objects Renamed: 2
20 3 2012 22:08:30 - Total Deleted Objects: 4
20 3 2012 22:08:30 - Total Errors: 0
20 3 2012 22:08:30 - Time Elapsed: 00:08:13
20 3 2012 22:08:30 - Virus Database Date: 20 Mar 2012
20 3 2012 22:08:30 - Virus Database Count: 6943449
Mam KIS a divim se ze tam neco nechal projit dekuji.
RSIS
Logfile of random's system information tool 1.09 (written by random/random)
Run by Dada at 2012-03-20 22:32:25
Microsoft Windows 7 Home Basic Service Pack 1
System drive C: has 8 GB (26%) free of 31 GB
Total RAM: 8189 MB (84% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:32:28, on 20.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\EXPERTool\TBPANEL.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\trend micro\Dada.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PhenomMsrTweaker service (PhenomMsrTweaker) - Unknown owner - C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5835 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files (x86)\EXPERTool\TBPANEL.exe" /A
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
KHALMNPR.EXE /API
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\Dada\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GlaryInitialize.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Dada\AppData\Roaming\Mozilla\Firefox\Profiles\61jqqhs5.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [2011-04-24 91536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-03-05 79240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [2011-04-24 292752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24 86416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2011-12-26 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-12-26 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24 229776]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-10-29 1680976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"=C:\Program Files (x86)\EXPERTool\TBPanel.exe [2011-08-02 2273608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise Memory Optimizer]
C:\Program Files (x86)\Wise PC Engineer\WiseMemOptimizer.exe a []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Dada^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
C:\PROGRA~2\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\System32\klogon.dll [2011-04-24 234896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-10-28 66640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=1
"NoDriveTypeAutoRun"=153
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-03-20 22:32:25 ----D---- C:\rsit
2012-03-20 22:32:25 ----D---- C:\Program Files\trend micro
2012-03-20 22:12:25 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-03-20 22:12:23 ----A---- C:\Windows\ntbtlog.txt
2012-03-20 21:58:54 ----AD---- C:\Windows\VDLL.DLL
2012-03-20 21:58:54 ----AD---- C:\Windows\SYSWOW64\runouce.exe
2012-03-20 21:58:54 ----AD---- C:\Windows\RUNDL132.EXE
2012-03-20 21:58:54 ----AD---- C:\Windows\logo_1.exe
2012-03-20 21:53:52 ----A---- C:\Windows\SYSWOW64\msvcr80.dll
2012-03-20 21:53:51 ----A---- C:\Windows\SYSWOW64\msvcp80.dll
2012-03-20 21:53:50 ----A---- C:\Windows\SYSWOW64\msvcp90.dll
2012-03-20 21:53:49 ----A---- C:\Windows\SYSWOW64\msvcr90.dll
2012-03-20 21:53:48 ----A---- C:\Windows\SYSWOW64\eEmpty.exe
2012-03-20 21:53:43 ----D---- C:\ProgramData\MicroWorld
2012-03-20 21:49:34 ----D---- C:\Users\Dada\AppData\Roaming\Download Manager
2012-03-15 19:11:28 ----D---- C:\Program Files (x86)\DExUS
2012-03-15 19:07:39 ----D---- C:\Program Files (x86)\GamePark
2012-03-15 08:20:12 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-03-15 08:20:11 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-03-15 08:20:11 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-03-14 16:49:07 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-14 16:49:07 ----A---- C:\Windows\system32\win32k.sys
2012-03-14 16:49:07 ----A---- C:\Windows\system32\DWrite.dll
2012-03-14 16:48:47 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-14 16:48:47 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-14 16:48:47 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-14 16:48:41 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-14 16:48:40 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-14 16:48:40 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-14 16:48:40 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-11 14:58:32 ----D---- C:\Users\Dada\AppData\Roaming\NVIDIA
2012-03-11 14:40:52 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2012-03-11 14:40:52 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2012-03-11 14:40:52 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2012-03-11 14:40:52 ----A---- C:\Windows\system32\XAudio2_7.dll
2012-03-11 14:40:52 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2012-03-11 14:40:52 ----A---- C:\Windows\system32\xactengine3_7.dll
2012-03-11 14:40:51 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2012-03-11 14:40:51 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2012-03-11 14:40:51 ----A---- C:\Windows\system32\d3dcsx_43.dll
2012-03-11 14:40:51 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2012-03-11 14:40:50 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2012-03-11 14:40:50 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2012-03-11 14:40:50 ----A---- C:\Windows\system32\d3dx11_43.dll
2012-03-11 14:40:50 ----A---- C:\Windows\system32\d3dx10_43.dll
2012-03-11 14:40:49 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2012-03-11 14:40:49 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2012-03-11 14:40:49 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2012-03-11 14:40:49 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-03-11 14:40:49 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-03-11 14:40:49 ----A---- C:\Windows\system32\D3DX9_43.dll
2012-03-11 14:40:48 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2012-03-11 14:40:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2012-03-11 14:40:48 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-03-11 14:40:48 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2012-03-11 14:40:47 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2012-03-11 14:40:47 ----A---- C:\Windows\system32\XAudio2_5.dll
2012-03-11 14:40:46 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2012-03-11 14:40:46 ----A---- C:\Windows\system32\xactengine3_5.dll
2012-03-11 14:40:45 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2012-03-11 14:40:45 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2012-03-11 14:40:45 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2012-03-11 14:40:45 ----A---- C:\Windows\system32\d3dx11_42.dll
2012-03-11 14:40:45 ----A---- C:\Windows\system32\d3dcsx_42.dll
2012-03-11 14:40:45 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2012-03-11 14:40:44 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2012-03-11 14:40:44 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2012-03-11 14:40:44 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2012-03-11 14:40:44 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2012-03-11 14:40:44 ----A---- C:\Windows\system32\D3DX9_42.dll
2012-03-11 14:40:44 ----A---- C:\Windows\system32\d3dx10_42.dll
2012-03-11 14:40:44 ----A---- C:\Windows\system32\d3dx10_41.dll
2012-03-11 14:40:44 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2012-03-11 14:40:43 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2012-03-11 14:40:43 ----A---- C:\Windows\system32\D3DX9_41.dll
2012-03-11 14:40:42 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2012-03-11 14:40:42 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2012-03-11 14:40:42 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2012-03-11 14:40:42 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2012-03-11 14:40:42 ----A---- C:\Windows\system32\XAudio2_4.dll
2012-03-11 14:40:42 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2012-03-11 14:40:42 ----A---- C:\Windows\system32\xactengine3_4.dll
2012-03-11 14:40:42 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2012-03-11 14:40:41 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2012-03-11 14:40:41 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2012-03-11 14:40:41 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2012-03-11 14:40:41 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2012-03-11 14:40:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2012-03-11 14:40:41 ----A---- C:\Windows\system32\XAudio2_3.dll
2012-03-11 14:40:41 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2012-03-11 14:40:41 ----A---- C:\Windows\system32\D3DX9_40.dll
2012-03-11 14:40:41 ----A---- C:\Windows\system32\d3dx10_40.dll
2012-03-11 14:40:41 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2012-03-11 14:40:40 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2012-03-11 14:40:40 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2012-03-11 14:40:40 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2012-03-11 14:40:40 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2012-03-11 14:40:40 ----A---- C:\Windows\system32\XAudio2_2.dll
2012-03-11 14:40:40 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2012-03-11 14:40:40 ----A---- C:\Windows\system32\xactengine3_3.dll
2012-03-11 14:40:40 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2012-03-11 14:40:39 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2012-03-11 14:40:39 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2012-03-11 14:40:39 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2012-03-11 14:40:39 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2012-03-11 14:40:39 ----A---- C:\Windows\system32\xactengine3_2.dll
2012-03-11 14:40:39 ----A---- C:\Windows\system32\D3DX9_39.dll
2012-03-11 14:40:39 ----A---- C:\Windows\system32\d3dx10_39.dll
2012-03-11 14:40:39 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-03-11 14:40:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\XAudio2_1.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\xactengine3_1.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\d3dx10_38.dll
2012-03-11 14:40:38 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2012-03-11 14:40:37 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-03-11 14:40:37 ----A---- C:\Windows\system32\D3DX9_38.dll
2012-03-11 14:39:32 ----D---- C:\Windows\SYSWOW64\directx
2012-03-11 14:38:35 ----D---- C:\ProgramData\NVIDIA
2012-03-11 14:38:21 ----A---- C:\Windows\system32\nvvsvc.exe
2012-03-11 14:38:21 ----A---- C:\Windows\system32\nvsvc64.dll
2012-03-11 14:38:21 ----A---- C:\Windows\system32\nvshext.dll
2012-03-11 14:38:21 ----A---- C:\Windows\system32\nvmctray.dll
2012-03-11 14:38:21 ----A---- C:\Windows\system32\nvcpl.dll
2012-03-11 14:37:47 ----D---- C:\ProgramData\NVIDIA Corporation
2012-03-11 14:37:40 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-03-11 14:36:52 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2012-03-11 14:36:52 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2012-03-11 14:36:52 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2012-03-11 14:36:52 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2012-03-11 14:36:52 ----A---- C:\Windows\system32\OpenCL.dll
2012-03-11 14:36:52 ----A---- C:\Windows\system32\nvwgf2umx.dll
2012-03-11 14:36:52 ----A---- C:\Windows\system32\nvumdshimx.dll
2012-03-11 14:36:52 ----A---- C:\Windows\system32\nvoglv64.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2012-03-11 14:36:51 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvinitx.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvgenco64.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvdispco64.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvdecodemft.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvd3dumx.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvcuvid.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvcuda.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvcompiler.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\nvapi64.dll
2012-03-11 14:36:51 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-03-11 14:21:06 ----A---- C:\Windows\system32\rtvcvfw32.dll
2012-03-11 13:11:27 ----RA---- C:\Windows\system32\drivers\Entech64.sys
2012-03-11 13:11:27 ----D---- C:\Windows\SYSWOW64\Futuremark
2012-03-11 13:11:08 ----D---- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2012-03-11 13:10:57 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-03-11 13:10:57 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2012-03-11 13:10:57 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-03-11 13:10:57 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-03-11 13:10:57 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-03-11 13:10:57 ----A---- C:\Windows\system32\XAudio2_0.dll
2012-03-11 13:10:57 ----A---- C:\Windows\system32\xactengine3_0.dll
2012-03-11 13:10:57 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2012-03-11 13:10:57 ----A---- C:\Windows\system32\d3dx10_37.dll
2012-03-11 13:10:57 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2012-03-11 13:10:56 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2012-03-11 13:10:56 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-03-11 13:10:56 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-03-11 13:10:56 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-03-11 13:10:56 ----A---- C:\Windows\system32\xactengine2_10.dll
2012-03-11 13:10:56 ----A---- C:\Windows\system32\D3DX9_37.dll
2012-03-11 13:10:56 ----A---- C:\Windows\system32\d3dx10_36.dll
2012-03-11 13:10:56 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2012-03-11 13:10:55 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2012-03-11 13:10:55 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-03-11 13:10:55 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-03-11 13:10:55 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-03-11 13:10:55 ----A---- C:\Windows\system32\xactengine2_9.dll
2012-03-11 13:10:55 ----A---- C:\Windows\system32\d3dx9_36.dll
2012-03-11 13:10:55 ----A---- C:\Windows\system32\d3dx10_35.dll
2012-03-11 13:10:55 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2012-03-11 13:10:54 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2012-03-11 13:10:54 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-03-11 13:10:54 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2012-03-11 13:10:54 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-03-11 13:10:54 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2012-03-11 13:10:54 ----A---- C:\Windows\system32\d3dx9_35.dll
2012-03-11 13:06:23 ----D---- C:\Windows\Sun
2012-03-07 02:29:37 ----D---- C:\Users\Dada\AppData\Roaming\SUPERAntiSpyware.com
2012-03-07 02:29:25 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-03-07 02:29:25 ----D---- C:\Program Files\SUPERAntiSpyware
2012-03-07 02:21:23 ----D---- C:\Users\Dada\AppData\Roaming\WinRAR
2012-03-06 20:36:46 ----A---- C:\Windows\system32\mshtmled.dll
2012-03-06 20:36:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-03-06 20:36:44 ----A---- C:\Windows\SYSWOW64\url.dll
2012-03-06 20:36:44 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-03-06 20:36:44 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-03-06 20:36:44 ----A---- C:\Windows\system32\url.dll
2012-03-06 20:36:44 ----A---- C:\Windows\system32\jscript9.dll
2012-03-06 20:36:44 ----A---- C:\Windows\system32\iertutil.dll
2012-03-06 20:36:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-03-06 20:36:43 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-03-06 20:36:43 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-03-06 20:36:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-03-06 20:36:43 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-03-06 20:36:43 ----A---- C:\Windows\system32\wininet.dll
2012-03-06 20:36:43 ----A---- C:\Windows\system32\urlmon.dll
2012-03-06 20:36:43 ----A---- C:\Windows\system32\jsproxy.dll
2012-03-06 20:36:43 ----A---- C:\Windows\system32\jscript.dll
2012-03-06 20:36:43 ----A---- C:\Windows\system32\ieui.dll
2012-03-06 20:36:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-03-06 20:36:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-03-06 20:36:41 ----A---- C:\Windows\system32\mshtml.dll
2012-03-06 20:36:41 ----A---- C:\Windows\system32\ieframe.dll
2012-03-05 10:36:46 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-03-05 10:36:41 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2012-03-05 10:35:18 ----A---- C:\Windows\system32\javaws.exe
2012-03-05 10:35:18 ----A---- C:\Windows\system32\javaw.exe
2012-03-05 10:35:18 ----A---- C:\Windows\system32\java.exe
2012-03-05 10:35:16 ----D---- C:\Program Files\Java
2012-03-05 10:34:27 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-03-05 10:34:27 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-03-05 10:34:27 ----A---- C:\Windows\system32\shell32.dll
2012-03-05 10:34:27 ----A---- C:\Windows\system32\ntshrui.dll
2012-03-05 10:34:20 ----A---- C:\Windows\system32\drivers\afd.sys
2012-03-05 10:34:15 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-03-05 10:34:15 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-03-05 10:34:15 ----A---- C:\Windows\system32\schannel.dll
2012-03-05 10:34:15 ----A---- C:\Windows\system32\msvcrt.dll
2012-03-05 10:34:15 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-03-05 10:34:13 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-03-05 10:34:13 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-03-05 10:34:13 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\webio.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\sspisrv.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\sspicli.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\secur32.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\lsass.exe
2012-03-05 10:34:13 ----A---- C:\Windows\system32\lsasrv.dll
2012-03-05 10:34:13 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-03-05 10:34:13 ----A---- C:\Windows\system32\drivers\cng.sys
2012-03-05 10:33:00 ----D---- C:\Program Files (x86)\Glary Utilities
2012-02-29 20:21:24 ----A---- C:\Windows\SYSWOW64\xfcodec.dll
2012-02-29 20:21:24 ----A---- C:\Windows\system32\xfcodec64.dll
======List of files/folders modified in the last 1 month======
2012-03-20 22:32:28 ----D---- C:\System odklon
2012-03-20 22:32:25 ----RD---- C:\Program Files
2012-03-20 22:26:43 ----D---- C:\ProgramData\Kaspersky Lab
2012-03-20 22:15:50 ----D---- C:\Users\Dada\AppData\Roaming\TZAC
2012-03-20 22:15:37 ----D---- C:\Windows\system32\config
2012-03-20 22:13:38 ----D---- C:\Windows
2012-03-20 22:13:20 ----D---- C:\Windows\inf
2012-03-20 22:12:29 ----D---- C:\Windows\system32\LogFiles
2012-03-20 22:12:25 ----D---- C:\Windows\System32
2012-03-20 21:58:54 ----D---- C:\Windows\SysWOW64
2012-03-20 21:54:44 ----A---- C:\Windows\win.ini
2012-03-20 21:53:45 ----D---- C:\Program Files (x86)\Common Files
2012-03-20 21:53:43 ----HD---- C:\ProgramData
2012-03-20 21:22:50 ----D---- C:\ProgramData\Xfire
2012-03-20 21:22:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-03-20 21:15:53 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-03-20 21:15:47 ----D---- C:\Users\Dada\AppData\Roaming\HLSW
2012-03-19 14:27:33 ----D---- C:\Users\Dada\AppData\Roaming\vlc
2012-03-17 13:20:45 ----D---- C:\Users\Dada\AppData\Roaming\Xfire
2012-03-17 12:54:23 ----D---- C:\Windows\SoftwareDistribution
2012-03-16 14:36:03 ----D---- C:\Windows\Temp
2012-03-15 23:21:24 ----D---- C:\Windows\system32\catroot2
2012-03-15 23:19:39 ----D---- C:\Windows\debug
2012-03-15 19:11:28 ----RD---- C:\Program Files (x86)
2012-03-15 08:21:25 ----D---- C:\Windows\winsxs
2012-03-15 08:20:47 ----D---- C:\Windows\system32\drivers
2012-03-15 08:20:13 ----D---- C:\Windows\system32\catroot
2012-03-15 08:19:42 ----A---- C:\Windows\system32\MRT.exe
2012-03-12 22:49:04 ----SD---- C:\ProgramData\Microsoft
2012-03-12 22:48:39 ----D---- C:\Windows\SYSWOW64\config
2012-03-12 22:48:39 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-03-11 21:29:07 ----D---- C:\Windows\Logs
2012-03-11 19:15:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-03-11 18:21:06 ----D---- C:\Windows\system32\Tasks
2012-03-11 15:03:57 ----D---- C:\Windows\LiveKernelReports
2012-03-11 14:39:31 ----SHD---- C:\Windows\Installer
2012-03-11 14:39:31 ----SHD---- C:\Config.Msi
2012-03-11 14:38:19 ----D---- C:\Windows\Help
2012-03-11 14:38:19 ----D---- C:\Program Files\NVIDIA Corporation
2012-03-11 14:37:25 ----D---- C:\Windows\system32\DriverStore
2012-03-11 13:10:44 ----RSD---- C:\Windows\assembly
2012-03-09 20:58:01 ----D---- C:\Windows\system32\wdi
2012-03-08 22:10:27 ----D---- C:\Windows\rescache
2012-03-08 21:55:14 ----D---- C:\Windows\Microsoft.NET
2012-03-06 20:42:23 ----D---- C:\Windows\SYSWOW64\migration
2012-03-06 20:42:23 ----D---- C:\Windows\system32\migration
2012-03-06 20:42:23 ----D---- C:\Program Files\Internet Explorer
2012-03-06 20:42:23 ----D---- C:\Program Files (x86)\Internet Explorer
2012-03-05 21:50:49 ----D---- C:\Users\Dada\AppData\Roaming\TS3Client
2012-03-05 11:13:51 ----D---- C:\Program Files (x86)\Xfire
2012-03-05 11:10:53 ----SD---- C:\Users\Dada\AppData\Roaming\Microsoft
2012-03-05 11:00:32 ----D---- C:\Windows\pss
2012-03-05 10:51:39 ----D---- C:\ProgramData\Logishrd
2012-03-05 10:51:39 ----D---- C:\Program Files\Windows Media Player
2012-03-05 10:51:39 ----D---- C:\Program Files (x86)\Windows Media Player
2012-03-05 10:37:42 ----D---- C:\Users\Dada\AppData\Roaming\DAEMON Tools Lite
2012-03-05 10:35:34 ----D---- C:\Program Files\CCleaner
2012-03-05 10:35:16 ----A---- C:\Windows\system32\npdeployJava1.dll
2012-03-05 10:35:16 ----A---- C:\Windows\system32\deployJava1.dll
2012-03-05 10:33:02 ----D---- C:\Windows\Tasks
2012-02-23 09:18:36 ----N---- C:\Windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2011-03-04 460888]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-05 283200]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2011-12-26 615728]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R3 Cardex;Cardex; \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [2007-03-16 15648]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-08-24 63568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-08-24 57936]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2010-08-24 41040]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
R3 tizekdrv;tizekdrv; \??\C:\Users\Dada\AppData\Roaming\TZAC\tizek64.sys [2011-12-26 241848]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\PhenomMsrTweaker\WinRing0x64.sys [2010-06-03 14544]
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
S3 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-10 889664]
R2 PhenomMsrTweaker;PhenomMsrTweaker service; C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe [2010-06-03 188416]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-12-27 75136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-12 140672]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-26 79360]
S4 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2010-01-27 286720]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-10-28 357456]
-----------------EOF-----------------