Kontrola logu Vyřešeno

[Scary]

Notebook mám zhruba 2 měsíce. Nedávno se zpomalil a tušim, že něco nebude v pořádku. Přikládám log.
-----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:01, on 16.7.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\MSI\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Programy\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programy\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Programy\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programy\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFFCC7D-FDB4-4153-AFDD-2A2B6A407C0F}: NameServer = 62.240.161.226,62.240.161.227
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9db05abf2e287) (gupdate1c9db05abf2e287) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Micro Star SCM - Micro-Star Int'l Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7423 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Scary]

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2440
Windows 6.0.6002 Service Pack 2

16.7.2009 16:16:16
mbam-log-2009-07-16 (16-16-16).txt

Typ skenu: Rychlý sken
Objektu skenováno: 81386
Uplynulý cas: 12 minute(s), 23 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

[Scary]

Logfile of random's system information tool 1.06 (written by random/random)
Run by doma at 2009-07-16 17:50:18
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 149 GB (49%) free of 305 GB
Total RAM: 3070 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:25, on 16.7.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\MSI\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\doma\Downloads\RSIT.exe
C:\Programy\Trend Micro\HijackThis\doma.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programy\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFFCC7D-FDB4-4153-AFDD-2A2B6A407C0F}: NameServer = 62.240.161.226,62.240.161.227
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9db05abf2e287) (gupdate1c9db05abf2e287) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Micro Star SCM - Micro-Star Int'l Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7584 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-04-16 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-16 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-29 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-29 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-28 6144000]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-10-26 671744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-12 1948440]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"WheelMouse"=C:\MSI\ADVANC~1\wh_exec.exe [2007-09-13 90112]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2008-11-28 711808]
"Adobe Reader Speed Launcher"=C:\Programy\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Programy\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"uTorrent"=C:\Programy\uTorrent\uTorrent.exe [2009-05-24 270128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c8f1a88-44e8-11de-9c9d-806e6f6e6963}]
shell\AutoRun\command - D:\CDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18a0565-4f86-11de-b9f5-002185df0d66}]
shell\AutoRun\command - E:\autorun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-07-16 17:50:18 ----D---- C:\rsit
2009-07-16 16:00:35 ----D---- C:\Users\doma\AppData\Roaming\Malwarebytes
2009-07-16 16:00:26 ----D---- C:\ProgramData\Malwarebytes
2009-07-15 10:23:19 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 10:23:19 ----A---- C:\Windows\system32\lpk.dll
2009-07-15 10:23:19 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 10:23:19 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 10:23:19 ----A---- C:\Windows\system32\atmfd.dll
2009-07-12 11:39:04 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-07-12 11:39:04 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-07-12 11:39:04 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-07-12 11:39:04 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-07-12 11:39:04 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-07-12 11:39:04 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-07-12 11:39:04 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-07-09 09:50:01 ----D---- C:\ProgramData\Electronic Arts
2009-07-09 09:45:05 ----D---- C:\Program Files\Electronic Arts
2009-07-09 09:44:35 ----A---- C:\Windows\system32\vp6vfw.dll
2009-07-09 09:44:30 ----D---- C:\Program Files\Microsoft WSE
2009-07-08 09:51:40 ----D---- C:\Users\doma\AppData\Roaming\FUEL
2009-07-08 09:47:51 ----D---- C:\Windows\system32\xlive
2009-07-08 09:47:50 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-07-07 21:55:07 ----D---- C:\Users\doma\AppData\Roaming\DAEMON Tools Pro
2009-07-06 17:58:32 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-06 17:48:09 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-05 15:42:36 ----D---- C:\Windows\system32\eu-ES
2009-07-05 15:42:36 ----D---- C:\Windows\system32\ca-ES
2009-07-05 15:42:33 ----D---- C:\Windows\system32\vi-VN
2009-07-05 15:17:47 ----D---- C:\Windows\system32\EventProviders
2009-07-05 15:15:24 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-05 15:15:15 ----A---- C:\Windows\system32\SLsvc.exe
2009-07-05 15:15:15 ----A---- C:\Windows\system32\SLCExt.dll
2009-07-05 15:15:14 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-07-05 15:15:14 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-07-05 15:15:12 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-05 15:15:09 ----A---- C:\Windows\system32\mssrch.dll
2009-07-05 15:15:07 ----A---- C:\Windows\system32\tquery.dll
2009-07-05 15:15:06 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-05 15:15:05 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-07-05 15:15:05 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-05 15:15:04 ----A---- C:\Windows\system32\scavenge.dll
2009-07-05 15:15:04 ----A---- C:\Windows\system32\RMActivate.exe
2009-07-05 15:15:03 ----A---- C:\Windows\system32\msi.dll
2009-07-05 15:15:02 ----A---- C:\Windows\system32\imapi2fs.dll
2009-07-05 15:15:01 ----A---- C:\Windows\system32\WscEapPr.dll
2009-07-05 15:15:01 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-07-05 15:15:01 ----A---- C:\Windows\system32\secproc_isv.dll
2009-07-05 15:15:00 ----A---- C:\Windows\system32\sysmain.dll
2009-07-05 15:14:59 ----A---- C:\Windows\system32\mf.dll
2009-07-05 15:14:59 ----A---- C:\Windows\system32\icardagt.exe
2009-07-05 15:14:58 ----A---- C:\Windows\system32\EhStorShell.dll
2009-07-05 15:14:58 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-07-05 15:14:57 ----A---- C:\Windows\system32\spreview.exe
2009-07-05 15:14:57 ----A---- C:\Windows\system32\spinstall.exe
2009-07-05 15:14:57 ----A---- C:\Windows\system32\drmv2clt.dll
2009-07-05 15:14:56 ----A---- C:\Windows\system32\spwizui.dll
2009-07-05 15:14:56 ----A---- C:\Windows\system32\secproc.dll
2009-07-05 15:14:56 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-07-05 15:14:54 ----A---- C:\Windows\system32\shell32.dll
2009-07-05 15:14:53 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-05 15:14:53 ----A---- C:\Windows\system32\p2psvc.dll
2009-07-05 15:14:53 ----A---- C:\Windows\system32\mssvp.dll
2009-07-05 15:14:52 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-05 15:14:52 ----A---- C:\Windows\system32\mssph.dll
2009-07-05 15:14:52 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-07-05 15:14:52 ----A---- C:\Windows\system32\mscoree.dll
2009-07-05 15:14:51 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-05 15:14:51 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-05 15:14:51 ----A---- C:\Windows\system32\imapi2.dll
2009-07-05 15:14:50 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-07-05 15:14:50 ----A---- C:\Windows\system32\esent.dll
2009-07-05 15:14:50 ----A---- C:\Windows\system32\DevicePairing.dll
2009-07-05 15:14:49 ----A---- C:\Windows\system32\wevtsvc.dll
2009-07-05 15:14:49 ----A---- C:\Windows\system32\sperror.dll
2009-07-05 15:14:49 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-07-05 15:14:49 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-05 15:14:49 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-05 15:14:48 ----A---- C:\Windows\system32\SLC.dll
2009-07-05 15:14:48 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-07-05 15:14:48 ----A---- C:\Windows\system32\msshsq.dll
2009-07-05 15:14:47 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-05 15:14:47 ----A---- C:\Windows\system32\wmp.dll
2009-07-05 15:14:47 ----A---- C:\Windows\system32\pmcsnap.dll
2009-07-05 15:14:46 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-05 15:14:46 ----A---- C:\Windows\system32\msjet40.dll
2009-07-05 15:14:46 ----A---- C:\Windows\system32\MPSSVC.dll
2009-07-05 15:14:45 ----A---- C:\Windows\system32\msxml6.dll
2009-07-05 15:14:43 ----A---- C:\Windows\system32\Query.dll
2009-07-05 15:14:43 ----A---- C:\Windows\system32\qmgr.dll
2009-07-05 15:14:42 ----A---- C:\Windows\system32\P2PGraph.dll
2009-07-05 15:14:42 ----A---- C:\Windows\system32\ole32.dll
2009-07-05 15:14:42 ----A---- C:\Windows\system32\ntdll.dll
2009-07-05 15:14:42 ----A---- C:\Windows\system32\msexch40.dll
2009-07-05 15:14:42 ----A---- C:\Windows\system32\IasMigReader.exe
2009-07-05 15:14:42 ----A---- C:\Windows\system32\diagperf.dll
2009-07-05 15:14:41 ----A---- C:\Windows\system32\winload.exe
2009-07-05 15:14:41 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-05 15:14:41 ----A---- C:\Windows\system32\msxml3.dll
2009-07-05 15:14:41 ----A---- C:\Windows\system32\mblctr.exe
2009-07-05 15:14:41 ----A---- C:\Windows\system32\EncDec.dll
2009-07-05 15:14:40 ----A---- C:\Windows\system32\uDWM.dll
2009-07-05 15:14:40 ----A---- C:\Windows\system32\riched20.dll
2009-07-05 15:14:40 ----A---- C:\Windows\system32\mmc.exe
2009-07-05 15:14:40 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-07-05 15:14:40 ----A---- C:\Windows\system32\dfsr.exe
2009-07-05 15:14:39 ----A---- C:\Windows\system32\RacEngn.dll
2009-07-05 15:14:39 ----A---- C:\Windows\system32\fdBth.dll
2009-07-05 15:14:38 ----A---- C:\Windows\system32\spoolss.dll
2009-07-05 15:14:38 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-05 15:14:38 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-05 15:14:38 ----A---- C:\Windows\system32\milcore.dll
2009-07-05 15:14:38 ----A---- C:\Windows\system32\kernel32.dll
2009-07-05 15:14:38 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-07-05 15:14:38 ----A---- C:\Windows\system32\CertEnroll.dll
2009-07-05 15:14:37 ----A---- C:\Windows\system32\schedsvc.dll
2009-07-05 15:14:37 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-05 15:14:36 ----A---- C:\Windows\system32\msvcp60.dll
2009-07-05 15:14:36 ----A---- C:\Windows\system32\msjtes40.dll
2009-07-05 15:14:36 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-05 15:14:36 ----A---- C:\Windows\system32\gpedit.dll
2009-07-05 15:14:36 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-07-05 15:14:35 ----A---- C:\Windows\system32\WinSAT.exe
2009-07-05 15:14:34 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-07-05 15:14:34 ----A---- C:\Windows\system32\Magnify.exe
2009-07-05 15:14:34 ----A---- C:\Windows\system32\fveapi.dll
2009-07-05 15:14:34 ----A---- C:\Windows\system32\es.dll
2009-07-05 15:14:34 ----A---- C:\Windows\system32\cscsvc.dll
2009-07-05 15:14:33 ----A---- C:\Windows\system32\mstext40.dll
2009-07-05 15:14:33 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-07-05 15:14:33 ----A---- C:\Windows\system32\advapi32.dll
2009-07-05 15:14:32 ----A---- C:\Windows\system32\WMPhoto.dll
2009-07-05 15:14:32 ----A---- C:\Windows\system32\WebClnt.dll
2009-07-05 15:14:32 ----A---- C:\Windows\system32\slwmi.dll
2009-07-05 15:14:32 ----A---- C:\Windows\system32\msxbde40.dll
2009-07-05 15:14:32 ----A---- C:\Windows\system32\msexcl40.dll
2009-07-05 15:14:32 ----A---- C:\Windows\system32\comsvcs.dll
2009-07-05 15:14:31 ----A---- C:\Windows\system32\vssapi.dll
2009-07-05 15:14:31 ----A---- C:\Windows\system32\mstscax.dll
2009-07-05 15:14:31 ----A---- C:\Windows\system32\authui.dll
2009-07-05 15:14:30 ----A---- C:\Windows\system32\propsys.dll
2009-07-05 15:14:30 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-05 15:14:30 ----A---- C:\Windows\system32\newdev.dll
2009-07-05 15:14:30 ----A---- C:\Windows\system32\NetProjW.dll
2009-07-05 15:14:30 ----A---- C:\Windows\system32\msrepl40.dll
2009-07-05 15:14:29 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-05 15:14:29 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-05 15:14:29 ----A---- C:\Windows\system32\gpsvc.dll
2009-07-05 15:14:29 ----A---- C:\Windows\system32\eudcedit.exe
2009-07-05 15:14:29 ----A---- C:\Windows\system32\crypt32.dll
2009-07-05 15:14:29 ----A---- C:\Windows\explorer.exe
2009-07-05 15:14:28 ----A---- C:\Windows\system32\setupapi.dll
2009-07-05 15:14:28 ----A---- C:\Windows\system32\rpcss.dll
2009-07-05 15:14:28 ----A---- C:\Windows\system32\mspbde40.dll
2009-07-05 15:14:28 ----A---- C:\Windows\system32\d3d9.dll
2009-07-05 15:14:27 ----A---- C:\Windows\system32\shlwapi.dll
2009-07-05 15:14:27 ----A---- C:\Windows\system32\msrd3x40.dll
2009-07-05 15:14:27 ----A---- C:\Windows\system32\msltus40.dll
2009-07-05 15:14:27 ----A---- C:\Windows\system32\mfc42.dll
2009-07-05 15:14:27 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-07-05 15:14:27 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-07-05 15:14:27 ----A---- C:\Windows\system32\davclnt.dll
2009-07-05 15:14:26 ----A---- C:\Windows\system32\wevtapi.dll
2009-07-05 15:14:26 ----A---- C:\Windows\system32\photowiz.dll
2009-07-05 15:14:26 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-05 15:14:26 ----A---- C:\Windows\system32\msdtctm.dll
2009-07-05 15:14:26 ----A---- C:\Windows\system32\browseui.dll
2009-07-05 15:14:24 ----A---- C:\Windows\system32\user32.dll
2009-07-05 15:14:24 ----A---- C:\Windows\system32\samsrv.dll
2009-07-05 15:14:24 ----A---- C:\Windows\system32\quartz.dll
2009-07-05 15:14:24 ----A---- C:\Windows\system32\ci.dll
2009-07-05 15:14:23 ----A---- C:\Windows\system32\win32spl.dll
2009-07-05 15:14:23 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-07-05 15:14:23 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-07-05 15:14:23 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-05 15:14:23 ----A---- C:\Windows\system32\oleaut32.dll
2009-07-05 15:14:23 ----A---- C:\Windows\system32\msv1_0.dll
2009-07-05 15:14:23 ----A---- C:\Windows\system32\kerberos.dll
2009-07-05 15:14:23 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-07-05 15:14:22 ----A---- C:\Windows\system32\winhttp.dll
2009-07-05 15:14:22 ----A---- C:\Windows\system32\netshell.dll
2009-07-05 15:14:22 ----A---- C:\Windows\system32\mswstr10.dll
2009-07-05 15:14:22 ----A---- C:\Windows\system32\compcln.exe
2009-07-05 15:14:22 ----A---- C:\Windows\system32\apds.dll
2009-07-05 15:14:21 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-05 15:14:21 ----A---- C:\Windows\system32\msctf.dll
2009-07-05 15:14:21 ----A---- C:\Windows\system32\emdmgmt.dll
2009-07-05 15:14:21 ----A---- C:\Windows\system32\audiosrv.dll
2009-07-05 15:14:20 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-07-05 15:14:20 ----A---- C:\Windows\system32\msvcrt.dll
2009-07-05 15:14:20 ----A---- C:\Windows\system32\gdi32.dll
2009-07-05 15:14:19 ----A---- C:\Windows\system32\VSSVC.exe
2009-07-05 15:14:17 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-07-05 15:14:15 ----A---- C:\Windows\system32\SLUI.exe
2009-07-05 15:14:15 ----A---- C:\Windows\system32\msrd2x40.dll
2009-07-05 15:14:15 ----A---- C:\Windows\system32\mfc42u.dll
2009-07-05 15:14:15 ----A---- C:\Windows\system32\eapphost.dll
2009-07-05 15:14:14 ----A---- C:\Windows\system32\wbengine.exe
2009-07-05 15:14:14 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-07-05 15:14:13 ----A---- C:\Windows\system32\winresume.exe
2009-07-05 15:14:13 ----A---- C:\Windows\system32\propdefs.dll
2009-07-05 15:14:13 ----A---- C:\Windows\system32\odbc32.dll
2009-07-05 15:14:12 ----A---- C:\Windows\system32\wevtutil.exe
2009-07-05 15:14:12 ----A---- C:\Windows\system32\shdocvw.dll
2009-07-05 15:14:12 ----A---- C:\Windows\system32\dbgeng.dll
2009-07-05 15:14:11 ----A---- C:\Windows\system32\WsmSvc.dll
2009-07-05 15:14:11 ----A---- C:\Windows\system32\swprv.dll
2009-07-05 15:14:11 ----A---- C:\Windows\system32\mssitlb.dll
2009-07-05 15:14:10 ----A---- C:\Windows\system32\usp10.dll
2009-07-05 15:14:10 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-07-05 15:14:09 ----A---- C:\Windows\system32\vds.exe
2009-07-05 15:14:09 ----A---- C:\Windows\system32\drvinst.exe
2009-07-05 15:14:08 ----A---- C:\Windows\system32\WFS.exe
2009-07-05 15:14:08 ----A---- C:\Windows\system32\schannel.dll
2009-07-05 15:14:08 ----A---- C:\Windows\system32\netlogon.dll
2009-07-05 15:14:08 ----A---- C:\Windows\system32\msscb.dll
2009-07-05 15:14:08 ----A---- C:\Windows\system32\msctfp.dll
2009-07-05 15:14:08 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-07-05 15:14:08 ----A---- C:\Windows\system32\evr.dll
2009-07-05 15:14:08 ----A---- C:\Windows\system32\devmgr.dll
2009-07-05 15:14:08 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-07-05 15:14:08 ----A---- C:\Windows\system32\BFE.DLL
2009-07-05 15:14:08 ----A---- C:\Windows\system32\adsldpc.dll
2009-07-05 15:14:07 ----A---- C:\Windows\system32\WSDApi.dll
2009-07-05 15:14:07 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-07-05 15:14:07 ----A---- C:\Windows\system32\Wldap32.dll
2009-07-05 15:14:07 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-05 15:14:07 ----A---- C:\Windows\system32\wcnwiz.dll
2009-07-05 15:14:07 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-05 15:14:06 ----A---- C:\Windows\system32\wercon.exe
2009-07-05 15:14:06 ----A---- C:\Windows\system32\wcncsvc.dll
2009-07-05 15:14:06 ----A---- C:\Windows\system32\services.exe
2009-07-05 15:14:06 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-05 15:14:06 ----A---- C:\Windows\system32\comdlg32.dll
2009-07-05 15:14:06 ----A---- C:\Windows\system32\adtschema.dll
2009-07-05 15:14:05 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-05 15:14:05 ----A---- C:\Windows\system32\mswdat10.dll
2009-07-05 15:14:05 ----A---- C:\Windows\system32\msjter40.dll
2009-07-05 15:14:05 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-05 15:14:05 ----A---- C:\Windows\system32\msdrm.dll
2009-07-05 15:14:05 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-07-05 15:14:05 ----A---- C:\Windows\system32\certcli.dll
2009-07-05 15:14:04 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-05 15:14:04 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-07-05 15:14:04 ----A---- C:\Windows\system32\taskeng.exe
2009-07-05 15:14:04 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-05 15:14:04 ----A---- C:\Windows\system32\reg.exe
2009-07-05 15:14:04 ----A---- C:\Windows\system32\dnsapi.dll
2009-07-05 15:14:04 ----A---- C:\Windows\system32\certutil.exe
2009-07-05 15:14:03 ----A---- C:\Windows\system32\w32time.dll
2009-07-05 15:14:03 ----A---- C:\Windows\system32\msshooks.dll
2009-07-05 15:14:03 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-05 15:14:03 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-05 15:14:03 ----A---- C:\Windows\system32\bcrypt.dll
2009-07-05 15:14:02 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-07-05 15:14:02 ----A---- C:\Windows\system32\rsaenh.dll
2009-07-05 15:14:02 ----A---- C:\Windows\system32\msstrc.dll
2009-07-05 15:14:02 ----A---- C:\Windows\system32\msihnd.dll
2009-07-05 15:14:02 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-07-05 15:14:02 ----A---- C:\Windows\system32\bthserv.dll
2009-07-05 15:14:01 ----A---- C:\Windows\system32\scrptadm.dll
2009-07-05 15:14:01 ----A---- C:\Windows\system32\netapi32.dll
2009-07-05 15:14:01 ----A---- C:\Windows\system32\mtxclu.dll
2009-07-05 15:14:01 ----A---- C:\Windows\system32\mscories.dll
2009-07-05 15:14:01 ----A---- C:\Windows\system32\inetpp.dll
2009-07-05 15:14:01 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-05 15:14:01 ----A---- C:\Windows\system32\hidserv.dll
2009-07-05 15:14:01 ----A---- C:\Windows\system32\fundisc.dll
2009-07-05 15:14:01 ----A---- C:\Windows\system32\dfshim.dll
2009-07-05 15:14:01 ----A---- C:\Windows\system32\cryptsvc.dll
2009-07-05 15:14:00 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-07-05 15:14:00 ----A---- C:\Windows\system32\termsrv.dll
2009-07-05 15:14:00 ----A---- C:\Windows\system32\profsvc.dll
2009-07-05 15:14:00 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-07-05 15:13:59 ----A---- C:\Windows\system32\shsvcs.dll
2009-07-05 15:13:59 ----A---- C:\Windows\system32\msiexec.exe
2009-07-05 15:13:59 ----A---- C:\Windows\system32\imapi.dll
2009-07-05 15:13:59 ----A---- C:\Windows\system32\gameux.dll
2009-07-05 15:13:58 ----A---- C:\Windows\system32\wdc.dll
2009-07-05 15:13:58 ----A---- C:\Windows\system32\iassdo.dll
2009-07-05 15:13:58 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-05 15:13:57 ----A---- C:\Windows\system32\spoolsv.exe
2009-07-05 15:13:57 ----A---- C:\Windows\system32\rasmans.dll
2009-07-05 15:13:57 ----A---- C:\Windows\system32\pnidui.dll
2009-07-05 15:13:57 ----A---- C:\Windows\system32\icardres.dll
2009-07-05 15:13:57 ----A---- C:\Windows\system32\autofmt.exe
2009-07-05 15:13:56 ----A---- C:\Windows\system32\wersvc.dll
2009-07-05 15:13:56 ----A---- C:\Windows\system32\scrrun.dll
2009-07-05 15:13:56 ----A---- C:\Windows\system32\PSHED.DLL
2009-07-05 15:13:55 ----A---- C:\Windows\system32\slmgr.vbs
2009-07-05 15:13:55 ----A---- C:\Windows\system32\pdh.dll
2009-07-05 15:13:55 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-07-05 15:13:55 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-07-05 15:13:55 ----A---- C:\Windows\system32\azroles.dll
2009-07-05 15:13:54 ----A---- C:\Windows\system32\wmpmde.dll
2009-07-05 15:13:54 ----A---- C:\Windows\system32\pidgenx.dll
2009-07-05 15:13:53 ----A---- C:\Windows\system32\winlogon.exe
2009-07-05 15:13:53 ----A---- C:\Windows\system32\SyncCenter.dll
2009-07-05 15:13:53 ----A---- C:\Windows\system32\SLUINotify.dll
2009-07-05 15:13:53 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-07-05 15:13:53 ----A---- C:\Windows\system32\comuid.dll
2009-07-05 15:13:52 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-05 15:13:52 ----A---- C:\Windows\system32\untfs.dll
2009-07-05 15:13:52 ----A---- C:\Windows\system32\spp.dll
2009-07-05 15:13:52 ----A---- C:\Windows\system32\sethc.exe
2009-07-05 15:13:52 ----A---- C:\Windows\system32\scrobj.dll
2009-07-05 15:13:52 ----A---- C:\Windows\system32\rtutils.dll
2009-07-05 15:13:52 ----A---- C:\Windows\system32\ncrypt.dll
2009-07-05 15:13:52 ----A---- C:\Windows\system32\kd1394.dll
2009-07-05 15:13:52 ----A---- C:\Windows\system32\iassam.dll
2009-07-05 15:13:52 ----A---- C:\Windows\system32\certmgr.dll
2009-07-05 15:13:51 ----A---- C:\Windows\system32\wisptis.exe
2009-07-05 15:13:51 ----A---- C:\Windows\system32\taskcomp.dll
2009-07-05 15:13:51 ----A---- C:\Windows\system32\dwm.exe
2009-07-05 15:13:51 ----A---- C:\Windows\system32\cscui.dll
2009-07-05 15:13:51 ----A---- C:\Windows\system32\autochk.exe
2009-07-05 15:13:50 ----A---- C:\Windows\system32\winsrv.dll
2009-07-05 15:13:50 ----A---- C:\Windows\system32\printui.dll
2009-07-05 15:13:50 ----A---- C:\Windows\system32\iasnap.dll
2009-07-05 15:13:50 ----A---- C:\Windows\system32\autoconv.exe
2009-07-05 15:13:49 ----A---- C:\Windows\system32\wow32.dll
2009-07-05 15:13:49 ----A---- C:\Windows\system32\userenv.dll
2009-07-05 15:13:49 ----A---- C:\Windows\system32\osk.exe
2009-07-05 15:13:49 ----A---- C:\Windows\system32\onex.dll
2009-07-05 15:13:49 ----A---- C:\Windows\system32\mswsock.dll
2009-07-05 15:13:49 ----A---- C:\Windows\system32\kdcom.dll
2009-07-05 15:13:49 ----A---- C:\Windows\system32\cscript.exe
2009-07-05 15:13:49 ----A---- C:\Windows\system32\basecsp.dll
2009-07-05 15:13:49 ----A---- C:\Windows\system32\audiodg.exe
2009-07-05 15:13:48 ----A---- C:\Windows\system32\RelMon.dll
2009-07-05 15:13:48 ----A---- C:\Windows\system32\kdusb.dll
2009-07-05 15:13:47 ----A---- C:\Windows\system32\WinSCard.dll
2009-07-05 15:13:47 ----A---- C:\Windows\system32\winmm.dll
2009-07-05 15:13:47 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-07-05 15:13:47 ----A---- C:\Windows\system32\spcmsg.dll
2009-07-05 15:13:47 ----A---- C:\Windows\system32\rdpencom.dll
2009-07-05 15:13:47 ----A---- C:\Windows\system32\offfilt.dll
2009-07-05 15:13:47 ----A---- C:\Windows\system32\msftedit.dll
2009-07-05 15:13:47 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-07-05 15:13:46 ----A---- C:\Windows\system32\Utilman.exe
2009-07-05 15:13:45 ----A---- C:\Windows\system32\wsepno.dll
2009-07-05 15:13:45 ----A---- C:\Windows\system32\WerFault.exe
2009-07-05 15:13:45 ----A---- C:\Windows\system32\stobject.dll
2009-07-05 15:13:45 ----A---- C:\Windows\system32\SndVol.exe
2009-07-05 15:13:45 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-07-05 15:13:45 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-07-05 15:13:45 ----A---- C:\Windows\system32\mfplat.dll
2009-07-05 15:13:45 ----A---- C:\Windows\system32\mcmde.dll
2009-07-05 15:13:45 ----A---- C:\Windows\system32\diskraid.exe
2009-07-05 15:13:45 ----A---- C:\Windows\system32\apphelp.dll
2009-07-05 15:13:44 ----A---- C:\Windows\system32\wscript.exe
2009-07-05 15:13:44 ----A---- C:\Windows\system32\wiaservc.dll
2009-07-05 15:13:44 ----A---- C:\Windows\system32\sysclass.dll
2009-07-05 15:13:44 ----A---- C:\Windows\system32\secur32.dll
2009-07-05 15:13:44 ----A---- C:\Windows\system32\prnntfy.dll
2009-07-05 15:13:44 ----A---- C:\Windows\system32\odbccp32.dll
2009-07-05 15:13:44 ----A---- C:\Windows\system32\msnetobj.dll
2009-07-05 15:13:44 ----A---- C:\Windows\system32\mscms.dll
2009-07-05 15:13:44 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-05 15:13:44 ----A---- C:\Windows\system32\adsmsext.dll
2009-07-05 15:13:43 ----A---- C:\Windows\system32\ulib.dll
2009-07-05 15:13:43 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-07-05 15:13:43 ----A---- C:\Windows\system32\dsound.dll
2009-07-05 15:13:43 ----A---- C:\Windows\system32\cryptui.dll
2009-07-05 15:13:42 ----A---- C:\Windows\system32\wscntfy.dll
2009-07-05 15:13:42 ----A---- C:\Windows\system32\wlansvc.dll
2009-07-05 15:13:42 ----A---- C:\Windows\system32\wlangpui.dll
2009-07-05 15:13:42 ----A---- C:\Windows\system32\rastapi.dll
2009-07-05 15:13:42 ----A---- C:\Windows\system32\pnpsetup.dll
2009-07-05 15:13:42 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-07-05 15:13:42 ----A---- C:\Windows\system32\fdProxy.dll
2009-07-05 15:13:42 ----A---- C:\Windows\system32\diskpart.exe
2009-07-05 15:13:42 ----A---- C:\Windows\system32\brcpl.dll
2009-07-05 15:13:41 ----A---- C:\Windows\system32\wscsvc.dll
2009-07-05 15:13:41 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-07-05 15:13:41 ----A---- C:\Windows\system32\vdsdyn.dll
2009-07-05 15:13:41 ----A---- C:\Windows\system32\regsvc.dll
2009-07-05 15:13:41 ----A---- C:\Windows\system32\rastls.dll
2009-07-05 15:13:41 ----A---- C:\Windows\system32\rasapi32.dll
2009-07-05 15:13:41 ----A---- C:\Windows\system32\ntprint.dll
2009-07-05 15:13:41 ----A---- C:\Windows\system32\netiohlp.dll
2009-07-05 15:13:41 ----A---- C:\Windows\system32\logman.exe
2009-07-05 15:13:41 ----A---- C:\Windows\system32\iashlpr.dll
2009-07-05 15:13:41 ----A---- C:\Windows\system32\gpapi.dll
2009-07-05 15:13:40 ----A---- C:\Windows\system32\zipfldr.dll
2009-07-05 15:13:40 ----A---- C:\Windows\system32\wusa.exe
2009-07-05 15:13:40 ----A---- C:\Windows\system32\wshext.dll
2009-07-05 15:13:40 ----A---- C:\Windows\system32\wpccpl.dll
2009-07-05 15:13:40 ----A---- C:\Windows\system32\netcenter.dll
2009-07-05 15:13:40 ----A---- C:\Windows\system32\mscorier.dll
2009-07-05 15:13:40 ----A---- C:\Windows\system32\iasrad.dll
2009-07-05 15:13:40 ----A---- C:\Windows\system32\findstr.exe
2009-07-05 15:13:39 ----A---- C:\Windows\system32\wsnmp32.dll
2009-07-05 15:13:39 ----A---- C:\Windows\system32\wer.dll
2009-07-05 15:13:39 ----A---- C:\Windows\system32\rasdlg.dll
2009-07-05 15:13:39 ----A---- C:\Windows\system32\iassvcs.dll
2009-07-05 15:13:38 ----A---- C:\Windows\system32\themecpl.dll
2009-07-05 15:13:37 ----A---- C:\Windows\system32\uxsms.dll
2009-07-05 15:13:37 ----A---- C:\Windows\system32\tsbyuv.dll
2009-07-05 15:13:37 ----A---- C:\Windows\system32\srvsvc.dll
2009-07-05 15:13:37 ----A---- C:\Windows\system32\ntmarta.dll
2009-07-05 15:13:37 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-05 15:13:36 ----A---- C:\Windows\system32\slcc.dll
2009-07-05 15:13:36 ----A---- C:\Windows\system32\scansetting.dll
2009-07-05 15:13:36 ----A---- C:\Windows\system32\powrprof.dll
2009-07-05 15:13:36 ----A---- C:\Windows\system32\msutb.dll
2009-07-05 15:13:36 ----A---- C:\Windows\system32\mstsc.exe
2009-07-05 15:13:36 ----A---- C:\Windows\system32\mstlsapi.dll
2009-07-05 15:13:36 ----A---- C:\Windows\system32\iasads.dll
2009-07-05 15:13:35 ----A---- C:\Windows\system32\umrdp.dll
2009-07-05 15:13:35 ----A---- C:\Windows\system32\powercpl.dll
2009-07-05 15:13:35 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-07-05 15:13:35 ----A---- C:\Windows\system32\newdev.exe
2009-07-05 15:13:35 ----A---- C:\Windows\system32\networkmap.dll
2009-07-05 15:13:35 ----A---- C:\Windows\system32\iasacct.dll
2009-07-05 15:13:35 ----A---- C:\Windows\system32\authz.dll
2009-07-05 15:13:34 ----A---- C:\Windows\system32\wlanhlp.dll
2009-07-05 15:13:34 ----A---- C:\Windows\system32\sud.dll
2009-07-05 15:13:34 ----A---- C:\Windows\system32\fveui.dll
2009-07-05 15:13:34 ----A---- C:\Windows\system32\dot3svc.dll
2009-07-05 15:13:34 ----A---- C:\Windows\system32\connect.dll
2009-07-05 15:13:33 ----A---- C:\Windows\system32\themeui.dll
2009-07-05 15:13:33 ----A---- C:\Windows\system32\systemcpl.dll
2009-07-05 15:13:33 ----A---- C:\Windows\system32\samlib.dll
2009-07-05 15:13:33 ----A---- C:\Windows\system32\pcaui.dll
2009-07-05 15:13:33 ----A---- C:\Windows\system32\mmci.dll
2009-07-05 15:13:33 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-07-05 15:13:32 ----A---- C:\Windows\system32\wlanpref.dll
2009-07-05 15:13:32 ----A---- C:\Windows\system32\usercpl.dll
2009-07-05 15:13:32 ----A---- C:\Windows\system32\rpchttp.dll
2009-07-05 15:13:32 ----A---- C:\Windows\system32\qdvd.dll
2009-07-05 15:13:32 ----A---- C:\Windows\system32\brcplsiw.dll
2009-07-05 15:13:32 ----A---- C:\Windows\system32\autoplay.dll
2009-07-05 15:13:31 ----A---- C:\Windows\system32\wpcao.dll
2009-07-05 15:13:31 ----A---- C:\Windows\system32\vdsutil.dll
2009-07-05 15:13:31 ----A---- C:\Windows\system32\tapisrv.dll
2009-07-05 15:13:31 ----A---- C:\Windows\system32\scksp.dll
2009-07-05 15:13:31 ----A---- C:\Windows\system32\regapi.dll
2009-07-05 15:13:31 ----A---- C:\Windows\system32\msinfo32.exe
2009-07-05 15:13:31 ----A---- C:\Windows\system32\fvecpl.dll
2009-07-05 15:13:31 ----A---- C:\Windows\system32\feclient.dll
2009-07-05 15:13:31 ----A---- C:\Windows\system32\cscobj.dll
2009-07-05 15:13:30 ----A---- C:\Windows\system32\wscisvif.dll
2009-07-05 15:13:30 ----A---- C:\Windows\system32\WindowsUltimateExtrasCPL.dll
2009-07-05 15:13:30 ----A---- C:\Windows\system32\scesrv.dll
2009-07-05 15:13:30 ----A---- C:\Windows\system32\rekeywiz.exe
2009-07-05 15:13:30 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-05 15:13:30 ----A---- C:\Windows\system32\oleprn.dll
2009-07-05 15:13:30 ----A---- C:\Windows\system32\mpr.dll
2009-07-05 15:13:30 ----A---- C:\Windows\system32\imm32.dll
2009-07-05 15:13:30 ----A---- C:\Windows\system32\iaspolcy.dll
2009-07-05 15:13:30 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-05 15:13:30 ----A---- C:\Windows\system32\dot3msm.dll
2009-07-05 15:13:30 ----A---- C:\Windows\system32\DeviceEject.exe
2009-07-05 15:13:30 ----A---- C:\Windows\system32\AudioSes.dll
2009-07-05 15:13:29 ----A---- C:\Windows\system32\sdclt.exe
2009-07-05 15:13:29 ----A---- C:\Windows\system32\scecli.dll
2009-07-05 15:13:29 ----A---- C:\Windows\system32\rasgcw.dll
2009-07-05 15:13:29 ----A---- C:\Windows\system32\qedit.dll
2009-07-05 15:13:29 ----A---- C:\Windows\system32\pnpui.dll
2009-07-05 15:13:29 ----A---- C:\Windows\system32\perfdisk.dll
2009-07-05 15:13:29 ----A---- C:\Windows\system32\ncryptui.dll
2009-07-05 15:13:29 ----A---- C:\Windows\system32\hdwwiz.exe
2009-07-05 15:13:29 ----A---- C:\Windows\system32\dpapimig.exe
2009-07-05 15:13:29 ----A---- C:\Windows\system32\certreq.exe
2009-07-05 15:13:28 ----A---- C:\Windows\system32\TSTheme.exe
2009-07-05 15:13:28 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-07-05 15:13:28 ----A---- C:\Windows\system32\spwinsat.dll
2009-07-05 15:13:28 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-07-05 15:13:28 ----A---- C:\Windows\system32\rasplap.dll
2009-07-05 15:13:28 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-07-05 15:13:27 ----A---- C:\Windows\system32\whealogr.dll
2009-07-05 15:13:27 ----A---- C:\Windows\system32\tcpmon.dll
2009-07-05 15:13:27 ----A---- C:\Windows\system32\srcore.dll
2009-07-05 15:13:27 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-07-05 15:13:27 ----A---- C:\Windows\system32\fdWSD.dll
2009-07-05 15:13:27 ----A---- C:\Windows\system32\cmmon32.exe
2009-07-05 15:13:27 ----A---- C:\Windows\system32\cmdial32.dll
2009-07-05 15:13:26 ----A---- C:\Windows\system32\wiaaut.dll
2009-07-05 15:13:26 ----A---- C:\Windows\system32\SnippingTool.exe
2009-07-05 15:13:26 ----A---- C:\Windows\system32\SCardSvr.dll
2009-07-05 15:13:26 ----A---- C:\Windows\system32\raschap.dll
2009-07-05 15:13:26 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-07-05 15:13:26 ----A---- C:\Windows\system32\fontext.dll
2009-07-05 15:13:26 ----A---- C:\Windows\system32\conime.exe
2009-07-05 15:13:25 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-07-05 15:13:25 ----A---- C:\Windows\system32\wlanui.dll
2009-07-05 15:13:25 ----A---- C:\Windows\system32\rasppp.dll
2009-07-05 15:13:25 ----A---- C:\Windows\system32\PnPutil.exe
2009-07-05 15:13:25 ----A---- C:\Windows\system32\dsprop.dll
2009-07-05 15:13:23 ----A---- C:\Windows\system32\wlanmsm.dll
2009-07-05 15:13:23 ----A---- C:\Windows\system32\shwebsvc.dll
2009-07-05 15:13:23 ----A---- C:\Windows\system32\dimsroam.dll
2009-07-05 15:13:22 ----A---- C:\Windows\system32\shsetup.dll
2009-07-05 15:13:22 ----A---- C:\Windows\system32\rasmontr.dll
2009-07-05 15:13:22 ----A---- C:\Windows\system32\oobefldr.dll
2009-07-05 15:13:22 ----A---- C:\Windows\system32\modemui.dll
2009-07-05 15:13:21 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-07-05 15:13:21 ----A---- C:\Windows\system32\mscandui.dll
2009-07-05 15:13:21 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-05 15:13:21 ----A---- C:\Windows\system32\dataclen.dll
2009-07-05 15:13:20 ----A---- C:\Windows\system32\WSDMon.dll
2009-07-05 15:13:20 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-05 15:13:20 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-07-05 15:13:20 ----A---- C:\Windows\system32\tscfgwmi.dll
2009-07-05 15:13:20 ----A---- C:\Windows\system32\smss.exe
2009-07-05 15:13:20 ----A---- C:\Windows\system32\rdpwsx.dll
2009-07-05 15:13:20 ----A---- C:\Windows\system32\netplwiz.dll
2009-07-05 15:13:20 ----A---- C:\Windows\system32\CscMig.dll
2009-07-05 15:13:20 ----A---- C:\Windows\system32\credui.dll
2009-07-05 15:13:20 ----A---- C:\Windows\system32\blackbox.dll
2009-07-05 15:13:20 ----A---- C:\Windows\system32\appmgmts.dll
2009-07-05 15:13:19 ----A---- C:\Windows\system32\wpcsvc.dll
2009-07-05 15:13:19 ----A---- C:\Windows\system32\networkexplorer.dll
2009-07-05 15:13:19 ----A---- C:\Windows\system32\msscp.dll
2009-07-05 15:13:19 ----A---- C:\Windows\system32\logagent.exe
2009-07-05 15:13:19 ----A---- C:\Windows\system32\ifmon.dll
2009-07-05 15:13:19 ----A---- C:\Windows\system32\cipher.exe
2009-07-05 15:13:19 ----A---- C:\Windows\system32\certprop.dll
2009-07-05 15:13:18 ----A---- C:\Windows\system32\wscapi.dll
2009-07-05 15:13:18 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-05 15:13:18 ----A---- C:\Windows\system32\msimtf.dll
2009-07-05 15:13:18 ----A---- C:\Windows\system32\InkEd.dll
2009-07-05 15:13:18 ----A---- C:\Windows\system32\gpresult.exe
2009-07-05 15:13:17 ----A---- C:\Windows\system32\softkbd.dll
2009-07-05 15:13:17 ----A---- C:\Windows\system32\sendmail.dll
2009-07-05 15:13:16 ----A---- C:\Windows\system32\rdpclip.exe
2009-07-05 15:13:16 ----A---- C:\Windows\system32\olepro32.dll
2009-07-05 15:13:16 ----A---- C:\Windows\system32\msctfui.dll
2009-07-05 15:13:16 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-07-05 15:13:16 ----A---- C:\Windows\system32\dmsynth.dll
2009-07-05 15:13:16 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-05 15:13:15 ----A---- C:\Windows\system32\wshbth.dll
2009-07-05 15:13:15 ----A---- C:\Windows\system32\version.dll
2009-07-05 15:13:15 ----A---- C:\Windows\system32\SLLUA.exe
2009-07-05 15:13:15 ----A---- C:\Windows\system32\puiapi.dll
2009-07-05 15:13:15 ----A---- C:\Windows\system32\mprapi.dll
2009-07-05 15:13:15 ----A---- C:\Windows\system32\input.dll
2009-07-05 15:13:15 ----A---- C:\Windows\system32\gpprnext.dll
2009-07-05 15:13:15 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-07-05 15:13:15 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-07-05 15:13:15 ----A---- C:\Windows\system32\cdd.dll
2009-07-05 15:13:14 ----A---- C:\Windows\system32\msisip.dll
2009-07-05 15:13:14 ----A---- C:\Windows\system32\fdSSDP.dll
2009-07-05 15:13:14 ----A---- C:\Windows\system32\fc.exe
2009-07-05 15:13:14 ----A---- C:\Windows\system32\dmusic.dll
2009-07-05 15:13:13 ----A---- C:\Windows\system32\rdpendp.dll
2009-07-05 15:13:13 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-05 15:13:13 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-07-05 15:13:13 ----A---- C:\Windows\system32\msjint40.dll
2009-07-05 15:13:13 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-07-05 15:13:13 ----A---- C:\Windows\system32\l2nacp.dll
2009-07-05 15:13:13 ----A---- C:\Windows\system32\ftp.exe
2009-07-05 15:13:13 ----A---- C:\Windows\system32\eapp3hst.dll
2009-07-05 15:13:13 ----A---- C:\Windows\system32\cscdll.dll
2009-07-05 15:13:13 ----A---- C:\Windows\system32\cscapi.dll
2009-07-05 15:13:12 ----A---- C:\Windows\system32\wsdchngr.dll
2009-07-05 15:13:12 ----A---- C:\Windows\system32\Storprop.dll
2009-07-05 15:13:12 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-07-05 15:13:12 ----A---- C:\Windows\system32\rrinstaller.exe
2009-07-05 15:13:12 ----A---- C:\Windows\system32\rasdial.exe
2009-07-05 15:13:12 ----A---- C:\Windows\system32\rasdiag.dll
2009-07-05 15:13:12 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-07-05 15:13:12 ----A---- C:\Windows\system32\gpscript.exe
2009-07-05 15:13:12 ----A---- C:\Windows\system32\fdWCN.dll
2009-07-05 15:13:12 ----A---- C:\Windows\system32\dot3cfg.dll
2009-07-05 15:13:12 ----A---- C:\Windows\system32\bthudtask.exe
2009-07-05 15:13:12 ----A---- C:\Windows\system32\bthci.dll
2009-07-05 15:13:11 ----A---- C:\Windows\system32\tscupgrd.exe
2009-07-05 15:13:11 ----A---- C:\Windows\system32\slcinst.dll
2009-07-05 15:13:11 ----A---- C:\Windows\system32\PrintBrmUi.exe
2009-07-05 15:13:11 ----A---- C:\Windows\system32\mfps.dll
2009-07-05 15:13:11 ----A---- C:\Windows\system32\ipconfig.exe
2009-07-05 15:13:11 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-07-05 15:13:11 ----A---- C:\Windows\system32\eappcfg.dll
2009-07-05 15:13:11 ----A---- C:\Windows\system32\aaclient.dll
2009-07-05 15:13:10 ----A---- C:\Windows\system32\ocsetup.exe
2009-07-05 15:13:10 ----A---- C:\Windows\system32\nslookup.exe
2009-07-05 15:13:10 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-07-05 15:13:10 ----A---- C:\Windows\system32\hbaapi.dll
2009-07-05 15:13:10 ----A---- C:\Windows\system32\gpscript.dll
2009-07-05 15:13:10 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-07-05 15:13:10 ----A---- C:\Windows\system32\fdeploy.dll
2009-07-05 15:13:10 ----A---- C:\Windows\system32\eappgnui.dll
2009-07-05 15:13:09 ----A---- C:\Windows\system32\tsgqec.dll
2009-07-05 15:13:09 ----A---- C:\Windows\system32\qprocess.exe
2009-07-05 15:13:09 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-07-05 15:13:09 ----A---- C:\Windows\system32\mmcico.dll
2009-07-05 15:13:09 ----A---- C:\Windows\system32\mfpmp.exe
2009-07-05 15:13:09 ----A---- C:\Windows\system32\chgport.exe
2009-07-05 15:13:08 ----A---- C:\Windows\system32\tscon.exe
2009-07-05 15:13:08 ----A---- C:\Windows\system32\logoff.exe
2009-07-05 15:13:08 ----A---- C:\Windows\system32\chgusr.exe
2009-07-05 15:13:08 ----A---- C:\Windows\system32\gpupdate.exe
2009-07-05 15:13:08 ----A---- C:\Windows\system32\csrstub.exe
2009-07-05 15:13:08 ----A---- C:\Windows\system32\cbsra.exe
2009-07-05 15:13:08 ----A---- C:\Windows\system32\atmlib.dll
2009-07-05 15:13:07 ----A---- C:\Windows\system32\tskill.exe
2009-07-05 15:13:07 ----A---- C:\Windows\system32\shadow.exe
2009-07-05 15:13:07 ----A---- C:\Windows\system32\rwinsta.exe
2009-07-05 15:13:07 ----A---- C:\Windows\system32\qappsrv.exe
2009-07-05 15:13:07 ----A---- C:\Windows\system32\NcdProp.dll
2009-07-05 15:13:07 ----A---- C:\Windows\system32\iscsilog.dll
2009-07-05 15:13:07 ----A---- C:\Windows\system32\chglogon.exe
2009-07-05 15:13:07 ----A---- C:\Windows\system32\bitsigd.dll
2009-07-05 15:13:06 ----A---- C:\Windows\system32\winrnr.dll
2009-07-05 15:13:06 ----A---- C:\Windows\system32\vdmdbg.dll
2009-07-05 15:13:06 ----A---- C:\Windows\system32\tsdiscon.exe
2009-07-05 15:13:06 ----A---- C:\Windows\system32\slwga.dll
2009-07-05 15:13:06 ----A---- C:\Windows\system32\reset.exe
2009-07-05 15:13:06 ----A---- C:\Windows\system32\query.exe
2009-07-05 15:13:06 ----A---- C:\Windows\system32\odbcconf.dll
2009-07-05 15:13:06 ----A---- C:\Windows\system32\inetppui.dll
2009-07-05 15:13:06 ----A---- C:\Windows\system32\change.exe
2009-07-05 15:13:05 ----A---- C:\Windows\system32\midimap.dll
2009-07-05 15:13:03 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-05 15:13:03 ----A---- C:\Windows\system32\spwmp.dll
2009-07-05 15:13:03 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-05 15:12:59 ----A---- C:\Windows\system32\msimsg.dll
2009-07-05 15:12:59 ----A---- C:\Windows\system32\mferror.dll
2009-07-05 15:12:59 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-07-05 15:12:16 ----A---- C:\Windows\system32\SmiEngine.dll
2009-07-05 15:12:01 ----A---- C:\Windows\system32\wdscore.dll
2009-07-05 15:12:01 ----A---- C:\Windows\system32\PkgMgr.exe
2009-07-05 15:11:22 ----A---- C:\Windows\system32\drvstore.dll
2009-07-02 20:55:52 ----A---- C:\Windows\system32\xfcodec.dll
2009-06-21 17:26:10 ----D---- C:\Users\doma\AppData\Roaming\Ubisoft
2009-06-21 15:12:22 ----D---- C:\Program Files\Common Files\Steam
2009-06-20 15:08:10 ----D---- C:\ProgramData\TrackMania
2009-06-19 19:23:18 ----D---- C:\Users\doma\AppData\Roaming\PSpad

[Scary]

======List of files/folders modified in the last 1 months======

2009-07-16 17:50:23 ----D---- C:\Windows\Temp
2009-07-16 17:49:42 ----D---- C:\Users\doma\AppData\Roaming\uTorrent
2009-07-16 17:44:55 ----D---- C:\Users\doma\AppData\Roaming\Xfire
2009-07-16 17:44:52 ----D---- C:\Users\doma\AppData\Roaming\Skype
2009-07-16 16:48:21 ----D---- C:\Windows\Prefetch
2009-07-16 16:35:48 ----D---- C:\Users\doma\AppData\Roaming\skypePM
2009-07-16 16:00:28 ----D---- C:\Windows\system32\drivers
2009-07-16 16:00:26 ----HD---- C:\ProgramData
2009-07-16 16:00:26 ----D---- C:\Programy
2009-07-16 15:53:33 ----D---- C:\Windows\System32
2009-07-16 15:53:33 ----D---- C:\Windows\inf
2009-07-16 15:53:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-16 11:18:45 ----D---- C:\ProgramData\Xfire
2009-07-16 10:23:29 ----SHD---- C:\System Volume Information
2009-07-15 22:22:19 ----D---- C:\Windows\system32\WDI
2009-07-15 12:52:47 ----HD---- C:\$AVG8.VAULT$
2009-07-15 11:13:14 ----D---- C:\Windows\winsxs
2009-07-15 10:28:26 ----D---- C:\Windows\system32\catroot
2009-07-15 10:28:22 ----D---- C:\Program Files\Windows Mail
2009-07-15 10:28:19 ----SHD---- C:\Windows\Installer
2009-07-15 10:28:12 ----D---- C:\ProgramData\Microsoft Help
2009-07-15 10:27:36 ----D---- C:\Windows\system32\catroot2
2009-07-14 12:13:24 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-07-12 21:44:41 ----D---- C:\Users\doma\AppData\Roaming\teamspeak2
2009-07-12 13:04:40 ----D---- C:\Users\doma\AppData\Roaming\dvdcss
2009-07-12 11:39:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 11:38:51 ----RSD---- C:\Windows\assembly
2009-07-12 11:26:04 ----D---- C:\Hry
2009-07-10 18:47:59 ----D---- C:\Users\doma\AppData\Roaming\mIRC
2009-07-09 09:45:05 ----RD---- C:\Program Files
2009-07-09 09:44:34 ----SD---- C:\Users\doma\AppData\Roaming\Microsoft
2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe
2009-07-06 21:47:56 ----D---- C:\ProgramData\Test Drive Unlimited
2009-07-06 17:58:32 ----D---- C:\Program Files\Common Files
2009-07-06 17:58:18 ----SD---- C:\ProgramData\Microsoft
2009-07-06 17:47:48 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-05 17:00:36 ----D---- C:\Windows\Microsoft.NET
2009-07-05 16:05:03 ----D---- C:\Windows\rescache
2009-07-05 15:53:41 ----D---- C:\ProgramData\NVIDIA
2009-07-05 15:51:48 ----D---- C:\Windows
2009-07-05 15:51:43 ----SHD---- C:\Boot
2009-07-05 15:44:51 ----D---- C:\Program Files\Windows Calendar
2009-07-05 15:44:51 ----D---- C:\Program Files\Movie Maker
2009-07-05 15:44:49 ----D---- C:\Program Files\Windows Sidebar
2009-07-05 15:44:49 ----D---- C:\Program Files\Windows Media Player
2009-07-05 15:44:49 ----D---- C:\Program Files\Windows Journal
2009-07-05 15:44:49 ----D---- C:\Program Files\Windows Collaboration
2009-07-05 15:44:49 ----D---- C:\Program Files\Internet Explorer
2009-07-05 15:44:47 ----D---- C:\Program Files\Windows Photo Gallery
2009-07-05 15:44:47 ----D---- C:\Program Files\Common Files\System
2009-07-05 15:44:42 ----D---- C:\Program Files\Windows Defender
2009-07-05 15:44:41 ----D---- C:\Windows\servicing
2009-07-05 15:44:41 ----D---- C:\Windows\ehome
2009-07-05 15:44:15 ----D---- C:\Windows\PolicyDefinitions
2009-07-05 15:44:15 ----D---- C:\Windows\IME
2009-07-05 15:44:14 ----D---- C:\Windows\system32\XPSViewer
2009-07-05 15:44:14 ----D---- C:\Windows\system32\sk-SK
2009-07-05 15:44:14 ----D---- C:\Windows\system32\lv-LV
2009-07-05 15:44:14 ----D---- C:\Windows\system32\ko-KR
2009-07-05 15:44:14 ----D---- C:\Windows\system32\hr-HR
2009-07-05 15:44:14 ----D---- C:\Windows\system32\et-EE
2009-07-05 15:44:14 ----D---- C:\Windows\system32\en-US
2009-07-05 15:44:14 ----D---- C:\Windows\system32\da-DK
2009-07-05 15:44:13 ----D---- C:\Windows\system32\oobe
2009-07-05 15:44:13 ----D---- C:\Windows\system32\migration
2009-07-05 15:44:13 ----D---- C:\Windows\system32\it-IT
2009-07-05 15:44:13 ----D---- C:\Windows\system32\el-GR
2009-07-05 15:44:13 ----D---- C:\Windows\system32\de-DE
2009-07-05 15:44:09 ----D---- C:\Windows\system32\AdvancedInstallers
2009-07-05 15:44:08 ----D---- C:\Windows\system32\sv-SE
2009-07-05 15:44:08 ----D---- C:\Windows\system32\setup
2009-07-05 15:44:08 ----D---- C:\Windows\system32\ru-RU
2009-07-05 15:44:08 ----D---- C:\Windows\system32\he-IL
2009-07-05 15:44:08 ----D---- C:\Windows\system32\fr-FR
2009-07-05 15:44:07 ----D---- C:\Windows\system32\SLUI
2009-07-05 15:44:07 ----D---- C:\Windows\system32\pt-PT
2009-07-05 15:44:07 ----D---- C:\Windows\system32\hu-HU
2009-07-05 15:44:07 ----D---- C:\Windows\system32\fi-FI
2009-07-05 15:44:07 ----D---- C:\Windows\system32\cs-CZ
2009-07-05 15:44:07 ----D---- C:\Windows\system32\cs
2009-07-05 15:44:06 ----D---- C:\Windows\system32\zh-TW
2009-07-05 15:44:06 ----D---- C:\Windows\system32\zh-CN
2009-07-05 15:44:06 ----D---- C:\Windows\system32\uk-UA
2009-07-05 15:44:06 ----D---- C:\Windows\system32\th-TH
2009-07-05 15:44:06 ----D---- C:\Windows\system32\sr-Latn-CS
2009-07-05 15:44:06 ----D---- C:\Windows\system32\sl-SI
2009-07-05 15:44:06 ----D---- C:\Windows\system32\ro-RO
2009-07-05 15:44:06 ----D---- C:\Windows\system32\pl-PL
2009-07-05 15:44:06 ----D---- C:\Windows\system32\manifeststore
2009-07-05 15:44:06 ----D---- C:\Windows\system32\ja-JP
2009-07-05 15:44:06 ----D---- C:\Windows\system32\es-ES
2009-07-05 15:44:06 ----D---- C:\Windows\system32\en
2009-07-05 15:44:06 ----D---- C:\Windows\system32\bg-BG
2009-07-05 15:44:04 ----D---- C:\Windows\system32\wbem
2009-07-05 15:44:04 ----D---- C:\Windows\system32\tr-TR
2009-07-05 15:44:02 ----D---- C:\Windows\system32\nl-NL
2009-07-05 15:44:02 ----D---- C:\Windows\system32\nb-NO
2009-07-05 15:44:02 ----D---- C:\Windows\system32\lt-LT
2009-07-05 15:44:02 ----D---- C:\Windows\system32\ar-SA
2009-07-05 15:44:01 ----D---- C:\Windows\system32\migwiz
2009-07-05 15:44:00 ----D---- C:\Windows\system32\pt-BR
2009-07-05 15:42:42 ----RSD---- C:\Windows\Fonts
2009-07-05 15:42:42 ----D---- C:\Windows\AppPatch
2009-07-05 15:42:33 ----D---- C:\Windows\system32\Boot
2009-07-05 15:41:46 ----D---- C:\Windows\system32\RTCOM
2009-07-05 12:25:43 ----SHD---- C:\$Recycle.Bin
2009-07-05 08:54:52 ----D---- C:\Windows\Tasks
2009-07-05 08:54:50 ----D---- C:\Windows\system32\Tasks
2009-06-21 18:41:02 ----D---- C:\Windows\system32\appmgmt
2009-06-21 17:26:10 ----D---- C:\ProgramData\Ubisoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-08 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-06-16 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-21 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-02 2147544]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-05-29 43040]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-29 7497792]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-05-02 122368]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-10-26 1020800]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 am6ga73m;am6ga73m; C:\Windows\system32\drivers\am6ga73m.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-02-15 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2008-01-31 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-08 907032]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-21 298776]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 815104]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2008-11-05 159744]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-29 196608]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-05-23 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-07-14 189800]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 466944]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S2 gupdate1c9db05abf2e287;Služba Google Update (gupdate1c9db05abf2e287); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-22 133104]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-05 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]

-----------------EOF-----------------




Pokračování logu

[jaro3]

Takže vypni rez. ochranu u AVG.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Scary]

ComboFix 09-07-14.08 - doma 16.07.2009 20:53.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.420.1033.18.3070.1856 [GMT 2:00]
Spuštěný z: c:\users\doma\Desktop\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Network Edition *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-16 do 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 15:50 . 2009-07-16 15:50 -------- d-----w- C:\rsit
2009-07-16 14:00 . 2009-07-16 14:00 -------- d-----w- c:\users\doma\AppData\Roaming\Malwarebytes
2009-07-16 14:00 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 14:00 . 2009-07-16 14:00 -------- d-----w- c:\programdata\Malwarebytes
2009-07-16 14:00 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-16 08:23 . 2009-07-08 06:39 3403032 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-07-15 08:23 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 08:23 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 08:23 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 08:23 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 08:23 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-12 09:39 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-07-12 09:39 . 2008-10-27 08:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-07-12 09:39 . 2008-10-27 08:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-07-12 09:39 . 2008-10-27 08:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-07-12 09:39 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-12 09:39 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-12 09:39 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-09 07:50 . 2009-07-09 08:31 -------- d-----w- c:\programdata\Electronic Arts
2009-07-09 07:45 . 2009-07-09 07:45 -------- d-----w- c:\program files\Electronic Arts
2009-07-09 07:44 . 2008-09-05 00:22 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-07-09 07:44 . 2009-07-09 07:44 10134 ----a-r- c:\users\doma\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-09 07:44 . 2009-07-09 07:44 -------- d-----w- c:\program files\Microsoft WSE
2009-07-08 07:51 . 2009-07-08 07:51 -------- d-----w- c:\users\doma\AppData\Roaming\FUEL
2009-07-08 07:47 . 2009-07-08 07:47 -------- d-----w- c:\windows\system32\xlive
2009-07-08 07:47 . 2009-07-08 07:48 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-07 19:55 . 2009-07-07 19:55 -------- d-----w- c:\users\doma\AppData\Roaming\DAEMON Tools Pro
2009-07-06 15:58 . 2009-07-06 15:58 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-06 15:48 . 2009-07-06 15:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-05 13:42 . 2009-07-05 13:44 -------- d-----w- c:\windows\system32\ca-ES
2009-07-05 13:42 . 2009-07-05 13:44 -------- d-----w- c:\windows\system32\eu-ES
2009-07-05 13:42 . 2009-07-05 13:44 -------- d-----w- c:\windows\system32\vi-VN
2009-07-05 13:17 . 2009-07-05 13:17 -------- d-----w- c:\windows\system32\EventProviders
2009-07-05 13:14 . 2009-04-11 06:28 2868224 ----a-w- c:\windows\system32\mf.dll
2009-07-05 13:12 . 2009-04-11 06:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-07-05 13:12 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-07-05 13:12 . 2009-04-11 04:27 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-07-05 13:12 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-05 13:12 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-05 13:12 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-05 13:12 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-05 13:12 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-05 13:12 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-05 13:12 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-05 13:12 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-05 13:12 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-05 13:12 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-05 13:11 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-21 19:53 . 2009-06-21 19:53 514888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-21 17:22 . 2009-06-21 17:22 -------- d-----w- c:\users\doma\AppData\Local\Codemasters
2009-06-21 15:26 . 2009-06-21 15:26 -------- d-----w- c:\users\doma\AppData\Roaming\Ubisoft
2009-06-21 13:12 . 2009-07-05 13:54 -------- d-----w- c:\program files\Common Files\Steam
2009-06-20 19:21 . 2009-06-20 19:31 -------- d-----w- c:\users\doma\AppData\Local\Wheelman
2009-06-20 19:21 . 2009-06-20 19:21 -------- d-----w- c:\users\doma\AppData\Local\PC
2009-06-20 13:08 . 2009-07-12 20:07 -------- d-----w- c:\programdata\TrackMania
2009-06-19 17:23 . 2009-06-19 17:29 -------- d-----w- c:\users\doma\AppData\Roaming\PSpad

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 18:46 . 2009-05-19 20:18 27744 ----a-w- c:\programdata\nvModes.dat
2009-07-16 17:15 . 2009-05-21 19:32 -------- d-----w- c:\users\doma\AppData\Roaming\Xfire
2009-07-16 17:14 . 2009-05-21 17:33 -------- d-----w- c:\users\doma\AppData\Roaming\Skype
2009-07-16 16:36 . 2009-05-24 11:07 -------- d-----w- c:\users\doma\AppData\Roaming\uTorrent
2009-07-16 14:35 . 2009-05-21 17:34 -------- d-----w- c:\users\doma\AppData\Roaming\skypePM
2009-07-16 13:53 . 2009-05-20 22:14 598832 ----a-w- c:\windows\system32\perfh005.dat
2009-07-16 13:53 . 2009-05-20 22:14 114992 ----a-w- c:\windows\system32\perfc005.dat
2009-07-16 09:18 . 2009-05-21 19:32 -------- d-----w- c:\programdata\Xfire
2009-07-15 08:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 08:28 . 2009-05-20 23:24 -------- d-----w- c:\programdata\Microsoft Help
2009-07-14 10:13 . 2009-05-21 17:51 138608 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-14 10:13 . 2009-05-21 17:51 189800 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-12 19:44 . 2009-05-27 15:48 -------- d-----w- c:\users\doma\AppData\Roaming\teamspeak2
2009-07-12 11:04 . 2009-06-08 14:21 -------- d-----w- c:\users\doma\AppData\Roaming\dvdcss
2009-07-12 09:39 . 2009-05-19 20:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 16:47 . 2009-05-31 12:47 -------- d-----w- c:\users\doma\AppData\Roaming\mIRC
2009-07-08 06:39 . 2009-05-20 22:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-06 19:47 . 2009-05-22 13:40 -------- d-----w- c:\programdata\Test Drive Unlimited
2009-07-05 13:53 . 2009-05-19 20:18 -------- d-----w- c:\programdata\NVIDIA
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-05 13:42 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-05 13:28 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-21 15:26 . 2009-05-22 12:38 -------- d-----w- c:\programdata\Ubisoft
2009-06-20 09:01 . 2009-06-16 11:58 2052376 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-19 15:38 . 2009-05-19 20:04 100256 ----a-w- c:\users\doma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-16 11:57 . 2009-05-20 22:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-15 16:50 . 2009-06-14 11:28 -------- d-----w- c:\programdata\Lavasoft
2009-06-15 16:34 . 2009-06-15 16:34 -------- d-----w- c:\users\doma\AppData\Roaming\Fpscore Metro
2009-06-14 11:01 . 2009-05-19 20:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-12 15:13 . 2009-06-12 15:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-10 15:32 . 2009-05-26 07:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-06 14:13 . 2009-06-06 14:11 -------- d-----w- c:\users\doma\AppData\Roaming\Ventrilo
2009-06-04 14:48 . 2009-06-04 14:07 62947336 ----a-w- c:\programdata\Xfire\downloads\far_cry_2_1.03.exe
2009-06-02 15:20 . 2009-06-02 15:20 -------- d-----w- c:\users\doma\AppData\Roaming\Braid
2009-06-02 15:10 . 2009-06-02 14:58 -------- d-----w- c:\users\doma\AppData\Roaming\DAEMON Tools Lite
2009-06-02 15:08 . 2009-06-02 15:08 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-06-02 15:08 . 2009-06-02 15:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-02 14:58 . 2009-06-02 14:58 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-02 13:52 . 2009-05-20 23:28 -------- d-----w- c:\program files\Microsoft Works
2009-05-31 20:06 . 2009-05-31 20:06 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-31 20:06 . 2009-05-31 20:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-28 16:28 . 2009-05-28 16:28 -------- d--h--w- c:\programdata\CanonBJ
2009-05-27 17:42 . 2009-05-27 17:42 -------- d-----w- c:\program files\Microsoft
2009-05-26 12:37 . 2009-05-25 17:08 -------- d-----w- c:\users\doma\AppData\Roaming\GHISLER
2009-05-25 13:57 . 2009-05-24 17:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-23 15:03 . 2009-05-21 17:51 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-22 19:19 . 2009-05-21 17:51 22328 ----a-w- c:\users\doma\AppData\Roaming\PnkBstrK.sys
2009-05-22 19:19 . 2009-05-21 17:51 22328 ----a-w- c:\users\doma\AppData\Roaming\PnkBstrK.sys
2009-05-22 17:52 . 2009-05-20 22:18 -------- d-----w- c:\program files\Google
2009-05-22 12:44 . 2009-05-22 12:44 -------- d-----w- c:\program files\System Control Manager
2009-05-22 12:37 . 2009-05-21 17:51 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-21 18:37 . 2009-05-21 18:37 -------- d--h--r- c:\users\doma\AppData\Roaming\SecuROM
2009-05-21 17:57 . 2009-05-21 17:57 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-21 17:44 . 2009-05-21 17:44 0 ----a-w- c:\windows\nsreg.dat
2009-05-21 17:34 . 2009-05-21 17:34 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-05-21 17:32 . 2009-05-21 17:32 -------- d-----w- c:\program files\Common Files\Skype
2009-05-21 17:32 . 2009-05-21 17:32 -------- d-----r- c:\program files\Skype
2009-05-21 17:32 . 2009-05-21 17:32 -------- d-----w- c:\programdata\Skype
2009-05-21 17:11 . 2009-05-21 17:11 -------- d-----w- c:\program files\MSI
2009-05-21 11:18 . 2009-05-21 11:18 -------- d-----w- c:\users\doma\AppData\Roaming\Ashampoo
2009-05-21 11:18 . 2009-05-21 11:18 -------- d-----w- c:\programdata\ashampoo
2009-05-21 11:18 . 2009-05-21 11:18 -------- d-----w- c:\program files\Ashampoo
2009-05-21 11:17 . 2009-05-21 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-21 05:04 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-21 05:04 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-20 23:55 . 2009-05-20 22:40 -------- d-----w- c:\programdata\avg8
2009-05-20 23:55 . 2009-05-20 22:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-20 23:55 . 2009-05-20 23:55 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-20 23:55 . 2009-05-20 22:40 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-05-20 23:28 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-05-20 23:27 . 2009-05-20 23:27 -------- d-----w- c:\program files\Microsoft.NET
2009-05-20 23:26 . 2009-05-20 23:26 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-20 22:45 . 2009-05-20 22:45 -------- d-----w- c:\users\doma\AppData\Roaming\vlc
2009-05-20 22:41 . 2009-05-20 22:41 -------- d-----w- c:\program files\VideoLAN
2009-05-20 22:40 . 2009-05-20 22:40 -------- d-----w- c:\program files\AVG
2009-05-20 22:20 . 2009-05-20 22:20 -------- d-----w- c:\program files\IrfanView
2009-05-20 22:18 . 2009-05-20 22:18 -------- d-----w- c:\programdata\DVD Shrink
2009-05-20 22:18 . 2009-05-20 22:18 -------- d-----w- c:\program files\DVD Shrink
2009-05-20 22:13 . 2009-05-20 22:14 34724 ----a-w- c:\windows\system32\perfd005.dat
2009-05-20 22:13 . 2009-05-20 22:14 286912 ----a-w- c:\windows\system32\perfi005.dat
2009-05-20 22:13 . 2009-05-20 22:13 34724 ----a-w- c:\windows\inf\PERFLIB\0405\perfd.dat
2009-05-20 22:13 . 2009-05-20 22:13 34724 ----a-w- c:\windows\inf\PERFLIB\0405\perfc.dat
2009-05-20 22:13 . 2009-05-20 22:13 286912 ----a-w- c:\windows\inf\PERFLIB\0405\perfi.dat
2009-05-20 22:13 . 2009-05-20 22:13 286912 ----a-w- c:\windows\inf\PERFLIB\0405\perfh.dat
2009-05-20 21:25 . 2009-05-20 21:25 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-20 21:12 . 2009-05-20 21:12 -------- d-----w- c:\program files\Toshiba
2009-05-20 20:53 . 2009-05-20 20:53 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-20 20:53 . 2009-05-20 20:53 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-20 20:37 . 2009-05-20 20:37 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-20 20:16 . 2009-05-20 20:16 9728 ----a-w- c:\windows\system32\lsass.exe
2009-05-20 20:13 . 2009-05-20 20:13 37888 ----a-w- c:\windows\system32\printcom.dll
2009-05-20 20:12 . 2009-05-20 20:12 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-05-20 20:01 . 2009-05-20 20:01 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-20 19:56 . 2009-05-20 19:56 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-05-20 19:53 . 2009-05-20 19:53 2048 ----a-w- c:\windows\system32\msxml6r.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"uTorrent"="c:\programy\uTorrent\uTorrent.exe" [2009-05-24 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-29 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-29 92704]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WheelMouse"="c:\msi\ADVANC~1\wh_exec.exe" [2007-09-13 90112]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-11-28 711808]
"Adobe Reader Speed Launcher"="c:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-28 6144000]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-25 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3c,41,2b,a5,77,fd,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6FCC3366-69FF-4B81-A0E1-E4A854AB441B}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{9D52084C-596C-494E-8C03-6E64C123F43E}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{36A2F01C-7E23-417F-AF34-C35550A1882B}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{F824E88E-1B81-40D7-AC05-9F51712B91CB}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{9207CFA6-EF91-420E-8E3F-48CB7E43EA6F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{4510ED54-EE05-455B-B193-6EBD16168497}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{62E50784-2EAA-4A45-A7F5-C6CF5EA665EF}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{FD7C47E1-E748-4044-99D6-70021C211F8F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EDF29674-9B6D-440A-B69F-7707FF4AB880}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B615B25B-FD2A-4E91-9113-B1244FBB8E0D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E6B3DB43-CC1D-4702-856C-3C6BF441A503}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E9790B6D-F177-45B3-BE89-901D78309213}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8F59457F-7300-4F8F-9C0D-61C98438E991}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0FCA5754-7225-459D-BD55-97673B2E4FAC}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3048DFC2-89DE-4F7B-B21A-73ADF3506A04}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8A105BB5-47FB-421F-96E9-D8F94645EBCD}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{10CB3C71-C38A-4555-A406-90147A357C24}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{A4032190-EF07-440B-818E-4AFB992E49CF}c:\\programy\\xfire\\xfire.exe"= UDP:c:\programy\xfire\xfire.exe:Xfire
"UDP Query User{BD895E38-1D7C-4BAB-B097-24E7F44BDBD8}c:\\programy\\xfire\\xfire.exe"= TCP:c:\programy\xfire\xfire.exe:Xfire
"TCP Query User{E1BF7298-8F67-46EE-A11F-A61537BBF2E6}c:\\hry\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\hry\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{4124F12F-FBCE-4869-BEA4-79A5B06D4D6D}c:\\hry\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\hry\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{34D3D09A-F3C7-4859-AC47-72B4989C3230}"= UDP:c:\hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{B810D1A4-A879-4255-820E-1E02D3EBF080}"= TCP:c:\hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{222C0E13-51DA-4E40-8486-271D5A8E016D}"= Disabled:UDP:c:\programy\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2D652C85-1B8B-4E03-BC54-FF2FB80AB389}"= Disabled:TCP:c:\programy\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{11A61D42-3ADE-4620-B4E5-44C776695817}c:\\programy\\totalcmd\\totalcmd.exe"= UDP:c:\programy\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{15B6F681-5338-4A0C-95C6-D1659070159F}c:\\programy\\totalcmd\\totalcmd.exe"= TCP:c:\programy\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{58991387-761D-4EE0-8517-87B4A8F782B1}c:\\hry\\tmnationsforever\\tmforever.exe"= UDP:c:\hry\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{6B8D8199-BA12-4D6A-8A4B-28EA785F1083}c:\\hry\\tmnationsforever\\tmforever.exe"= TCP:c:\hry\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{AF20519F-4432-4E77-A339-C6A364ADC90B}c:\\hry\\dirt\\dirt.exe"= UDP:c:\hry\dirt\dirt.exe:DiRT Executable
"UDP Query User{B1B5A2EA-E65C-47DF-AB90-46BB6EE8708B}c:\\hry\\dirt\\dirt.exe"= TCP:c:\hry\dirt\dirt.exe:DiRT Executable
"TCP Query User{A89C6294-C92F-43B4-980D-A478E9578F3A}c:\\programy\\steam\\steamapps\\scarynek\\counter-strike\\hl.exe"= UDP:c:\programy\steam\steamapps\scarynek\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{69469C38-471F-4372-B1E3-99C7F96C1AD9}c:\\programy\\steam\\steamapps\\scarynek\\counter-strike\\hl.exe"= TCP:c:\programy\steam\steamapps\scarynek\counter-strike\hl.exe:Half-Life Launcher
"{62C4A44A-D13F-466F-81DF-405418EAF248}"= UDP:c:\hry\Codemasters\FUEL\FUEL.exe:FUEL
"{89188E83-BF39-459F-AC0F-3F1BA316638D}"= TCP:c:\hry\Codemasters\FUEL\FUEL.exe:FUEL
"{34A6CC39-5FFD-4CDD-BEBA-EFDF6017F23B}"= UDP:c:\hry\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{7DBAC500-A845-4237-9D15-5E0B0A5B0453}"= TCP:c:\hry\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [21.5.2009 0:40 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21.5.2009 0:40 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [21.5.2009 1:55 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [21.5.2009 0:40 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21.5.2009 1:55 298776]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [22.5.2009 14:44 159744]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [19.5.2009 23:30 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [19.5.2009 23:28 93968]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28.4.2008 6:29 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [29.5.2008 13:41 43040]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\System32\drivers\whfltr2k.sys [25.1.2007 17:45 6784]
S2 gupdate1c9db05abf2e287;Služba Google Update (gupdate1c9db05abf2e287);c:\program files\Google\Update\GoogleUpdate.exe [22.5.2009 19:49 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 17:49]

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 17:49]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {2FFFCC7D-FDB4-4153-AFDD-2A2B6A407C0F} = 62.240.161.226,62.240.161.227
FF - ProfilePath - c:\users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\vmkyid1w.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programy\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: c:\programy\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\vmkyid1w.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 21:01
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-64969236-410126493-936570443-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,dd,41,a2,c2,f8,31,6d,08,55,f8,87,f0,4d,e7,f2,03,7a,39,2f,2f,ac,8e,
c3,cc,23,d8,98,07,e3,0a,17,a1,cf,b8,2d,eb,3a,f0,95,5e,c9,7e,de,ec,3d,47,bb,\
"??"=hex:15,5b,58,63,ed,39,c6,3e,2a,5d,10,81,42,ae,91,e5

[HKEY_USERS\S-1-5-21-64969236-410126493-936570443-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,bc,88,1e,3c,e6,d8,29,ca,ae,e5,f3,25,2f,a9,73,78,5f,75,e2,18,
39,c1,b6,74,02,24,4d,34,f6,77,ca,d9,f6,de,bd,ed,a9,ac,d4,70,ab,8c,e1,5b,c9,\
"rkeysecu"=hex:04,78,26,e8,6c,f3,d6,ba,98,d0,64,e0,f4,92,d8,96

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2332)
c:\msi\Advanced Wheel Mouse\wh_hook.dll
.
Celkový čas: 2009-07-16 21:05
ComboFix-quarantined-files.txt 2009-07-16 19:05

Před spuštěním: Volných bajtů: 155 989 843 968
Po spuštění: Volných bajtů: 155 976 335 360

321 --- E O F --- 2009-07-15 08:28

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\programdata\nvModes.dat
c:\windows\nsreg.dat
c:\programdata\ezsidmv.dat
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18a0565-4f86-11de-b9f5-002185df0d66}]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Scary]

ComboFix

ComboFix 09-07-14.08 - doma 16.07.2009 22:19.2.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.420.1033.18.3070.1729 [GMT 2:00]
Spuštěný z: c:\users\doma\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\doma\Desktop\CFScript.txt
AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Network Edition *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\ezsidmv.dat"
"c:\programdata\nvModes.dat"
"c:\windows\nsreg.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\ezsidmv.dat
c:\programdata\nvModes.dat
c:\windows\nsreg.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-16 do 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 20:26 . 2009-07-16 20:29 -------- d-----w- c:\users\doma\AppData\Local\temp
2009-07-16 15:50 . 2009-07-16 15:50 -------- d-----w- C:\rsit
2009-07-16 14:00 . 2009-07-16 14:00 -------- d-----w- c:\users\doma\AppData\Roaming\Malwarebytes
2009-07-16 14:00 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 14:00 . 2009-07-16 14:00 -------- d-----w- c:\programdata\Malwarebytes
2009-07-16 14:00 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-16 08:23 . 2009-07-08 06:39 3403032 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-07-15 08:23 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 08:23 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 08:23 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 08:23 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 08:23 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-12 09:39 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-07-12 09:39 . 2008-10-27 08:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-07-12 09:39 . 2008-10-27 08:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-07-12 09:39 . 2008-10-27 08:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-07-12 09:39 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-12 09:39 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-12 09:39 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-09 07:50 . 2009-07-09 08:31 -------- d-----w- c:\programdata\Electronic Arts
2009-07-09 07:45 . 2009-07-09 07:45 -------- d-----w- c:\program files\Electronic Arts
2009-07-09 07:44 . 2008-09-05 00:22 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-07-09 07:44 . 2009-07-09 07:44 10134 ----a-r- c:\users\doma\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-09 07:44 . 2009-07-09 07:44 -------- d-----w- c:\program files\Microsoft WSE
2009-07-08 07:51 . 2009-07-08 07:51 -------- d-----w- c:\users\doma\AppData\Roaming\FUEL
2009-07-08 07:47 . 2009-07-08 07:47 -------- d-----w- c:\windows\system32\xlive
2009-07-08 07:47 . 2009-07-08 07:48 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-07 19:55 . 2009-07-07 19:55 -------- d-----w- c:\users\doma\AppData\Roaming\DAEMON Tools Pro
2009-07-06 15:58 . 2009-07-06 15:58 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-06 15:48 . 2009-07-06 15:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-05 13:42 . 2009-07-05 13:44 -------- d-----w- c:\windows\system32\ca-ES
2009-07-05 13:42 . 2009-07-05 13:44 -------- d-----w- c:\windows\system32\eu-ES
2009-07-05 13:42 . 2009-07-05 13:44 -------- d-----w- c:\windows\system32\vi-VN
2009-07-05 13:17 . 2009-07-05 13:17 -------- d-----w- c:\windows\system32\EventProviders
2009-07-05 13:14 . 2009-04-11 06:28 2868224 ----a-w- c:\windows\system32\mf.dll
2009-07-05 13:12 . 2009-04-11 06:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-07-05 13:12 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-07-05 13:12 . 2009-04-11 04:27 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-07-05 13:12 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-05 13:12 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-05 13:12 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-05 13:12 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-05 13:12 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-05 13:12 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-05 13:12 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-05 13:12 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-05 13:12 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-05 13:12 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-05 13:11 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-21 19:53 . 2009-06-21 19:53 514888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-21 17:22 . 2009-06-21 17:22 -------- d-----w- c:\users\doma\AppData\Local\Codemasters
2009-06-21 15:26 . 2009-06-21 15:26 -------- d-----w- c:\users\doma\AppData\Roaming\Ubisoft
2009-06-21 13:12 . 2009-07-05 13:54 -------- d-----w- c:\program files\Common Files\Steam
2009-06-20 19:21 . 2009-06-20 19:31 -------- d-----w- c:\users\doma\AppData\Local\Wheelman
2009-06-20 19:21 . 2009-06-20 19:21 -------- d-----w- c:\users\doma\AppData\Local\PC
2009-06-20 13:08 . 2009-07-12 20:07 -------- d-----w- c:\programdata\TrackMania
2009-06-19 17:23 . 2009-06-19 17:29 -------- d-----w- c:\users\doma\AppData\Roaming\PSpad

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 20:14 . 2009-05-21 17:33 -------- d-----w- c:\users\doma\AppData\Roaming\Skype
2009-07-16 19:55 . 2009-05-21 17:34 -------- d-----w- c:\users\doma\AppData\Roaming\skypePM
2009-07-16 17:15 . 2009-05-21 19:32 -------- d-----w- c:\users\doma\AppData\Roaming\Xfire
2009-07-16 16:36 . 2009-05-24 11:07 -------- d-----w- c:\users\doma\AppData\Roaming\uTorrent
2009-07-16 13:53 . 2009-05-20 22:14 598832 ----a-w- c:\windows\system32\perfh005.dat
2009-07-16 13:53 . 2009-05-20 22:14 114992 ----a-w- c:\windows\system32\perfc005.dat
2009-07-16 09:18 . 2009-05-21 19:32 -------- d-----w- c:\programdata\Xfire
2009-07-15 08:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 08:28 . 2009-05-20 23:24 -------- d-----w- c:\programdata\Microsoft Help
2009-07-14 10:13 . 2009-05-21 17:51 138608 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-14 10:13 . 2009-05-21 17:51 189800 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-12 19:44 . 2009-05-27 15:48 -------- d-----w- c:\users\doma\AppData\Roaming\teamspeak2
2009-07-12 11:04 . 2009-06-08 14:21 -------- d-----w- c:\users\doma\AppData\Roaming\dvdcss
2009-07-12 09:39 . 2009-05-19 20:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 16:47 . 2009-05-31 12:47 -------- d-----w- c:\users\doma\AppData\Roaming\mIRC
2009-07-08 06:39 . 2009-05-20 22:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-06 19:47 . 2009-05-22 13:40 -------- d-----w- c:\programdata\Test Drive Unlimited
2009-07-05 13:53 . 2009-05-19 20:18 -------- d-----w- c:\programdata\NVIDIA
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-05 13:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-05 13:42 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-05 13:28 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-21 15:26 . 2009-05-22 12:38 -------- d-----w- c:\programdata\Ubisoft
2009-06-20 09:01 . 2009-06-16 11:58 2052376 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-19 15:38 . 2009-05-19 20:04 100256 ----a-w- c:\users\doma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-16 11:57 . 2009-05-20 22:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-15 16:50 . 2009-06-14 11:28 -------- d-----w- c:\programdata\Lavasoft
2009-06-15 16:34 . 2009-06-15 16:34 -------- d-----w- c:\users\doma\AppData\Roaming\Fpscore Metro
2009-06-14 11:01 . 2009-05-19 20:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-12 15:13 . 2009-06-12 15:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-10 15:32 . 2009-05-26 07:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-06 14:13 . 2009-06-06 14:11 -------- d-----w- c:\users\doma\AppData\Roaming\Ventrilo
2009-06-04 14:48 . 2009-06-04 14:07 62947336 ----a-w- c:\programdata\Xfire\downloads\far_cry_2_1.03.exe
2009-06-02 15:20 . 2009-06-02 15:20 -------- d-----w- c:\users\doma\AppData\Roaming\Braid
2009-06-02 15:10 . 2009-06-02 14:58 -------- d-----w- c:\users\doma\AppData\Roaming\DAEMON Tools Lite
2009-06-02 15:08 . 2009-06-02 15:08 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-06-02 15:08 . 2009-06-02 15:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-02 14:58 . 2009-06-02 14:58 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-02 13:52 . 2009-05-20 23:28 -------- d-----w- c:\program files\Microsoft Works
2009-05-31 20:06 . 2009-05-31 20:06 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-31 20:06 . 2009-05-31 20:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-28 16:28 . 2009-05-28 16:28 -------- d--h--w- c:\programdata\CanonBJ
2009-05-27 17:42 . 2009-05-27 17:42 -------- d-----w- c:\program files\Microsoft
2009-05-26 12:37 . 2009-05-25 17:08 -------- d-----w- c:\users\doma\AppData\Roaming\GHISLER
2009-05-25 13:57 . 2009-05-24 17:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-23 15:03 . 2009-05-21 17:51 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-22 19:19 . 2009-05-21 17:51 22328 ----a-w- c:\users\doma\AppData\Roaming\PnkBstrK.sys
2009-05-22 19:19 . 2009-05-21 17:51 22328 ----a-w- c:\users\doma\AppData\Roaming\PnkBstrK.sys
2009-05-22 17:52 . 2009-05-20 22:18 -------- d-----w- c:\program files\Google
2009-05-22 12:44 . 2009-05-22 12:44 -------- d-----w- c:\program files\System Control Manager
2009-05-22 12:37 . 2009-05-21 17:51 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-21 18:37 . 2009-05-21 18:37 -------- d--h--r- c:\users\doma\AppData\Roaming\SecuROM
2009-05-21 17:57 . 2009-05-21 17:57 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-21 17:32 . 2009-05-21 17:32 -------- d-----w- c:\program files\Common Files\Skype
2009-05-21 17:32 . 2009-05-21 17:32 -------- d-----r- c:\program files\Skype
2009-05-21 17:32 . 2009-05-21 17:32 -------- d-----w- c:\programdata\Skype
2009-05-21 17:11 . 2009-05-21 17:11 -------- d-----w- c:\program files\MSI
2009-05-21 11:18 . 2009-05-21 11:18 -------- d-----w- c:\users\doma\AppData\Roaming\Ashampoo
2009-05-21 11:18 . 2009-05-21 11:18 -------- d-----w- c:\programdata\ashampoo
2009-05-21 11:18 . 2009-05-21 11:18 -------- d-----w- c:\program files\Ashampoo
2009-05-21 11:17 . 2009-05-21 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-21 05:04 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-21 05:04 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-20 23:55 . 2009-05-20 22:40 -------- d-----w- c:\programdata\avg8
2009-05-20 23:55 . 2009-05-20 22:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-20 23:55 . 2009-05-20 23:55 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-20 23:55 . 2009-05-20 22:40 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-05-20 23:28 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-05-20 23:27 . 2009-05-20 23:27 -------- d-----w- c:\program files\Microsoft.NET
2009-05-20 23:26 . 2009-05-20 23:26 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-20 22:45 . 2009-05-20 22:45 -------- d-----w- c:\users\doma\AppData\Roaming\vlc
2009-05-20 22:41 . 2009-05-20 22:41 -------- d-----w- c:\program files\VideoLAN
2009-05-20 22:40 . 2009-05-20 22:40 -------- d-----w- c:\program files\AVG
2009-05-20 22:20 . 2009-05-20 22:20 -------- d-----w- c:\program files\IrfanView
2009-05-20 22:18 . 2009-05-20 22:18 -------- d-----w- c:\programdata\DVD Shrink
2009-05-20 22:18 . 2009-05-20 22:18 -------- d-----w- c:\program files\DVD Shrink
2009-05-20 22:13 . 2009-05-20 22:14 34724 ----a-w- c:\windows\system32\perfd005.dat
2009-05-20 22:13 . 2009-05-20 22:14 286912 ----a-w- c:\windows\system32\perfi005.dat
2009-05-20 22:13 . 2009-05-20 22:13 34724 ----a-w- c:\windows\inf\PERFLIB\0405\perfd.dat
2009-05-20 22:13 . 2009-05-20 22:13 34724 ----a-w- c:\windows\inf\PERFLIB\0405\perfc.dat
2009-05-20 22:13 . 2009-05-20 22:13 286912 ----a-w- c:\windows\inf\PERFLIB\0405\perfi.dat
2009-05-20 22:13 . 2009-05-20 22:13 286912 ----a-w- c:\windows\inf\PERFLIB\0405\perfh.dat
2009-05-20 21:25 . 2009-05-20 21:25 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-20 21:12 . 2009-05-20 21:12 -------- d-----w- c:\program files\Toshiba
2009-05-20 20:53 . 2009-05-20 20:53 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-20 20:53 . 2009-05-20 20:53 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-20 20:37 . 2009-05-20 20:37 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-20 20:16 . 2009-05-20 20:16 9728 ----a-w- c:\windows\system32\lsass.exe
2009-05-20 20:13 . 2009-05-20 20:13 37888 ----a-w- c:\windows\system32\printcom.dll
2009-05-20 20:12 . 2009-05-20 20:12 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-05-20 20:01 . 2009-05-20 20:01 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-20 19:56 . 2009-05-20 19:56 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-05-20 19:53 . 2009-05-20 19:53 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-05-20 18:38 . 2009-05-20 18:38 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-20 18:38 . 2009-05-20 18:38 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-20 18:38 . 2009-05-20 18:38 1809944 ----a-w- c:\windows\system32\wuaueng.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_19.01.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-19 20:20 . 2009-07-16 20:30 35684 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-07-16 20:30 73390 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-19 20:05 . 2009-07-16 20:30 8704 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-64969236-410126493-936570443-1000_UserData.bin
+ 2009-07-16 20:28 . 2009-07-16 20:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-16 13:46 . 2009-07-16 13:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-16 20:28 . 2009-07-16 20:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-16 13:46 . 2009-07-16 13:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-21 11:16 . 2009-07-16 19:55 278702 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"uTorrent"="c:\programy\uTorrent\uTorrent.exe" [2009-05-24 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-29 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-29 92704]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WheelMouse"="c:\msi\ADVANC~1\wh_exec.exe" [2007-09-13 90112]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-11-28 711808]
"Adobe Reader Speed Launcher"="c:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-28 6144000]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-25 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3c,41,2b,a5,77,fd,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6FCC3366-69FF-4B81-A0E1-E4A854AB441B}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{9D52084C-596C-494E-8C03-6E64C123F43E}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{36A2F01C-7E23-417F-AF34-C35550A1882B}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{F824E88E-1B81-40D7-AC05-9F51712B91CB}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{9207CFA6-EF91-420E-8E3F-48CB7E43EA6F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{4510ED54-EE05-455B-B193-6EBD16168497}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{62E50784-2EAA-4A45-A7F5-C6CF5EA665EF}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{FD7C47E1-E748-4044-99D6-70021C211F8F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EDF29674-9B6D-440A-B69F-7707FF4AB880}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B615B25B-FD2A-4E91-9113-B1244FBB8E0D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E6B3DB43-CC1D-4702-856C-3C6BF441A503}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E9790B6D-F177-45B3-BE89-901D78309213}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8F59457F-7300-4F8F-9C0D-61C98438E991}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0FCA5754-7225-459D-BD55-97673B2E4FAC}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3048DFC2-89DE-4F7B-B21A-73ADF3506A04}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8A105BB5-47FB-421F-96E9-D8F94645EBCD}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{10CB3C71-C38A-4555-A406-90147A357C24}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{A4032190-EF07-440B-818E-4AFB992E49CF}c:\\programy\\xfire\\xfire.exe"= UDP:c:\programy\xfire\xfire.exe:Xfire
"UDP Query User{BD895E38-1D7C-4BAB-B097-24E7F44BDBD8}c:\\programy\\xfire\\xfire.exe"= TCP:c:\programy\xfire\xfire.exe:Xfire
"TCP Query User{E1BF7298-8F67-46EE-A11F-A61537BBF2E6}c:\\hry\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\hry\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{4124F12F-FBCE-4869-BEA4-79A5B06D4D6D}c:\\hry\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\hry\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{34D3D09A-F3C7-4859-AC47-72B4989C3230}"= UDP:c:\hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{B810D1A4-A879-4255-820E-1E02D3EBF080}"= TCP:c:\hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{222C0E13-51DA-4E40-8486-271D5A8E016D}"= Disabled:UDP:c:\programy\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2D652C85-1B8B-4E03-BC54-FF2FB80AB389}"= Disabled:TCP:c:\programy\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{11A61D42-3ADE-4620-B4E5-44C776695817}c:\\programy\\totalcmd\\totalcmd.exe"= UDP:c:\programy\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{15B6F681-5338-4A0C-95C6-D1659070159F}c:\\programy\\totalcmd\\totalcmd.exe"= TCP:c:\programy\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{58991387-761D-4EE0-8517-87B4A8F782B1}c:\\hry\\tmnationsforever\\tmforever.exe"= UDP:c:\hry\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{6B8D8199-BA12-4D6A-8A4B-28EA785F1083}c:\\hry\\tmnationsforever\\tmforever.exe"= TCP:c:\hry\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{AF20519F-4432-4E77-A339-C6A364ADC90B}c:\\hry\\dirt\\dirt.exe"= UDP:c:\hry\dirt\dirt.exe:DiRT Executable
"UDP Query User{B1B5A2EA-E65C-47DF-AB90-46BB6EE8708B}c:\\hry\\dirt\\dirt.exe"= TCP:c:\hry\dirt\dirt.exe:DiRT Executable
"TCP Query User{A89C6294-C92F-43B4-980D-A478E9578F3A}c:\\programy\\steam\\steamapps\\scarynek\\counter-strike\\hl.exe"= UDP:c:\programy\steam\steamapps\scarynek\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{69469C38-471F-4372-B1E3-99C7F96C1AD9}c:\\programy\\steam\\steamapps\\scarynek\\counter-strike\\hl.exe"= TCP:c:\programy\steam\steamapps\scarynek\counter-strike\hl.exe:Half-Life Launcher
"{62C4A44A-D13F-466F-81DF-405418EAF248}"= UDP:c:\hry\Codemasters\FUEL\FUEL.exe:FUEL
"{89188E83-BF39-459F-AC0F-3F1BA316638D}"= TCP:c:\hry\Codemasters\FUEL\FUEL.exe:FUEL
"{34A6CC39-5FFD-4CDD-BEBA-EFDF6017F23B}"= UDP:c:\hry\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{7DBAC500-A845-4237-9D15-5E0B0A5B0453}"= TCP:c:\hry\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [21.5.2009 0:40 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21.5.2009 0:40 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [21.5.2009 1:55 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [21.5.2009 0:40 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21.5.2009 1:55 298776]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [22.5.2009 14:44 159744]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [19.5.2009 23:30 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [19.5.2009 23:28 93968]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28.4.2008 6:29 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [29.5.2008 13:41 43040]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\System32\drivers\whfltr2k.sys [25.1.2007 17:45 6784]
S2 gupdate1c9db05abf2e287;Služba Google Update (gupdate1c9db05abf2e287);c:\program files\Google\Update\GoogleUpdate.exe [22.5.2009 19:49 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 17:49]

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 17:49]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {2FFFCC7D-FDB4-4153-AFDD-2A2B6A407C0F} = 62.240.161.226,62.240.161.227
FF - ProfilePath - c:\users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\vmkyid1w.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programy\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: c:\programy\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\vmkyid1w.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 22:29
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-64969236-410126493-936570443-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,dd,41,a2,c2,f8,31,6d,08,55,f8,87,f0,4d,e7,f2,03,7a,39,2f,2f,ac,8e,
c3,cc,23,d8,98,07,e3,0a,17,a1,cf,b8,2d,eb,3a,f0,95,5e,c9,7e,de,ec,3d,47,bb,\
"??"=hex:15,5b,58,63,ed,39,c6,3e,2a,5d,10,81,42,ae,91,e5

[HKEY_USERS\S-1-5-21-64969236-410126493-936570443-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,bc,88,1e,3c,e6,d8,29,ca,ae,e5,f3,25,2f,a9,73,78,5f,75,e2,18,
39,c1,b6,74,02,24,4d,34,f6,77,ca,d9,f6,de,bd,ed,a9,ac,d4,70,ab,8c,e1,5b,c9,\
"rkeysecu"=hex:04,78,26,e8,6c,f3,d6,ba,98,d0,64,e0,f4,92,d8,96

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\rundll32.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2009-07-16 22:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-16 20:37
ComboFix2.txt 2009-07-16 19:05

Před spuštěním: Volných bajtů: 156 000 628 736
Po spuštění: Volných bajtů: 155 879 477 248

360 --- E O F --- 2009-07-15 08:28

[Scary]

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:03, on 16.7.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Programy\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programy\uTorrent\uTorrent.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFFCC7D-FDB4-4153-AFDD-2A2B6A407C0F}: NameServer = 62.240.161.226,62.240.161.227
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9db05abf2e287) (gupdate1c9db05abf2e287) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Micro Star SCM - Micro-Star Int'l Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 5973 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O13 - Gopher Prefix:


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Nainstaluj javu:
Java SE Runtime Environment 6u14
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u14-windows-i586-p.exe

Zkus defragmentaci , pokud se zdá notebook pomalý.