Neodstranitelne RootKity + Trojan.Gen.2

[Itchiga]

Zdravim :]

Muj problem je tento... Nedavno jsem nainstaloval nortona .. pote co jsem udelal full system scan a par zmen v nastaveni my zaclo vyskakovat neustale dokola

Kód: Vybrat vše

Full Path: c:\windows\installer\{4509e763-8ef6-d009-12e6-8f8f16bacd28}\u\80000032.@
Threat: Trojan.Gen.2
____________________________
____________________________
On computers as of 2.6.2012 at 22:04:13
Last Used 2.6.2012 at 22:04:13
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________

____________________________
File Actions
File: c:\windows\installer\{4509e763-8ef6-d009-12e6-8f8f16bacd28}\u\80000032.@
Blocked
____________________________
File Thumbprint - SHA:
1c1e376465a5624e75cb4e58b221e34acd79c74658ffd09916a2f0a1e2b944da
____________________________
File Thumbprint - MD5:
6de2078b3dafcad104f346c3deb1441b
____________________________

Kód: Vybrat vše

Full Path: c:\windows\installer\{4509e763-8ef6-d009-12e6-8f8f16bacd28}\u\80000000.@
Threat: Hacktool.Rootkit
____________________________
____________________________
On computers as of 2.6.2012 at 22:04:03
Last Used 2.6.2012 at 22:04:03
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________

____________________________
File Actions
File: c:\windows\installer\{4509e763-8ef6-d009-12e6-8f8f16bacd28}\u\80000000.@
Blocked
____________________________
File Thumbprint - SHA:
d9dc59c3f6e026874ea58888c54b597a8c080e446062c9c80be833649df04f29
____________________________
File Thumbprint - MD5:
3ba69999f27f85670cfa627204427584
____________________________

Restartoval jsem pc jak po mne norton chtel po "vyreseni" problemu , jenomze pri rebootu se "vyreseny" problem zase vratil a furt takhle dokola ... zkousel jsem i malwarebyte a ten my nasel

Kód: Vybrat vše

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [administrator]

Protection: Enabled

2.6.2012 21:18:22
mbam-log-2012-06-02 (21-18-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397431
Time elapsed: 40 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{4509e763-8ef6-d009-12e6-8f8f16bacd28}\L\00000008.@ (Trojan.BitMiner) -> Delete on reboot.
C:\Windows\Installer\{4509e763-8ef6-d009-12e6-8f8f16bacd28}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Setup\scripts\faXcooL.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
(end)

Osobne uz nevim co s timhle zmetkem delat , tak na doporuceni kamose posilam sem a doufam , ze budu mit stesti aspon tady :]

Diky za odpovedi , omlouvam se za gramatiku apd.

LOG [Take ... PC byl jiz 2x Obnoven z restore pointu kvuli nemoznosti nastartovat sys. windowws]

Kód: Vybrat vše

Logfile of random's system information tool 1.09 (written by random/random)
Run by *** at 2012-06-02 22:30:08
Microsoft Windows 7 Ultimate  Service Pack 1
System drive C: has 159 GB (70%) free of 226 GB
Total RAM: 4095 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:30:18, on 2.6.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\trend micro\Itchiga.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1948201437-3541623884-968502366-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1948201437-3541623884-968502366-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9213 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2e4
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe" /c /a /s UserSession
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d37f76d9-1262-4e9b-b0f9-efbf672e171a -SystemEventPortName:HostProcess-8de540e8-d916-4c4d-839b-973bbd85186e -IoCancelEventPortName:HostProcess-4698d1b8-b166-49ac-87cf-0aa2a410637b -NonStateChangingEventPortName:HostProcess-b9afe532-3846-40b4-993b-d157687959c8 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:603ac346-9c72-4169-8913-b49f669d3600
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Windows\System32\StikyNot.exe" 
"C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" 
"C:\Program Files (x86)\Origin\Origin.exe" 
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe" 
"C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/7/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/WarmSocketImpact/last_accessed_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="3440.1.28639140\620975928" /prefetch:3
"C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3440.2.649563116\1574560713" /prefetch:12
"C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Itchiga\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll" --lang=cs --channel="3440.3.1966021626\1177204561" /prefetch:4
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/7/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/WarmSocketImpact/last_accessed_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="3440.4.1346227158\990239408" /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\Itchiga\AppData\Local\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll" --lang=cs --channel="3440.5.944456219\1143624429" --flash-broker=4160 /prefetch:4
"C:\Users\Itchiga\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/7/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/WarmSocketImpact/last_accessed_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="3440.7.931451678\824516769" /prefetch:3
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" 
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Itchiga\Downloads\RSITx64.exe" 

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948201437-3541623884-968502366-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948201437-3541623884-968502366-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-05-08 1136568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll [2012-05-10 502200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL [2012-01-18 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll [2012-05-10 502200]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-05-08 1136568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-05-26 880496]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2012-05-26 1242448]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Itchiga\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-27 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-05-03 17355912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-02 22:29:02 ----D---- C:\rsit
2012-06-02 22:29:02 ----D---- C:\Program Files\trend micro
2012-06-02 21:16:21 ----D---- C:\Users\Itchiga\AppData\Roaming\Malwarebytes
2012-06-02 21:15:44 ----D---- C:\ProgramData\Malwarebytes
2012-06-02 21:15:43 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-02 21:15:43 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-06-02 20:43:30 ----SHD---- C:\Windows\SYSWOW64\%APPDATA%
2012-06-02 20:29:55 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-06-02 20:29:55 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-02 20:10:20 ----D---- C:\Program Files (x86)\Foxit Software
2012-06-02 18:27:34 ----A---- C:\Windows\system32\drivers\PCTBD64.sys
2012-06-02 18:27:34 ----A---- C:\Windows\BDTSupport.dll
2012-06-02 18:27:33 ----A---- C:\Windows\SGDetectionTool.dll
2012-06-02 18:27:33 ----A---- C:\Windows\PCTBDRes.dll
2012-06-02 18:27:33 ----A---- C:\Windows\PCTBDCore.dll
2012-06-02 18:25:41 ----D---- C:\Program Files (x86)\PC Tools
2012-06-02 18:20:26 ----A---- C:\Windows\system32\drivers\Cat.DB
2012-06-02 18:20:21 ----A---- C:\Windows\system32\drivers\PCTSD64.sys
2012-06-02 18:19:23 ----AD---- C:\ProgramData\TEMP
2012-06-02 18:19:22 ----D---- C:\Users\Itchiga\AppData\Roaming\TestApp
2012-06-02 18:19:22 ----D---- C:\ProgramData\PC Tools
2012-06-02 17:07:18 ----D---- C:\Users\Itchiga\AppData\Roaming\CDisplayEx
2012-06-02 17:05:24 ----D---- C:\Program Files (x86)\CDisplayEx
2012-06-02 16:11:30 ----D---- C:\ProgramData\Blizzard Entertainment
2012-06-02 16:08:59 ----D---- C:\ProgramData\Battle.net
2012-06-02 15:35:16 ----D---- C:\Program Files\7-Zip
2012-06-02 12:48:44 ----D---- C:\Program Files\Symantec
2012-06-02 12:48:44 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-06-02 12:48:44 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-02 12:47:55 ----D---- C:\Windows\system32\drivers\N360x64
2012-06-02 12:47:54 ----D---- C:\Program Files (x86)\Norton 360
2012-06-02 12:47:46 ----D---- C:\Program Files (x86)\NortonInstaller
2012-06-01 22:40:07 ----D---- C:\ProgramData\EA Core
2012-06-01 22:40:06 ----D---- C:\ProgramData\EA Logs
2012-06-01 21:49:45 ----D---- C:\ProgramData\Norton
2012-06-01 21:48:53 ----D---- C:\ProgramData\NortonInstaller
2012-06-01 16:39:52 ----D---- C:\Windows\Minidump
2012-05-29 19:18:28 ----SHD---- C:\Config.Msi
2012-05-29 19:14:15 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2012-05-29 19:14:15 ----A---- C:\Windows\system32\drivers\usbport.sys
2012-05-29 19:14:15 ----A---- C:\Windows\system32\drivers\usbohci.sys
2012-05-29 19:14:15 ----A---- C:\Windows\system32\drivers\usbhub.sys
2012-05-29 19:14:15 ----A---- C:\Windows\system32\drivers\usbehci.sys
2012-05-29 19:14:15 ----A---- C:\Windows\system32\drivers\usbd.sys
2012-05-29 19:14:15 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2012-05-29 19:14:12 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2012-05-29 19:14:12 ----A---- C:\Windows\SYSWOW64\esent.dll
2012-05-29 19:14:12 ----A---- C:\Windows\system32\fsutil.exe
2012-05-29 19:14:12 ----A---- C:\Windows\system32\esent.dll
2012-05-29 19:14:12 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2012-05-29 19:14:12 ----A---- C:\Windows\system32\drivers\storport.sys
2012-05-29 19:14:12 ----A---- C:\Windows\system32\drivers\nvstor.sys
2012-05-29 19:14:12 ----A---- C:\Windows\system32\drivers\nvraid.sys
2012-05-29 19:14:12 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-05-29 19:14:12 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2012-05-29 19:14:12 ----A---- C:\Windows\system32\drivers\amdxata.sys
2012-05-29 19:14:12 ----A---- C:\Windows\system32\drivers\amdsata.sys
2012-05-29 18:20:16 ----D---- C:\Users\Itchiga\AppData\Roaming\Notepad++
2012-05-29 18:20:16 ----D---- C:\Program Files (x86)\Notepad++
2012-05-28 22:51:50 ----D---- C:\Program Files\Microsoft Help Viewer
2012-05-28 22:50:26 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-05-28 22:49:26 ----D---- C:\Windows\PCHEALTH
2012-05-28 22:37:59 ----D---- C:\Windows\SYSWOW64\BestPractices
2012-05-28 22:37:59 ----D---- C:\Windows\system32\BestPractices
2012-05-28 22:37:58 ----D---- C:\inetpub
2012-05-28 22:35:05 ----D---- C:\Program Files (x86)\Microsoft WebMatrix
2012-05-28 22:01:56 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-05-28 22:01:53 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-05-28 21:49:29 ----D---- C:\Program Files (x86)\Microsoft ASP.NET
2012-05-28 21:49:06 ----D---- C:\Program Files (x86)\Microsoft
2012-05-28 21:49:05 ----D---- C:\Program Files\Microsoft
2012-05-28 21:48:58 ----D---- C:\Program Files (x86)\IIS Express
2012-05-28 21:48:50 ----D---- C:\Program Files\IIS
2012-05-28 21:48:50 ----D---- C:\Program Files (x86)\IIS
2012-05-28 21:32:28 ----D---- C:\Windows\SYSWOW64\1033
2012-05-28 21:32:08 ----D---- C:\Program Files\Microsoft SQL Server
2012-05-28 21:32:08 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2012-05-28 21:18:18 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2012-05-28 21:18:16 ----D---- C:\Windows\system32\1033
2012-05-28 21:18:10 ----D---- C:\Program Files (x86)\Microsoft SDKs
2012-05-28 21:16:19 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-05-28 21:15:09 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-05-28 21:09:07 ----D---- C:\ProgramData\Package Cache
2012-05-28 15:29:16 ----D---- C:\ProgramData\SEGA Corporation
2012-05-28 15:10:14 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2012-05-28 15:09:31 ----D---- C:\Program Files\Adobe
2012-05-28 15:05:59 ----D---- C:\Program Files\Common Files\Adobe
2012-05-27 23:07:47 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-05-27 23:07:34 ----D---- C:\Program Files (x86)\SEGA
2012-05-27 23:07:33 ----D---- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-05-27 23:04:05 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-05-27 18:23:34 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2012-05-27 18:23:34 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2012-05-27 18:23:34 ----A---- C:\Windows\system32\XAudio2_7.dll
2012-05-27 18:23:34 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2012-05-27 18:23:33 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2012-05-27 18:23:33 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2012-05-27 18:23:33 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2012-05-27 18:23:33 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2012-05-27 18:23:33 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2012-05-27 18:23:33 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2012-05-27 18:23:33 ----A---- C:\Windows\system32\xactengine3_7.dll
2012-05-27 18:23:33 ----A---- C:\Windows\system32\D3DX9_43.dll
2012-05-27 18:23:33 ----A---- C:\Windows\system32\d3dx11_43.dll
2012-05-27 18:23:33 ----A---- C:\Windows\system32\d3dx10_43.dll
2012-05-27 18:23:33 ----A---- C:\Windows\system32\d3dcsx_43.dll
2012-05-27 18:23:33 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2012-05-27 18:23:32 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2012-05-27 18:23:32 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2012-05-27 18:23:32 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-05-27 18:23:32 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-05-27 18:23:31 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2012-05-27 18:23:31 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2012-05-27 18:23:31 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-05-27 18:23:31 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2012-05-27 18:23:30 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2012-05-27 18:23:30 ----A---- C:\Windows\system32\XAudio2_5.dll
2012-05-27 18:23:29 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2012-05-27 18:23:29 ----A---- C:\Windows\system32\xactengine3_5.dll
2012-05-27 18:23:28 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2012-05-27 18:23:28 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2012-05-27 18:23:28 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2012-05-27 18:23:28 ----A---- C:\Windows\system32\d3dx11_42.dll
2012-05-27 18:23:28 ----A---- C:\Windows\system32\d3dcsx_42.dll
2012-05-27 18:23:28 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2012-05-27 18:23:27 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2012-05-27 18:23:27 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2012-05-27 18:23:27 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2012-05-27 18:23:27 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2012-05-27 18:23:27 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2012-05-27 18:23:27 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2012-05-27 18:23:27 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2012-05-27 18:23:27 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2012-05-27 18:23:27 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2012-05-27 18:23:27 ----A---- C:\Windows\system32\XAudio2_4.dll
2012-05-27 18:23:27 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2012-05-27 18:23:27 ----A---- C:\Windows\system32\xactengine3_4.dll
2012-05-27 18:23:27 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2012-05-27 18:23:27 ----A---- C:\Windows\system32\D3DX9_42.dll
2012-05-27 18:23:27 ----A---- C:\Windows\system32\D3DX9_41.dll
2012-05-27 18:23:27 ----A---- C:\Windows\system32\d3dx10_42.dll
2012-05-27 18:23:27 ----A---- C:\Windows\system32\d3dx10_41.dll
2012-05-27 18:23:27 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2012-05-27 18:23:26 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2012-05-27 18:23:26 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2012-05-27 18:23:26 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2012-05-27 18:23:26 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2012-05-27 18:23:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2012-05-27 18:23:26 ----A---- C:\Windows\system32\XAudio2_3.dll
2012-05-27 18:23:26 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2012-05-27 18:23:26 ----A---- C:\Windows\system32\D3DX9_40.dll
2012-05-27 18:23:26 ----A---- C:\Windows\system32\d3dx10_40.dll
2012-05-27 18:23:26 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2012-05-27 18:23:25 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2012-05-27 18:23:25 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2012-05-27 18:23:25 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2012-05-27 18:23:25 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2012-05-27 18:23:25 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2012-05-27 18:23:25 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2012-05-27 18:23:25 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2012-05-27 18:23:25 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2012-05-27 18:23:25 ----A---- C:\Windows\system32\XAudio2_2.dll
2012-05-27 18:23:25 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2012-05-27 18:23:25 ----A---- C:\Windows\system32\xactengine3_3.dll
2012-05-27 18:23:25 ----A---- C:\Windows\system32\xactengine3_2.dll
2012-05-27 18:23:25 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2012-05-27 18:23:25 ----A---- C:\Windows\system32\D3DX9_39.dll
2012-05-27 18:23:25 ----A---- C:\Windows\system32\d3dx10_39.dll
2012-05-27 18:23:25 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2012-05-27 18:23:24 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-05-27 18:23:24 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-05-27 18:23:24 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2012-05-27 18:23:24 ----A---- C:\Windows\system32\XAudio2_1.dll
2012-05-27 18:23:24 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2012-05-27 18:23:24 ----A---- C:\Windows\system32\xactengine3_1.dll
2012-05-27 18:23:23 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-05-27 18:23:23 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2012-05-27 18:23:23 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-05-27 18:23:23 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-05-27 18:23:23 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-05-27 18:23:23 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-05-27 18:23:23 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-05-27 18:23:23 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-05-27 18:23:23 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-05-27 18:23:23 ----A---- C:\Windows\system32\XAudio2_0.dll
2012-05-27 18:23:23 ----A---- C:\Windows\system32\xactengine3_0.dll
2012-05-27 18:23:23 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2012-05-27 18:23:23 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2012-05-27 18:23:23 ----A---- C:\Windows\system32\D3DX9_38.dll
2012-05-27 18:23:23 ----A---- C:\Windows\system32\d3dx10_38.dll
2012-05-27 18:23:23 ----A---- C:\Windows\system32\d3dx10_37.dll
2012-05-27 18:23:23 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2012-05-27 18:23:23 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2012-05-27 18:23:22 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2012-05-27 18:23:22 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-05-27 18:23:22 ----A---- C:\Windows\system32\xactengine2_10.dll
2012-05-27 18:23:22 ----A---- C:\Windows\system32\D3DX9_37.dll
2012-05-27 18:23:21 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2012-05-27 18:23:21 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-05-27 18:23:21 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-05-27 18:23:21 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-05-27 18:23:21 ----A---- C:\Windows\system32\xactengine2_9.dll
2012-05-27 18:23:21 ----A---- C:\Windows\system32\d3dx9_36.dll
2012-05-27 18:23:21 ----A---- C:\Windows\system32\d3dx10_36.dll
2012-05-27 18:23:21 ----A---- C:\Windows\system32\d3dx10_35.dll
2012-05-27 18:23:21 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2012-05-27 18:23:21 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2012-05-27 18:23:20 ----A---- C:\Windows\system32\d3dx9_35.dll
2012-05-27 18:23:19 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2012-05-27 18:23:19 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-05-27 18:23:19 ----A---- C:\Windows\system32\xinput1_3.dll
2012-05-27 18:23:19 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-05-27 18:23:19 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2012-05-27 18:23:19 ----A---- C:\Windows\system32\d3dx9_34.dll
2012-05-27 18:23:19 ----A---- C:\Windows\system32\d3dx10_34.dll
2012-05-27 18:23:19 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2012-05-27 18:23:18 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2012-05-27 18:23:18 ----A---- C:\Windows\system32\xactengine2_7.dll
2012-05-27 18:23:17 ----A---- C:\Windows\system32\d3dx10_33.dll
2012-05-27 18:23:17 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2012-05-27 18:23:16 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2012-05-27 18:23:16 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2012-05-27 18:23:16 ----A---- C:\Windows\system32\xactengine2_6.dll
2012-05-27 18:23:16 ----A---- C:\Windows\system32\xactengine2_5.dll
2012-05-27 18:23:16 ----A---- C:\Windows\system32\d3dx9_33.dll
2012-05-27 18:23:15 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2012-05-27 18:23:15 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2012-05-27 18:23:15 ----A---- C:\Windows\system32\xactengine2_4.dll
2012-05-27 18:23:15 ----A---- C:\Windows\system32\x3daudio1_1.dll
2012-05-27 18:23:15 ----A---- C:\Windows\system32\d3dx9_32.dll
2012-05-27 18:23:15 ----A---- C:\Windows\system32\d3dx9_31.dll
2012-05-27 18:23:15 ----A---- C:\Windows\system32\d3dx10.dll
2012-05-27 18:23:14 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2012-05-27 18:23:14 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2012-05-27 18:23:14 ----A---- C:\Windows\system32\xinput1_2.dll
2012-05-27 18:23:14 ----A---- C:\Windows\system32\xinput1_1.dll
2012-05-27 18:23:14 ----A---- C:\Windows\system32\xactengine2_3.dll
2012-05-27 18:23:14 ----A---- C:\Windows\system32\xactengine2_2.dll
2012-05-27 18:23:13 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2012-05-27 18:23:13 ----A---- C:\Windows\system32\xactengine2_1.dll
2012-05-27 18:23:12 ----A---- C:\Windows\system32\d3dx9_30.dll
2012-05-27 18:23:11 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2012-05-27 18:23:11 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2012-05-27 18:23:11 ----A---- C:\Windows\system32\xactengine2_0.dll
2012-05-27 18:23:11 ----A---- C:\Windows\system32\x3daudio1_0.dll
2012-05-27 18:23:11 ----A---- C:\Windows\system32\d3dx9_29.dll
2012-05-27 18:23:10 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2012-05-27 18:23:10 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2012-05-27 18:23:10 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2012-05-27 18:23:10 ----A---- C:\Windows\system32\d3dx9_28.dll
2012-05-27 18:23:10 ----A---- C:\Windows\system32\d3dx9_27.dll
2012-05-27 18:23:10 ----A---- C:\Windows\system32\d3dx9_26.dll
2012-05-27 18:23:10 ----A---- C:\Windows\system32\d3dx9_25.dll
2012-05-27 18:23:09 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2012-05-27 18:23:09 ----A---- C:\Windows\system32\d3dx9_24.dll
2012-05-27 17:58:40 ----D---- C:\Program Files (x86)\Origin Games
2012-05-27 17:58:33 ----D---- C:\Users\Itchiga\AppData\Roaming\Origin
2012-05-27 17:58:24 ----D---- C:\ProgramData\Origin
2012-05-27 17:58:24 ----D---- C:\ProgramData\Electronic Arts
2012-05-27 17:58:07 ----D---- C:\Program Files (x86)\Origin
2012-05-27 14:09:09 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2012-05-27 14:09:07 ----D---- C:\Users\Itchiga\AppData\Roaming\SystemRequirementsLab
2012-05-27 14:08:50 ----D---- C:\ProgramData\Sun
2012-05-27 14:08:20 ----D---- C:\Program Files (x86)\Oracle
2012-05-27 14:08:01 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-05-27 14:08:00 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2012-05-27 14:08:00 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-05-27 14:07:56 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-05-27 14:07:56 ----A---- C:\Windows\SYSWOW64\java.exe
2012-05-27 14:07:52 ----D---- C:\Program Files (x86)\Java
2012-05-27 13:08:07 ----D---- C:\Users\Itchiga\AppData\Roaming\NVIDIA
2012-05-27 13:00:09 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-05-27 13:00:06 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2012-05-27 13:00:03 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2012-05-27 13:00:03 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-05-27 13:00:03 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-05-27 13:00:02 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2012-05-27 13:00:02 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2012-05-27 13:00:02 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2012-05-27 13:00:02 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2012-05-27 13:00:02 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2012-05-27 13:00:02 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2012-05-27 13:00:02 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2012-05-27 13:00:02 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2012-05-27 13:00:02 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2012-05-27 13:00:01 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2012-05-27 13:00:01 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2012-05-27 13:00:01 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2012-05-27 13:00:01 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2012-05-27 13:00:01 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2012-05-27 13:00:01 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2012-05-27 12:23:09 ----D---- C:\Users\Itchiga\AppData\Roaming\com.coursevector.minerva.4B7C391846352DEBEB1247C875B4670B2F776CD0.1
2012-05-27 12:23:07 ----D---- C:\Program Files (x86)\Course Vector
2012-05-27 12:21:49 ----D---- C:\ProgramData\Adobe
2012-05-27 12:21:08 ----D---- C:\Program Files (x86)\Adobe
2012-05-27 10:59:44 ----A---- C:\Windows\system32\drivers\sptd.sys
2012-05-27 10:59:29 ----D---- C:\Users\Itchiga\AppData\Roaming\DAEMON Tools Lite
2012-05-27 10:59:27 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2012-05-27 10:50:57 ----D---- C:\ProgramData\DAEMON Tools Lite
2012-05-27 10:49:25 ----D---- C:\Users\Itchiga\AppData\Roaming\WinRAR
2012-05-27 10:49:22 ----D---- C:\Program Files\WinRAR
2012-05-27 04:57:47 ----D---- C:\Windows\Panther
2012-05-27 04:57:36 ----RASH---- C:\BOOTSECT.BAK
2012-05-27 04:57:34 ----SHD---- C:\Boot
2012-05-27 04:01:19 ----D---- C:\Windows\SoftwareDistribution
2012-05-27 03:59:12 ----D---- C:\Windows\Prefetch
2012-05-27 03:58:33 ----ASH---- C:\pagefile.sys
2012-05-27 03:58:32 ----ASH---- C:\hiberfil.sys
2012-05-27 03:58:31 ----SHD---- C:\System Volume Information
2012-05-26 23:00:48 ----D---- C:\Users\Itchiga\AppData\Roaming\AIMP3
2012-05-26 23:00:47 ----D---- C:\Program Files (x86)\AIMP3
2012-05-26 22:16:00 ----D---- C:\ProgramData\NVIDIA
2012-05-26 22:15:52 ----A---- C:\Windows\system32\nvvsvc.exe
2012-05-26 22:15:52 ----A---- C:\Windows\system32\nvsvc64.dll
2012-05-26 22:15:52 ----A---- C:\Windows\system32\nvshext.dll
2012-05-26 22:15:52 ----A---- C:\Windows\system32\nvmctray.dll
2012-05-26 22:15:52 ----A---- C:\Windows\system32\nvcpl.dll
2012-05-26 22:15:07 ----A---- C:\Windows\system32\nvoglv64.dll
2012-05-26 22:15:06 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2012-05-26 22:15:06 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2012-05-26 22:15:06 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2012-05-26 22:15:06 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2012-05-26 22:15:06 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2012-05-26 22:15:06 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2012-05-26 22:15:06 ----A---- C:\Windows\system32\nvd3dumx.dll
2012-05-26 22:15:06 ----A---- C:\Windows\system32\nvcuvid.dll
2012-05-26 22:15:06 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-05-26 22:15:06 ----A---- C:\Windows\system32\nvcuda.dll
2012-05-26 22:15:06 ----A---- C:\Windows\system32\nvcompiler.dll
2012-05-26 22:15:06 ----A---- C:\Windows\system32\nvapi64.dll
2012-05-26 22:15:06 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-05-26 22:14:17 ----D---- C:\NVIDIA
2012-05-26 22:07:47 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-05-26 22:07:44 ----D---- C:\Windows\system32\appmgmt
2012-05-26 21:11:53 ----D---- C:\Program Files (x86)\Steam
2012-05-26 21:02:13 ----D---- C:\Program Files\CCleaner
2012-05-26 20:06:17 ----A---- C:\Windows\system32\perfi011.dat
2012-05-26 20:06:17 ----A---- C:\Windows\system32\perfi005.dat
2012-05-26 20:06:17 ----A---- C:\Windows\system32\perfh011.dat
2012-05-26 20:06:17 ----A---- C:\Windows\system32\perfh005.dat
2012-05-26 20:06:17 ----A---- C:\Windows\system32\perfd011.dat
2012-05-26 20:06:17 ----A---- C:\Windows\system32\perfd005.dat
2012-05-26 20:06:17 ----A---- C:\Windows\system32\perfc011.dat
2012-05-26 20:06:17 ----A---- C:\Windows\system32\perfc005.dat
2012-05-26 20:02:27 ----D---- C:\Windows\ja-JP
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\ja
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\drivers\ja-JP
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\0411
2012-05-26 20:02:10 ----D---- C:\Windows\system32\ja
2012-05-26 20:02:10 ----D---- C:\Windows\system32\drivers\ja-JP
2012-05-26 20:02:10 ----D---- C:\Windows\system32\0411
2012-05-26 20:01:51 ----D---- C:\Windows\SYSWOW64\cs
2012-05-26 20:01:46 ----D---- C:\Windows\SYSWOW64\XPSViewer
2012-05-26 20:01:46 ----D---- C:\Windows\SYSWOW64\drivers\cs-CZ
2012-05-26 20:01:46 ----D---- C:\Windows\cs-CZ
2012-05-26 20:01:45 ----D---- C:\Windows\system32\cs
2012-05-26 20:01:39 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-05-26 19:59:15 ----A---- C:\Windows\system32\MRT.exe
2012-05-26 19:52:49 ----A---- C:\Windows\SYSWOW64\lzhfldr2.dll
2012-05-26 19:52:49 ----A---- C:\Windows\system32\lzhfldr2.dll
2012-05-26 19:51:04 ----D---- C:\Windows\SYSWOW64\RTCOM
2012-05-26 19:46:48 ----D---- C:\ProgramData\NVIDIA Corporation
2012-05-26 19:46:41 ----D---- C:\Program Files\NVIDIA Corporation
2012-05-26 19:41:59 ----D---- C:\Program Files (x86)\PANDORA.TV
2012-05-26 19:41:51 ----D---- C:\Program Files (x86)\The KMPlayer
2012-05-26 19:41:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-05-26 19:41:42 ----A---- C:\Windows\system32\mshtmled.dll
2012-05-26 19:41:41 ----A---- C:\Windows\SYSWOW64\url.dll
2012-05-26 19:41:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-05-26 19:41:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-05-26 19:41:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-05-26 19:41:41 ----A---- C:\Windows\system32\url.dll
2012-05-26 19:41:41 ----A---- C:\Windows\system32\jscript9.dll
2012-05-26 19:41:41 ----A---- C:\Windows\system32\ieui.dll
2012-05-26 19:41:41 ----A---- C:\Windows\system32\iertutil.dll
2012-05-26 19:41:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-05-26 19:41:40 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-05-26 19:41:40 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-05-26 19:41:40 ----A---- C:\Windows\system32\urlmon.dll
2012-05-26 19:41:40 ----A---- C:\Windows\system32\jsproxy.dll
2012-05-26 19:41:40 ----A---- C:\Windows\system32\jscript.dll
2012-05-26 19:41:39 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-05-26 19:41:39 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-05-26 19:41:39 ----A---- C:\Windows\system32\wininet.dll
2012-05-26 19:41:38 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-05-26 19:41:38 ----A---- C:\Windows\system32\mshtml.dll
2012-05-26 19:41:37 ----A---- C:\Windows\system32\ieframe.dll
2012-05-26 19:40:53 ----D---- C:\Users\Itchiga\AppData\Roaming\Macromedia
2012-05-26 19:40:51 ----D---- C:\Users\Itchiga\AppData\Roaming\Adobe
2012-05-26 19:40:20 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-05-26 19:39:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-26 19:39:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-26 19:39:22 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-26 19:34:00 ----D---- C:\Windows\SYSWOW64\Macromed
2012-05-26 19:34:00 ----D---- C:\Windows\system32\Macromed
2012-05-26 19:28:21 ----D---- C:\Program Files (x86)\uTorrent
2012-05-26 19:27:38 ----D---- C:\Users\Itchiga\AppData\Roaming\uTorrent
2012-05-26 19:26:43 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2012-05-26 19:26:43 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2012-05-26 19:26:43 ----A---- C:\Windows\system32\d3d10_1.dll
2012-05-26 19:26:42 ----A---- C:\Windows\SYSWOW64\explorer.exe
2012-05-26 19:26:42 ----A---- C:\Windows\explorer.exe
2012-05-26 19:26:35 ----A---- C:\Windows\SYSWOW64\tquery.dll
2012-05-26 19:26:35 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2012-05-26 19:26:35 ----A---- C:\Windows\system32\tquery.dll
2012-05-26 19:26:35 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2012-05-26 19:26:35 ----A---- C:\Windows\system32\SearchIndexer.exe
2012-05-26 19:26:35 ----A---- C:\Windows\system32\mssrch.dll
2012-05-26 19:26:34 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2012-05-26 19:26:34 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2012-05-26 19:26:34 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2012-05-26 19:26:34 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2012-05-26 19:26:34 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2012-05-26 19:26:34 ----A---- C:\Windows\SYSWOW64\mssph.dll
2012-05-26 19:26:34 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2012-05-26 19:26:34 ----A---- C:\Windows\system32\SearchFilterHost.exe
2012-05-26 19:26:34 ----A---- C:\Windows\system32\mssvp.dll
2012-05-26 19:26:34 ----A---- C:\Windows\system32\mssphtb.dll
2012-05-26 19:26:34 ----A---- C:\Windows\system32\mssph.dll
2012-05-26 19:26:34 ----A---- C:\Windows\system32\msscntrs.dll
2012-05-26 19:26:30 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2012-05-26 19:26:30 ----A---- C:\Windows\system32\XpsPrint.dll
2012-05-26 19:26:28 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-05-26 19:26:28 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-05-26 19:26:28 ----A---- C:\Windows\system32\shell32.dll
2012-05-26 19:26:28 ----A---- C:\Windows\system32\ntshrui.dll
2012-05-26 19:26:24 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2012-05-26 19:26:24 ----A---- C:\Windows\system32\poqexec.exe
2012-05-26 19:26:23 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2012-05-26 19:26:23 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2012-05-26 19:26:20 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2012-05-26 19:26:20 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2012-05-26 19:26:20 ----A---- C:\Windows\SYSWOW64\devobj.dll
2012-05-26 19:26:20 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2012-05-26 19:26:20 ----A---- C:\Windows\system32\umpnpmgr.dll
2012-05-26 19:26:18 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-26 19:26:18 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2012-05-26 19:26:18 ----A---- C:\Windows\system32\FntCache.dll
2012-05-26 19:26:18 ----A---- C:\Windows\system32\DWrite.dll
2012-05-26 19:26:18 ----A---- C:\Windows\system32\d2d1.dll
2012-05-26 19:26:15 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2012-05-26 19:26:15 ----A---- C:\Windows\system32\xmllite.dll
2012-05-26 19:26:06 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-05-26 19:26:06 ----A---- C:\Windows\system32\tzres.dll
2012-05-26 19:26:01 ----A---- C:\Windows\system32\winresume.exe
2012-05-26 19:26:01 ----A---- C:\Windows\system32\winload.exe
2012-05-26 19:26:01 ----A---- C:\Windows\system32\kdusb.dll
2012-05-26 19:26:01 ----A---- C:\Windows\system32\kdcom.dll
2012-05-26 19:26:01 ----A---- C:\Windows\system32\kd1394.dll
2012-05-26 19:24:12 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2012-05-26 19:24:12 ----A---- C:\Windows\system32\prevhost.exe
2012-05-26 19:19:59 ----D---- C:\Users\Itchiga\AppData\Roaming\Skype
2012-05-26 19:19:55 ----RD---- C:\Program Files (x86)\Skype
2012-05-26 19:19:53 ----D---- C:\ProgramData\Skype
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\wextract.exe
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\occache.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\msrating.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\msls31.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\mshta.exe
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\inseng.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\icardie.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2012-05-26 19:16:46 ----A---- C:\Windows\SYSWOW64\admparse.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\wextract.exe
2012-05-26 19:16:45 ----A---- C:\Windows\system32\webcheck.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\vbscript.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2012-05-26 19:16:45 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2012-05-26 19:16:45 ----A---- C:\Windows\system32\pngfilt.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\occache.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\msrating.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\msls31.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\mshtmler.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\mshta.exe
2012-05-26 19:16:45 ----A---- C:\Windows\system32\msfeedssync.exe
2012-05-26 19:16:45 ----A---- C:\Windows\system32\msfeedsbs.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\msfeeds.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\licmgr10.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\inseng.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\imgutil.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\iexpress.exe
2012-05-26 19:16:45 ----A---- C:\Windows\system32\ieUnatt.exe
2012-05-26 19:16:45 ----A---- C:\Windows\system32\iesysprep.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\iesetup.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\iernonce.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\iepeers.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\iedkcs32.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\ieapfltr.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\ieapfltr.dat
2012-05-26 19:16:45 ----A---- C:\Windows\system32\ieakui.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\ieaksie.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\ieakeng.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\IEAdvpack.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\ie4uinit.exe
2012-05-26 19:16:45 ----A---- C:\Windows\system32\icardie.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\dxtrans.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\dxtmsft.dll
2012-05-26 19:16:45 ----A---- C:\Windows\system32\admparse.dll
2012-05-26 19:15:06 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-26 19:15:00 ----SHD---- C:\Windows\Installer
2012-05-26 19:10:37 ----D---- C:\Users\Itchiga\AppData\Roaming\Identities
2012-05-26 19:10:20 ----SD---- C:\Users\Itchiga\AppData\Roaming\Microsoft
2012-05-26 19:10:20 ----D---- C:\Users\Itchiga\AppData\Roaming\Media Center Programs
2012-05-26 19:09:08 ----D---- C:\Windows\SYSWOW64\Wat
2012-05-26 19:09:08 ----D---- C:\Windows\system32\Wat
2012-05-26 19:08:44 ----SHD---- C:\Recovery
2012-05-15 02:21:50 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe

======List of files/folders modified in the last 1 month======

2012-06-02 22:29:02 ----RD---- C:\Program Files
2012-06-02 22:28:32 ----D---- C:\Windows\Temp
2012-06-02 22:17:11 ----D---- C:\Windows\system32\config
2012-06-02 22:13:49 ----D---- C:\Windows
2012-06-02 21:15:44 ----HD---- C:\ProgramData
2012-06-02 21:15:43 ----RD---- C:\Program Files (x86)
2012-06-02 21:15:43 ----D---- C:\Windows\system32\drivers
2012-06-02 20:43:30 ----D---- C:\Windows\SysWOW64
2012-06-02 20:34:38 ----D---- C:\Windows\system32\drivers\etc
2012-06-02 18:20:21 ----D---- C:\Program Files (x86)\Common Files
2012-06-02 13:22:05 ----D---- C:\Windows\System32
2012-06-02 13:22:05 ----D---- C:\Windows\inf
2012-06-02 13:22:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-02 13:20:02 ----D---- C:\Windows\system32\Tasks
2012-06-02 12:48:44 ----D---- C:\Program Files\Common Files
2012-06-02 02:38:48 ----D---- C:\Windows\Tasks
2012-06-02 02:38:48 ----D---- C:\Windows\system32\wfp
2012-06-02 02:38:48 ----D---- C:\Windows\system32\catroot2
2012-06-02 02:38:14 ----D---- C:\Windows\system32\wbem
2012-06-02 02:38:13 ----D---- C:\Windows\registration
2012-06-01 23:18:46 ----D---- C:\Windows\system32\drivers\UMDF
2012-06-01 23:16:49 ----D---- C:\Windows\Microsoft.NET
2012-06-01 23:15:22 ----RSD---- C:\Windows\assembly
2012-06-01 22:39:15 ----D---- C:\Windows\winsxs
2012-06-01 16:40:37 ----D---- C:\Windows\SYSWOW64\ja-JP
2012-06-01 16:40:37 ----D---- C:\Windows\system32\ja-JP
2012-06-01 16:40:36 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-06-01 16:40:36 ----D---- C:\Windows\system32\cs-CZ
2012-06-01 16:40:36 ----D---- C:\Program Files\Internet Explorer
2012-06-01 16:40:36 ----D---- C:\Program Files (x86)\Internet Explorer
2012-06-01 16:40:34 ----D---- C:\Windows\SYSWOW64\en-US
2012-06-01 16:40:34 ----D---- C:\Windows\system32\en-US
2012-06-01 16:40:33 ----D---- C:\Windows\system32\DriverStore
2012-05-30 00:19:43 ----D---- C:\Windows\system32\LogFiles
2012-05-29 19:17:57 ----D---- C:\Windows\system32\catroot
2012-05-29 19:17:33 ----D---- C:\Windows\Logs
2012-05-29 19:16:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-05-28 23:05:38 ----SD---- C:\ProgramData\Microsoft
2012-05-28 23:01:09 ----D---- C:\Program Files\MSBuild
2012-05-28 22:38:57 ----RD---- C:\Users
2012-05-28 22:38:00 ----D---- C:\Windows\SYSWOW64\migration
2012-05-28 22:38:00 ----D---- C:\Windows\SYSWOW64\inetsrv
2012-05-28 22:37:59 ----D---- C:\Windows\system32\migration
2012-05-28 22:37:59 ----D---- C:\Windows\system32\inetsrv
2012-05-28 21:47:00 ----RSD---- C:\Windows\Fonts
2012-05-28 21:43:01 ----D---- C:\Program Files (x86)\MSBuild
2012-05-28 20:55:25 ----D---- C:\Windows\system32\wdi
2012-05-27 09:31:21 ----D---- C:\Windows\rescache
2012-05-27 04:57:18 ----D---- C:\Windows\Setup
2012-05-27 03:59:06 ----D---- C:\Windows\CSC
2012-05-26 22:15:52 ----D---- C:\Windows\Help
2012-05-26 20:02:28 ----D---- C:\Program Files (x86)\Windows Sidebar
2012-05-26 20:02:28 ----D---- C:\Program Files (x86)\Windows Mail
2012-05-26 20:02:27 ----D---- C:\Windows\servicing
2012-05-26 20:02:27 ----D---- C:\Windows\ehome
2012-05-26 20:02:27 ----D---- C:\Program Files\Windows Sidebar
2012-05-26 20:02:27 ----D---- C:\Program Files\Windows Photo Viewer
2012-05-26 20:02:27 ----D---- C:\Program Files\Windows Media Player
2012-05-26 20:02:27 ----D---- C:\Program Files\Windows Mail
2012-05-26 20:02:27 ----D---- C:\Program Files\Windows Journal
2012-05-26 20:02:27 ----D---- C:\Program Files\Windows Defender
2012-05-26 20:02:27 ----D---- C:\Program Files\DVD Maker
2012-05-26 20:02:27 ----D---- C:\Program Files\Common Files\System
2012-05-26 20:02:27 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2012-05-26 20:02:27 ----D---- C:\Program Files (x86)\Windows Media Player
2012-05-26 20:02:27 ----D---- C:\Program Files (x86)\Windows Defender
2012-05-26 20:02:24 ----D---- C:\Windows\SYSWOW64\winrm
2012-05-26 20:02:24 ----D---- C:\Windows\SYSWOW64\oobe
2012-05-26 20:02:24 ----D---- C:\Windows\SYSWOW64\migwiz
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\WCN
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\sysprep
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\slmgr
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\Setup
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\Printing_Admin_Scripts
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\MUI
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\DriverStore
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\drivers\UMDF
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\drivers
2012-05-26 20:02:20 ----D---- C:\Windows\SYSWOW64\Dism
2012-05-26 20:02:19 ----D---- C:\Windows\SYSWOW64\wbem
2012-05-26 20:02:19 ----D---- C:\Windows\SYSWOW64\com
2012-05-26 20:02:19 ----D---- C:\Windows\IME
2012-05-26 20:02:19 ----D---- C:\Windows\DigitalLocker
2012-05-26 20:02:17 ----D---- C:\Windows\system32\winrm
2012-05-26 20:02:17 ----D---- C:\Windows\system32\oobe
2012-05-26 20:02:17 ----D---- C:\Windows\system32\migwiz
2012-05-26 20:02:17 ----D---- C:\Windows\PolicyDefinitions
2012-05-26 20:02:10 ----D---- C:\Windows\system32\WinBioPlugIns
2012-05-26 20:02:10 ----D---- C:\Windows\system32\WCN
2012-05-26 20:02:10 ----D---- C:\Windows\system32\sysprep
2012-05-26 20:02:10 ----D---- C:\Windows\system32\slmgr
2012-05-26 20:02:10 ----D---- C:\Windows\system32\Setup
2012-05-26 20:02:10 ----D---- C:\Windows\system32\MUI
2012-05-26 20:02:10 ----D---- C:\Windows\system32\Dism
2012-05-26 20:02:10 ----D---- C:\Windows\system32\Boot
2012-05-26 20:02:07 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2012-05-26 20:02:06 ----D---- C:\Windows\system32\com
2012-05-26 20:02:06 ----D---- C:\Windows\AppPatch
2012-05-26 19:59:17 ----D---- C:\Windows\debug
2012-05-26 19:40:51 ----D---- C:\Windows\Downloaded Program Files
2012-05-26 19:19:51 ----D---- C:\Windows\system32\CodeIntegrity
2012-05-26 19:10:32 ----SHD---- C:\$Recycle.Bin
2012-05-26 19:09:19 ----A---- C:\Windows\SYSWOW64\slwga.dll
2012-05-26 19:09:19 ----A---- C:\Windows\system32\user32.dll
2012-05-26 19:09:19 ----A---- C:\Windows\system32\systemcpl.dll
2012-05-26 19:09:19 ----A---- C:\Windows\system32\slwga.dll
2012-05-26 19:09:18 ----A---- C:\Windows\SYSWOW64\user32.dll
2012-05-26 19:08:51 ----D---- C:\Windows\system32\restore
2012-05-15 12:48:00 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2012-05-15 12:48:00 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2012-05-15 12:48:00 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2012-05-15 12:48:00 ----A---- C:\Windows\system32\OpenCL.dll
2012-05-15 12:48:00 ----A---- C:\Windows\system32\nvwgf2umx.dll
2012-05-15 12:48:00 ----A---- C:\Windows\system32\nvgenco64.dll
2012-05-15 12:48:00 ----A---- C:\Windows\system32\nvdispco64.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-05-27 560184]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-01-18 451192]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-01-18 1092728]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-05-17 1160824]
R1 ccSet_N360;Norton 360 Settings Manager; C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-30 167048]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-06-02 484512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120601.001\IDSvia64.sys [2012-06-01 488568]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS [2012-03-29 737912]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS [2012-03-29 37496]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-01-18 190072]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-01-18 405624]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-27 283200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-02 138912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2007-10-25 1300632]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120601.034\ENG64.SYS [2012-06-02 120440]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120601.034\EX64.SYS [2012-06-02 2068600]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-06-02 175736]
S3 athtd3xn;athtd3xn; C:\Windows\system32\drivers\athtd3xn.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 PCTBD;PC Tools Browser Defender Driver; C:\Windows\System32\Drivers\PCTBD64.sys [2012-05-08 85192]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-28 138232]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-05-15 889664]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-05-27 76888]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2011-12-10 120160]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-01-30 103992]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-05-26 529232]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-26 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-01-30 51272]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-01-30 141376]

-----------------EOF-----------------

[Rudy]

Také zdravím!
Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Itchiga]

Kód: Vybrat vše

ComboFix 12-06-02.03 - Itchiga 02.06.2012  23:00:09.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.2223 [GMT 2:00]
Running from: c:\users\Itchiga\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini . . . . Failed to delete
c:\windows\assembly\GAC_64\Desktop.ini . . . . Failed to delete
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-02 to 2012-06-02  )))))))))))))))))))))))))))))))
.
.
2012-06-02 21:04 . 2012-06-02 21:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-02 20:29 . 2012-06-02 20:30	--------	d-----w-	c:\program files\trend micro
2012-06-02 20:29 . 2012-06-02 20:29	--------	d-----w-	C:\rsit
2012-06-02 19:15 . 2012-06-02 19:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-02 19:15 . 2012-06-02 19:15	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-02 19:15 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-02 18:43 . 2012-06-02 18:43	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-06-02 18:29 . 2012-06-02 19:59	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-06-02 18:29 . 2012-06-02 19:05	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-06-02 18:10 . 2012-06-02 18:10	--------	d-----w-	c:\program files (x86)\Foxit Software
2012-06-02 16:27 . 2012-05-08 16:21	85192	----a-w-	c:\windows\system32\drivers\PCTBD64.sys
2012-06-02 16:27 . 2012-05-08 16:21	767928	----a-w-	c:\windows\BDTSupport.dll
2012-06-02 16:27 . 2012-05-08 16:21	149432	----a-w-	c:\windows\SGDetectionTool.dll
2012-06-02 16:27 . 2012-05-08 16:21	2267064	----a-w-	c:\windows\PCTBDCore.dll
2012-06-02 16:27 . 2012-05-08 16:21	1681336	----a-w-	c:\windows\PCTBDRes.dll
2012-06-02 16:25 . 2012-06-02 16:25	--------	d-----w-	c:\program files (x86)\PC Tools
2012-06-02 16:20 . 2012-06-02 18:38	--------	d-----w-	c:\program files (x86)\Common Files\PC Tools
2012-06-02 16:20 . 2012-05-11 09:14	251528	----a-w-	c:\windows\system32\drivers\PCTSD64.sys
2012-06-02 16:19 . 2012-06-02 18:26	--------	d-----w-	c:\programdata\PC Tools
2012-06-02 15:05 . 2012-06-02 15:07	--------	d-----w-	c:\program files (x86)\CDisplayEx
2012-06-02 14:11 . 2012-06-02 14:11	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-06-02 14:08 . 2012-06-02 14:09	--------	d-----w-	c:\programdata\Battle.net
2012-06-02 13:35 . 2012-06-02 13:35	--------	d-----w-	c:\program files\7-Zip
2012-06-02 10:48 . 2012-06-02 10:48	--------	d-----w-	c:\program files\Symantec
2012-06-02 10:48 . 2012-06-02 10:48	175736	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-02 10:48 . 2012-06-02 10:48	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2012-06-02 10:47 . 2012-06-02 11:14	--------	d-----w-	c:\windows\system32\drivers\N360x64
2012-06-02 10:47 . 2012-06-02 10:47	--------	d-----w-	c:\program files (x86)\Norton 360
2012-06-02 10:47 . 2012-06-02 10:47	--------	d-----w-	c:\program files (x86)\NortonInstaller
2012-06-01 20:40 . 2012-06-01 20:40	--------	d-----w-	c:\programdata\EA Core
2012-06-01 20:40 . 2012-06-02 12:56	--------	d-----w-	c:\programdata\EA Logs
2012-06-01 19:51 . 2012-06-02 10:51	--------	d-----w-	c:\program files (x86)\Common Files\Symantec Shared
2012-06-01 19:49 . 2012-06-02 12:33	--------	d-----w-	c:\programdata\Norton
2012-05-29 17:19 . 2012-05-14 23:41	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7648F28-057C-406A-8700-E4CE03C02A81}\mpengine.dll
2012-05-29 17:15 . 2012-05-29 17:15	--------	d-----w-	c:\program files (x86)\Common Files\Merge Modules
2012-05-29 16:20 . 2012-05-29 16:20	--------	d-----w-	c:\program files (x86)\Notepad++
2012-05-28 20:51 . 2012-05-28 20:51	--------	d-----w-	c:\program files\Microsoft Help Viewer
2012-05-28 20:51 . 2012-05-29 17:17	84192	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-28 20:50 . 2012-05-28 20:50	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 10.0
2012-05-28 20:49 . 2012-05-28 20:49	--------	d-----w-	c:\windows\PCHEALTH
2012-05-28 20:38 . 2012-06-02 00:38	--------	d-----w-	c:\users\Classic .NET AppPool
2012-05-28 20:37 . 2012-05-28 20:37	--------	d-----w-	c:\windows\SysWow64\BestPractices
2012-05-28 20:37 . 2012-05-28 20:37	--------	d-----w-	c:\windows\system32\BestPractices
2012-05-28 20:37 . 2012-05-28 20:37	--------	d-----w-	C:\inetpub
2012-05-28 20:35 . 2012-05-28 20:35	--------	d-----w-	c:\program files (x86)\Microsoft WebMatrix
2012-05-28 20:11 . 2012-05-28 20:11	2542784	----a-w-	c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-05-28 20:01 . 2012-05-28 20:01	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2012-05-28 20:01 . 2012-05-28 20:01	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-05-28 19:49 . 2012-05-28 21:01	--------	d-----w-	c:\program files (x86)\Microsoft ASP.NET
2012-05-28 19:49 . 2012-05-28 19:49	--------	d-----w-	c:\program files (x86)\Microsoft
2012-05-28 19:49 . 2012-05-28 19:49	--------	d-----w-	c:\program files\Microsoft
2012-05-28 19:48 . 2012-05-28 20:53	--------	d-----w-	c:\program files (x86)\IIS Express
2012-05-28 19:48 . 2012-05-28 19:48	--------	d-----w-	c:\program files\IIS
2012-05-28 19:48 . 2012-05-28 19:48	--------	d-----w-	c:\program files (x86)\IIS
2012-05-28 19:32 . 2012-05-28 20:48	--------	d-----w-	c:\windows\SysWow64\1033
2012-05-28 19:32 . 2012-05-28 20:31	--------	d-----w-	c:\program files\Microsoft SQL Server
2012-05-28 19:32 . 2012-05-28 20:30	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server
2012-05-28 19:18 . 2012-05-28 21:07	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 11.0
2012-05-28 19:18 . 2012-05-28 20:58	--------	d-----w-	c:\windows\system32\1033
2012-05-28 19:18 . 2012-05-28 21:05	--------	d-----w-	c:\program files (x86)\Microsoft SDKs
2012-05-28 19:09 . 2012-06-01 19:48	--------	d-----w-	c:\programdata\Package Cache
2012-05-28 13:29 . 2012-05-28 13:29	--------	d-----w-	c:\programdata\SEGA Corporation
2012-05-28 13:10 . 2012-05-28 13:10	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-05-28 13:05 . 2012-05-28 13:10	--------	d-----w-	c:\program files\Common Files\Adobe
2012-05-28 13:04 . 2012-05-28 13:08	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-05-27 21:07 . 2012-05-27 21:07	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2012-05-27 21:07 . 2012-05-27 21:07	--------	d-----w-	c:\program files (x86)\SEGA
2012-05-27 21:07 . 2012-05-27 21:07	--------	d-----w-	c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-05-27 21:07 . 2012-05-27 21:07	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-27 21:05 . 2012-05-27 21:05	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2012-05-27 21:04 . 2012-05-27 21:04	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-27 16:24 . 2012-05-27 16:24	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2012-05-27 15:58 . 2012-05-27 16:05	--------	d-----w-	c:\program files (x86)\Origin Games
2012-05-27 15:58 . 2012-06-01 20:40	--------	d-----w-	c:\programdata\Electronic Arts
2012-05-27 15:58 . 2012-05-27 16:04	--------	d-----w-	c:\programdata\Origin
2012-05-27 15:58 . 2012-05-27 16:04	--------	d-----w-	c:\program files (x86)\Origin
2012-05-27 12:09 . 2012-05-27 12:09	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2012-05-27 12:08 . 2012-05-27 12:08	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-05-27 12:08 . 2012-05-27 12:08	--------	d-----w-	c:\program files (x86)\Oracle
2012-05-27 12:08 . 2012-04-04 16:47	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-27 12:08 . 2012-04-04 16:47	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-05-27 12:07 . 2012-05-27 12:07	--------	d-----w-	c:\program files (x86)\Java
2012-05-27 11:09 . 2012-05-27 11:44	283416	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-05-27 10:23 . 2012-05-27 10:23	--------	d-----w-	c:\program files (x86)\Course Vector
2012-05-27 10:21 . 2012-05-27 10:21	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2012-05-27 08:59 . 2012-05-27 08:59	560184	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-05-27 08:59 . 2012-05-27 21:04	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2012-05-27 08:50 . 2012-05-27 21:04	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2012-05-27 02:57 . 2012-05-26 17:09	--------	d-----w-	c:\windows\Panther
2012-05-27 02:57 . 2012-05-27 02:57	--------	d-----w-	C:\Boot
2012-05-26 21:00 . 2012-05-26 21:00	--------	d-----w-	c:\program files (x86)\AIMP3
2012-05-26 20:16 . 2012-06-01 14:44	--------	d-----w-	c:\users\UpdatusUser
2012-05-26 20:16 . 2012-06-02 21:05	--------	d-----w-	c:\programdata\NVIDIA
2012-05-26 20:14 . 2012-05-26 20:14	--------	d-----w-	C:\NVIDIA
2012-05-26 20:07 . 2012-05-26 20:16	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-05-26 20:07 . 2012-05-26 20:08	--------	d-----w-	c:\windows\system32\appmgmt
2012-05-26 19:11 . 2012-06-02 20:04	--------	d-----w-	c:\program files (x86)\Steam
2012-05-26 19:11 . 2012-05-27 07:30	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2012-05-26 19:02 . 2012-05-26 19:02	--------	d-----w-	c:\program files\CCleaner
2012-05-26 18:02 . 2012-05-26 18:02	--------	d-----w-	c:\windows\ja-JP
2012-05-26 18:01 . 2012-05-26 18:01	--------	d-----w-	c:\windows\SysWow64\drivers\cs-CZ
2012-05-26 18:01 . 2012-05-26 18:01	--------	d-----w-	c:\windows\cs-CZ
2012-05-26 18:01 . 2012-05-26 18:01	--------	d-----w-	c:\windows\system32\cs
2012-05-26 18:01 . 2012-05-26 18:01	--------	d-----w-	c:\windows\system32\drivers\UMDF\cs-CZ
2012-05-26 18:01 . 2012-05-26 18:01	--------	d-----w-	c:\windows\system32\drivers\cs-CZ
2012-05-26 18:01 . 2012-06-01 14:40	--------	d-----w-	c:\windows\system32\wbem\cs-CZ
2012-05-26 17:52 . 2010-11-20 03:27	287744	----a-w-	c:\windows\system32\lzhfldr2.dll
2012-05-26 17:52 . 2010-11-20 02:20	266240	----a-w-	c:\windows\SysWow64\lzhfldr2.dll
2012-05-26 17:52 . 2009-07-13 16:15	377856	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll
2012-05-26 17:52 . 2009-07-13 16:15	1179136	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll
2012-05-26 17:52 . 2009-07-13 16:15	9728	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll
2012-05-26 17:52 . 2009-07-13 16:07	11507712	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll
2012-05-26 17:52 . 2009-07-13 17:12	3072	----a-w-	c:\windows\system32\Spool\prtprocs\x64\ja-JP\LXKPTPRC.DLL.mui
2012-05-26 17:52 . 2009-07-13 16:41	492032	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll
2012-05-26 17:52 . 2009-07-13 16:41	1198080	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll
2012-05-26 17:52 . 2009-07-13 16:40	11776	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll
2012-05-26 17:52 . 2009-07-13 16:29	11507712	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll
2012-05-26 17:51 . 2012-05-26 17:51	--------	d-----w-	c:\windows\SysWow64\RTCOM
2012-05-26 17:46 . 2012-05-26 17:46	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-05-26 17:46 . 2012-05-26 20:16	--------	d-----w-	c:\program files\NVIDIA Corporation
2012-05-26 17:40 . 2012-05-27 10:33	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-26 17:40 . 2012-05-27 10:33	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-26 17:39 . 2012-03-06 06:53	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-26 17:39 . 2012-03-06 05:59	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-26 17:39 . 2012-03-06 05:59	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-26 17:09 . 2010-11-21 03:24	14848	----a-w-	c:\windows\system32\slwga.dll
2012-05-26 17:09 . 2010-11-21 03:24	1008640	----a-w-	c:\windows\system32\user32.dll
2012-05-26 17:09 . 2010-11-21 03:24	419840	----a-w-	c:\windows\system32\systemcpl.dll
2012-05-26 17:09 . 2010-11-21 03:23	13824	----a-w-	c:\windows\SysWow64\slwga.dll
2012-05-26 17:09 . 2010-11-21 03:24	833024	----a-w-	c:\windows\SysWow64\user32.dll
2012-05-15 10:48 . 2012-02-09 20:43	8105280	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-02-09 20:43	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-09 20:43	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-09 20:43	1738048	----a-w-	c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-02-09 20:43	1468224	----a-w-	c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2009-07-13 21:59	10194752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2009-06-10 20:37	15322432	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-05-08 15:47 . 2012-06-02 16:27	3488	----a-w-	c:\windows\UDB.zip
2012-05-08 15:47 . 2012-06-02 16:27	131	----a-w-	c:\windows\IDB.zip
2012-03-12 18:56 . 2012-03-12 18:56	947472	----a-w-	c:\windows\SysWow64\msjava.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-05-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-05-26 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-26 880496]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-05-26 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-01-30 103992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-05-17 1160824]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120601.001\IDSvia64.sys [2012-06-01 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-02 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948201437-3541623884-968502366-1000Core.job
- c:\users\Itchiga\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-27 10:39]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948201437-3541623884-968502366-1000UA.job
- c:\users\Itchiga\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-27 10:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-06-02  23:12:14 - machine was rebooted
ComboFix-quarantined-files.txt  2012-06-02 21:12
.
Pre-Run: 166 471 045 120 bytes free
Post-Run: 166 144 999 424 bytes free
.
- - End Of File - - 9E1812E057336AB7FFEB47B07F74995E

[Rudy]

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\installer\{4509e763-8ef6-d009-12e6-8f8f16bacd28}\u\80000032.@
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948201437-3541623884-968502366-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948201437-3541623884-968502366-1000UA.job

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Itchiga]

Udelal jsem jak jste rekl , Combofix se otevrel , zacal se extrahovat etc. nechal jsem pc 10minut byt [Norton etc. byl vypnut , myslim realtime protection etc.] a pak uz se nic nestalo ... Je to spravne? Nebo by mel vyskocit text etc. o dokonceni operace ?

Norton Vir hlasi i nadale

+ na c:/ my vznikl soubor/odkaz na tento pc se jmenem 32788R22FWJFW

[Rudy]

Rozhodně by se měl dokončit a dát nový log. Pokud se to nestalo, zkuste to znovu, ale v nouz. režimu.

[Itchiga]

Vyzkousene v nouz. rezimu , bohuzel se my jak v nouz. tak pri resetovani do normalniho rezimu vlivem comba pripletl symantec [norton] ktery byl nasledne ukoncen , nejspise combem

Kód: Vybrat vše

ComboFix 12-06-02.03 - SYSTEM 06/03/2012  21:45:28.2.2 - x64 MINIMAL
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.2858 [GMT 2:00]
Running from: c:\users\Itchiga\Desktop\ComboFix.exe
Command switches used :: c:\users\Itchiga\Desktop\CFScript.txt
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 * Resident AV is active
.
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948201437-3541623884-968502366-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948201437-3541623884-968502366-1000UA.job
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-03 to 2012-06-03  )))))))))))))))))))))))))))))))
.
.
2012-06-03 19:51 . 2012-06-03 19:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-03 19:40 . 2012-06-03 19:40	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-06-03 19:34 . 2012-06-03 19:34	--------	d-----w-	c:\program files\Axantum
2012-06-02 20:29 . 2012-06-02 20:30	--------	d-----w-	c:\program files\trend micro
2012-06-02 20:29 . 2012-06-02 20:29	--------	d-----w-	C:\rsit
2012-06-02 19:15 . 2012-06-02 19:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-02 19:15 . 2012-06-02 19:15	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-02 19:15 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-02 18:43 . 2012-06-02 18:43	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-06-02 18:29 . 2012-06-02 19:59	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-06-02 18:29 . 2012-06-02 19:05	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-06-02 18:10 . 2012-06-02 18:10	--------	d-----w-	c:\program files (x86)\Foxit Software
2012-06-02 16:27 . 2012-05-08 16:21	85192	----a-w-	c:\windows\system32\drivers\PCTBD64.sys
2012-06-02 16:27 . 2012-05-08 16:21	767928	----a-w-	c:\windows\BDTSupport.dll
2012-06-02 16:27 . 2012-05-08 16:21	149432	----a-w-	c:\windows\SGDetectionTool.dll
2012-06-02 16:27 . 2012-05-08 16:21	2267064	----a-w-	c:\windows\PCTBDCore.dll
2012-06-02 16:27 . 2012-05-08 16:21	1681336	----a-w-	c:\windows\PCTBDRes.dll
2012-06-02 16:25 . 2012-06-02 16:25	--------	d-----w-	c:\program files (x86)\PC Tools
2012-06-02 16:20 . 2012-06-02 18:38	--------	d-----w-	c:\program files (x86)\Common Files\PC Tools
2012-06-02 16:20 . 2012-05-11 09:14	251528	----a-w-	c:\windows\system32\drivers\PCTSD64.sys
2012-06-02 16:19 . 2012-06-02 18:26	--------	d-----w-	c:\programdata\PC Tools
2012-06-02 15:05 . 2012-06-02 15:07	--------	d-----w-	c:\program files (x86)\CDisplayEx
2012-06-02 14:11 . 2012-06-02 14:11	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-06-02 14:08 . 2012-06-02 14:09	--------	d-----w-	c:\programdata\Battle.net
2012-06-02 13:35 . 2012-06-02 13:35	--------	d-----w-	c:\program files\7-Zip
2012-06-02 10:48 . 2012-06-02 10:48	--------	d-----w-	c:\program files\Symantec
2012-06-02 10:48 . 2012-06-02 10:48	175736	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-02 10:48 . 2012-06-02 10:48	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2012-06-02 10:47 . 2012-06-02 11:14	--------	d-----w-	c:\windows\system32\drivers\N360x64
2012-06-02 10:47 . 2012-06-02 10:47	--------	d-----w-	c:\program files (x86)\Norton 360
2012-06-02 10:47 . 2012-06-02 10:47	--------	d-----w-	c:\program files (x86)\NortonInstaller
2012-06-01 20:40 . 2012-06-01 20:40	--------	d-----w-	c:\programdata\EA Core
2012-06-01 20:40 . 2012-06-02 12:56	--------	d-----w-	c:\programdata\EA Logs
2012-06-01 19:51 . 2012-06-02 10:51	--------	d-----w-	c:\program files (x86)\Common Files\Symantec Shared
2012-06-01 19:49 . 2012-06-02 12:33	--------	d-----w-	c:\programdata\Norton
2012-05-29 17:15 . 2012-05-29 17:15	--------	d-----w-	c:\program files (x86)\Common Files\Merge Modules
2012-05-29 16:20 . 2012-05-29 16:20	--------	d-----w-	c:\program files (x86)\Notepad++
2012-05-28 20:51 . 2012-05-28 20:51	--------	d-----w-	c:\program files\Microsoft Help Viewer
2012-05-28 20:50 . 2012-05-28 20:50	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 10.0
2012-05-28 20:49 . 2012-05-28 20:49	--------	d-----w-	c:\windows\PCHEALTH
2012-05-28 20:38 . 2012-06-02 00:38	--------	d-----w-	c:\users\Classic .NET AppPool
2012-05-28 20:37 . 2012-05-28 20:37	--------	d-----w-	c:\windows\SysWow64\BestPractices
2012-05-28 20:37 . 2012-05-28 20:37	--------	d-----w-	c:\windows\system32\BestPractices
2012-05-28 20:37 . 2012-05-28 20:37	--------	d-----w-	C:\inetpub
2012-05-28 20:35 . 2012-05-28 20:35	--------	d-----w-	c:\program files (x86)\Microsoft WebMatrix
2012-05-28 20:01 . 2012-05-28 20:01	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2012-05-28 20:01 . 2012-05-28 20:01	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-05-28 19:49 . 2012-05-28 21:01	--------	d-----w-	c:\program files (x86)\Microsoft ASP.NET
2012-05-28 19:49 . 2012-05-28 19:49	--------	d-----w-	c:\program files (x86)\Microsoft
2012-05-28 19:49 . 2012-05-28 19:49	--------	d-----w-	c:\program files\Microsoft
2012-05-28 19:48 . 2012-05-28 20:53	--------	d-----w-	c:\program files (x86)\IIS Express
2012-05-28 19:48 . 2012-05-28 19:48	--------	d-----w-	c:\program files\IIS
2012-05-28 19:48 . 2012-05-28 19:48	--------	d-----w-	c:\program files (x86)\IIS
2012-05-28 19:32 . 2012-05-28 20:48	--------	d-----w-	c:\windows\SysWow64\1033
2012-05-28 19:32 . 2012-05-28 20:31	--------	d-----w-	c:\program files\Microsoft SQL Server
2012-05-28 19:32 . 2012-05-28 20:30	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server
2012-05-28 19:18 . 2012-05-28 21:07	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 11.0
2012-05-28 19:18 . 2012-05-28 20:58	--------	d-----w-	c:\windows\system32\1033
2012-05-28 19:18 . 2012-05-28 21:05	--------	d-----w-	c:\program files (x86)\Microsoft SDKs
2012-05-28 19:09 . 2012-06-01 19:48	--------	d-----w-	c:\programdata\Package Cache
2012-05-28 13:29 . 2012-05-28 13:29	--------	d-----w-	c:\programdata\SEGA Corporation
2012-05-28 13:10 . 2012-05-28 13:10	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-05-28 13:05 . 2012-05-28 13:10	--------	d-----w-	c:\program files\Common Files\Adobe
2012-05-28 13:04 . 2012-05-28 13:08	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-05-27 21:07 . 2012-05-27 21:07	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2012-05-27 21:07 . 2012-05-27 21:07	--------	d-----w-	c:\program files (x86)\SEGA
2012-05-27 21:07 . 2012-05-27 21:07	--------	d-----w-	c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-05-27 21:07 . 2012-05-27 21:07	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-27 21:05 . 2012-05-27 21:05	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2012-05-27 21:04 . 2012-05-27 21:04	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-27 16:24 . 2012-05-27 16:24	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2012-05-27 15:58 . 2012-05-27 16:05	--------	d-----w-	c:\program files (x86)\Origin Games
2012-05-27 15:58 . 2012-06-01 20:40	--------	d-----w-	c:\programdata\Electronic Arts
2012-05-27 15:58 . 2012-05-27 16:04	--------	d-----w-	c:\programdata\Origin
2012-05-27 15:58 . 2012-05-27 16:04	--------	d-----w-	c:\program files (x86)\Origin
2012-05-27 12:09 . 2012-05-27 12:09	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2012-05-27 12:08 . 2012-05-27 12:08	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-05-27 12:08 . 2012-05-27 12:08	--------	d-----w-	c:\program files (x86)\Oracle
2012-05-27 12:08 . 2012-04-04 16:47	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-27 12:08 . 2012-04-04 16:47	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-05-27 12:07 . 2012-05-27 12:07	--------	d-----w-	c:\program files (x86)\Java
2012-05-27 11:09 . 2012-05-27 11:44	283416	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-05-27 10:23 . 2012-05-27 10:23	--------	d-----w-	c:\program files (x86)\Course Vector
2012-05-27 10:21 . 2012-05-27 10:21	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2012-05-27 08:59 . 2012-05-27 08:59	560184	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-05-27 08:59 . 2012-05-27 21:04	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2012-05-27 08:50 . 2012-05-27 21:04	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2012-05-27 02:57 . 2012-05-26 17:09	--------	d-----w-	c:\windows\Panther
2012-05-27 02:57 . 2012-05-27 02:57	--------	d-----w-	C:\Boot
2012-05-26 21:00 . 2012-05-26 21:00	--------	d-----w-	c:\program files (x86)\AIMP3
2012-05-26 20:16 . 2012-06-01 14:44	--------	d-----w-	c:\users\UpdatusUser
2012-05-26 20:16 . 2012-06-03 19:51	--------	d-----w-	c:\programdata\NVIDIA
2012-05-26 20:14 . 2012-05-26 20:14	--------	d-----w-	C:\NVIDIA
2012-05-26 20:07 . 2012-05-26 20:16	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-05-26 20:07 . 2012-05-26 20:08	--------	d-----w-	c:\windows\system32\appmgmt
2012-05-26 19:11 . 2012-06-03 18:52	--------	d-----w-	c:\program files (x86)\Steam
2012-05-26 19:11 . 2012-05-27 07:30	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2012-05-26 19:02 . 2012-05-26 19:02	--------	d-----w-	c:\program files\CCleaner
2012-05-26 18:02 . 2012-05-26 18:02	--------	d-----w-	c:\windows\ja-JP
2012-05-26 18:01 . 2012-05-26 18:01	--------	d-----w-	c:\windows\SysWow64\drivers\cs-CZ
2012-05-26 18:01 . 2012-05-26 18:01	--------	d-----w-	c:\windows\cs-CZ
2012-05-26 18:01 . 2012-05-26 18:01	--------	d-----w-	c:\windows\system32\cs
2012-05-26 18:01 . 2012-05-26 18:01	--------	d-----w-	c:\windows\system32\drivers\UMDF\cs-CZ
2012-05-26 18:01 . 2012-05-26 18:01	--------	d-----w-	c:\windows\system32\drivers\cs-CZ
2012-05-26 18:01 . 2012-06-01 14:40	--------	d-----w-	c:\windows\system32\wbem\cs-CZ
2012-05-26 17:52 . 2010-11-20 03:27	287744	----a-w-	c:\windows\system32\lzhfldr2.dll
2012-05-26 17:52 . 2010-11-20 02:20	266240	----a-w-	c:\windows\SysWow64\lzhfldr2.dll
2012-05-26 17:52 . 2009-07-13 16:15	377856	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll
2012-05-26 17:52 . 2009-07-13 16:15	1179136	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll
2012-05-26 17:52 . 2009-07-13 16:15	9728	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll
2012-05-26 17:52 . 2009-07-13 16:07	11507712	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll
2012-05-26 17:52 . 2009-07-13 17:12	3072	----a-w-	c:\windows\system32\Spool\prtprocs\x64\ja-JP\LXKPTPRC.DLL.mui
2012-05-26 17:52 . 2009-07-13 16:41	492032	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll
2012-05-26 17:52 . 2009-07-13 16:41	1198080	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll
2012-05-26 17:52 . 2009-07-13 16:40	11776	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll
2012-05-26 17:52 . 2009-07-13 16:29	11507712	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll
2012-05-26 17:51 . 2012-05-26 17:51	--------	d-----w-	c:\windows\SysWow64\RTCOM
2012-05-26 17:46 . 2012-05-26 17:46	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-05-26 17:46 . 2012-05-26 20:16	--------	d-----w-	c:\program files\NVIDIA Corporation
2012-05-26 17:40 . 2012-05-27 10:33	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-26 17:40 . 2012-05-27 10:33	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-26 17:39 . 2012-03-06 06:53	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-26 17:39 . 2012-03-06 05:59	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-26 17:39 . 2012-03-06 05:59	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-26 17:35 . 2009-07-13 17:04	3584	----a-w-	c:\windows\system32\Spool\prtprocs\x64\cs-CZ\LXKPTPRC.DLL.mui
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 17:17 . 2012-05-28 20:51	84192	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-28 20:11 . 2012-05-28 20:11	2542784	----a-w-	c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-05-26 17:09 . 2010-11-21 03:24	14848	----a-w-	c:\windows\system32\slwga.dll
2012-05-26 17:09 . 2010-11-21 03:24	1008640	----a-w-	c:\windows\system32\user32.dll
2012-05-26 17:09 . 2010-11-21 03:24	419840	----a-w-	c:\windows\system32\systemcpl.dll
2012-05-26 17:09 . 2010-11-21 03:23	13824	----a-w-	c:\windows\SysWow64\slwga.dll
2012-05-26 17:09 . 2010-11-21 03:24	833024	----a-w-	c:\windows\SysWow64\user32.dll
2012-05-15 10:48 . 2012-02-09 20:43	8105280	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-02-09 20:43	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-09 20:43	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-09 20:43	1738048	----a-w-	c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-02-09 20:43	1468224	----a-w-	c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2009-07-13 21:59	10194752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2009-06-10 20:37	15322432	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-05-14 23:41 . 2012-05-29 17:19	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7648F28-057C-406A-8700-E4CE03C02A81}\mpengine.dll
2012-05-08 15:47 . 2012-06-02 16:27	3488	----a-w-	c:\windows\UDB.zip
2012-05-08 15:47 . 2012-06-02 16:27	131	----a-w-	c:\windows\IDB.zip
2012-03-12 18:56 . 2012-03-12 18:56	947472	----a-w-	c:\windows\SysWow64\msjava.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-05-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-05-26 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-02_21.06.47   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-02 18:48 . 2012-06-03 18:51	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-06-02 18:48 . 2012-06-02 20:03	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-06-03 19:48	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-02 20:59	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-03 19:48	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-02 20:59	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-03 19:48	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-02 20:59	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-03 19:54	28662              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-03 19:54	38466              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-05-27 02:02 . 2012-06-02 11:17	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-27 02:02 . 2012-06-03 19:41	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-05-27 02:02 . 2012-06-02 11:17	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-05-27 02:02 . 2012-06-03 19:41	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-03 19:43 . 2012-06-03 19:41	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012060320120604\index.dat
+ 2009-07-14 04:54 . 2012-06-03 19:41	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-03 19:40 . 2012-06-03 19:41	16384              c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-05-26 17:11 . 2012-06-03 19:54	6950              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1948201437-3541623884-968502366-1000_UserData.bin
- 2012-06-02 21:05 . 2012-06-02 21:05	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-03 19:51 . 2012-06-03 19:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-02 21:05 . 2012-06-02 21:05	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-03 19:51 . 2012-06-03 19:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-02 18:43 . 2012-06-02 20:59	262144              c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-06-02 18:43 . 2012-06-03 19:48	262144              c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-06-02 21:05	405000              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-03 19:39	405000              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-04 16:59 . 2011-12-04 16:59	1710080              c:\windows\Installer\280254.msi
+ 2012-05-26 18:03 . 2012-06-03 19:39	18032892              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1948201437-3541623884-968502366-1000-8192.dat
- 2012-05-26 18:03 . 2012-06-02 21:05	18032892              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1948201437-3541623884-968502366-1000-8192.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-26 880496]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-05-26 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-01-30 103992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-05-17 1160824]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120601.001\IDSvia64.sys [2012-06-01 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-02 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 10.0.0.1
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-06-03  21:59:23 - machine was rebooted
ComboFix-quarantined-files.txt  2012-06-03 19:59
ComboFix2.txt  2012-06-02 21:12
.
Pre-Run: 166,211,338,240 bytes free
Post-Run: 165 762 056 192 bytes free
.
- - End Of File - - 75CB76624721D87E530F8C5E8AA74B03
Upload was successful 

Ovsem norton nadale hlasi viry
Na cecku my vznikl $recycle bin ,boot , config.msi [slozka],inetpub, qoobox,recovery, niceho jineho jsem si nevsiml

[Rudy]

On vám CF nedal hlášku o tom, abyste vypnul AV?

[Itchiga]

v safe modu jsem obdzel hlasku ze mam AV vypnout , ovsem nebyl jsem schopen symantec/AV najit pres procesy abych ho mohl vypnout a nebyl ani v postranni liste tudiz bych rekl ze bezel skryte [?] a normalnim modu , jsem nebyl schopen AV vypnout , jelikoz my neustale hlasi pristup odepren a povypinani vsech moznosti v nastaveni AVcka nepomahalo

Ale behem nacitani safe modu bylo mezi polozkama k nacteni zobrazeno i Symantec driver

Ale zmensil se pocet upozorneni od nortonu ... drive to vyskakovalo kazdych cca. 5~15minut ted to vyskocilo jen pri nacitani pc

A dost. Rozhodl jsem se preformatovat pc ... jestli bude vir i potom tak uz nevim co ..

[Rudy]

Format je vaše rozhodnutí. Norton by měl jít normálně spustit a v nastaveních vypnout rez štíty. Při běhu CF musí být jednoznačně vypnuty.

[Itchiga]

Format byl dokoncen , PC zkontrolovan kasperskym pure a vypada to konecne ciste

Takze bych rekl ze muzete locknout tema

[Rudy]

OK a zamykám.