Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus - goingonearth.com


  • This topic is locked This topic is locked
8 replies to this topic

#1 Varrad

Varrad

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 25 July 2011 - 05:46 AM

Hi, In GMER I can check/uncheck only Services, Registry, Files, ADS than i dont paste log.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-25 12:45:14
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076dce07f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076dce07f (not active ControlSet)

---- EOF - GMER 1.0.15 ----




.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by dominik at 12:21:59 on 2011-07-25
Microsoft Windows 7 Professional 6.1.7601.1.1250.48.1045.18.4061.2723 [GMT 2:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\dominik\AppData\Roaming\PLAY ONLINE\ouc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
uRun: [HW_OPENEYE_OUC_PLAY ONLINE] "C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe"
uRun: [8DDYX0ZBPZ] C:\Users\dominik\AppData\Local\Temp\Kmk.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{3D045062-8D7A-46F3-8664-1C527CA64D76} : DhcpNameServer = 192.168.254.1
TCP: Interfaces\{58976354-47DA-490C-B136-303A9CFF8F2B} : NameServer = 89.108.195.20 217.17.34.10
TCP: Interfaces\{C4896C25-FAFC-47C6-843A-72425F26DC50} : DhcpNameServer = 192.168.1.254
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{32099AAC-C132-4136-9E9A-4E364A424E17}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(domy˜lny)]
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dominik\AppData\Roaming\Mozilla\Firefox\Profiles\1tv9q8j0.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 NETw5s64;Sterownik karty Intel® Wireless WiFi Link dla systemu Windows 7 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 netw5v64;Sterownik karty Intel® Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 64-bitowej;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 StorSvc;Usługa magazynu;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2011-07-25 09:46:48 579584 ----a-w- C:\OTL.exe
2011-07-25 09:45:50 -------- d---a-w- C:\strona
2011-07-25 09:45:05 607017 ----a-w- C:\dds.scr
2011-07-23 19:30:25 -------- d-----r- C:\Program Files (x86)\Skype
2011-07-23 19:20:51 -------- d-----w- C:\Users\dominik\AppData\Local\ESET
2011-07-23 18:26:37 -------- d-----w- C:\Program Files\ESET
2011-07-23 13:58:39 64512 --sha-r- C:\Windows\SysWow64\cryptsvcw.dll
2011-07-23 13:58:34 32768 ----a-w- C:\Users\dominik\AppData\Roaming\googlevet.exe
2011-07-23 13:58:34 306007 ----a-w- C:\Users\dominik\AppData\Roaming\xnij.exe
2011-07-23 13:52:11 -------- d-----w- C:\ProgramData\RegCure
2011-07-23 13:45:29 -------- d-----w- C:\Users\dominik\AppData\Local\Diagnostics
2011-07-23 13:32:43 32768 ------w- C:\Users\dominik\AppData\Roaming\googlejui.exe
2011-07-23 13:31:23 -------- d-----w- C:\Microsoft Office 2007 Enterprise
2011-07-23 10:04:13 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-07-23 10:02:37 -------- d-----w- C:\Users\dominik\AppData\Roaming\uTorrent
2011-07-23 10:02:37 -------- d-----w- C:\Users\dominik\AppData\Local\uTorrent
2011-07-21 12:05:09 -------- d-----w- C:\Users\dominik\AppData\Roaming\HpUpdate
2011-07-21 12:04:18 -------- d-----w- C:\Program Files (x86)\HP
2011-07-21 12:03:38 -------- d-----w- C:\Program Files\HP
2011-07-21 12:03:03 -------- d-----w- C:\Users\dominik\AppData\Local\HP
2011-07-17 17:20:52 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2011-07-17 16:32:35 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2011-07-17 16:32:07 -------- d-----w- C:\ProgramData\Blizzard
2011-07-17 15:47:34 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-07-17 15:47:28 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Toolbar
2011-07-17 15:47:17 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-07-17 15:46:53 -------- d-----w- C:\Users\dominik\AppData\Roaming\DAEMON Tools Lite
2011-07-17 15:46:53 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2011-07-15 22:03:41 -------- d-----w- C:\Users\dominik\AppData\Roaming\BESTplayer
2011-07-15 14:14:14 -------- d-----w- C:\games
2011-07-15 14:08:41 -------- d-----w- C:\Users\dominik\AppData\Roaming\Ubisoft
2011-07-15 13:54:57 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2011-07-15 13:54:57 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2011-07-15 13:54:27 188128 ----a-w- C:\ProgramData\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-07-15 13:28:44 -------- d-----w- C:\Windows\SysWow64\directx
2011-07-15 13:21:46 -------- d-----w- C:\Users\dominik\AppData\Local\Adobe
2011-07-14 21:52:18 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-07-14 21:52:18 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-07-14 21:52:11 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-07-14 21:52:11 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-07-14 21:51:31 -------- d-----w- C:\Windows\System32\RsFx
2011-07-14 21:46:17 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2011-07-14 21:42:09 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2011-07-14 21:32:53 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-07-14 21:32:48 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-14 21:32:44 -------- d-----w- C:\Windows\SysWow64\1033
2011-07-14 21:32:44 -------- d-----w- C:\Windows\System32\1033
2011-07-14 08:19:08 -------- d-----w- C:\Windows\System32\appmgmt
2011-07-13 20:27:41 -------- d-----w- C:\Users\dominik\AppData\Local\Microsoft_Corporation
2011-07-13 20:22:47 -------- d-----w- C:\Users\dominik\AppData\Local\Microsoft Help
2011-07-13 20:21:21 -------- d-----w- C:\Users\dominik\AppData\Local\ElevatedDiagnostics
2011-07-13 20:18:27 -------- d-----w- C:\Program Files\Microsoft SQL Server
2011-07-13 20:06:32 -------- d-----w- C:\Program Files (x86)\Matroska Pack
2011-07-13 19:40:12 -------- d-----w- C:\Windows\System32\RtlGina
2011-07-13 19:39:07 63648 ------w- C:\Windows\System32\athihvui.dll
2011-07-13 19:39:07 443040 ------w- C:\Windows\System32\athihvs.dll
2011-07-13 19:39:07 1579520 ----a-w- C:\Windows\System32\athrx.sys
2011-07-13 19:39:07 -------- d-----w- C:\Windows\System32\nn-NO
2011-07-13 19:39:07 -------- d-----w- C:\Windows\Options
2011-07-13 19:39:00 -------- d-----w- C:\Program Files (x86)\Cisco
2011-07-13 19:39:00 -------- d-----w- C:\Program Files (x86)\Atheros
2011-07-13 19:38:40 -------- d-----w- C:\ProgramData\Atheros
2011-07-13 19:35:48 408600 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2011-07-13 19:31:45 -------- d-----w- C:\Users\dominik\AppData\Local\ATI
2011-07-13 19:30:10 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-07-13 19:29:22 -------- d-----w- C:\Program Files\ATI Technologies
2011-07-13 19:23:43 -------- d-----w- C:\Users\dominik\AppData\Roaming\enchant
2011-07-13 19:23:41 -------- d-----w- C:\Users\dominik\AppData\Roaming\.purple
2011-07-13 19:21:25 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-07-13 19:16:55 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2011-07-13 19:16:08 -------- d-----w- C:\Program Files\IIS
2011-07-13 19:16:08 -------- d-----w- C:\Program Files (x86)\IIS
2011-07-13 19:15:46 548800 ----a-w- C:\ProgramData\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2011-07-13 19:14:50 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2011-07-13 19:13:16 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2011-07-13 19:08:59 -------- d-----w- C:\Windows\PCHEALTH
2011-07-10 09:27:56 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2011-07-10 09:27:47 -------- d-----w- C:\Intel
2011-07-10 09:26:28 -------- d-----w- C:\Program Files\ATI
2011-07-10 09:24:42 -------- d-----w- C:\Program Files\Synaptics
2011-07-09 22:18:56 -------- d-----w- C:\Program Files\Elantech
2011-07-09 21:59:13 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters
2011-07-09 21:52:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-09 09:03:29 -------- d-----w- C:\Users\dominik\AppData\Roaming\PLAY ONLINE
2011-07-09 09:02:11 93696 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
2011-07-09 09:02:11 85504 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
2011-07-09 09:02:11 55296 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
2011-07-09 09:02:11 29184 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
2011-07-09 09:02:11 196608 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
2011-07-09 09:02:11 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2011-07-09 09:02:11 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
2011-07-09 09:02:06 999936 ----a-w- C:\Windows\System32\drivers\mod7700.sys
2011-07-09 09:02:06 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2011-07-09 09:02:06 256000 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys
2011-07-09 09:02:06 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
2011-07-09 09:02:06 121600 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2011-07-09 09:01:58 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
2011-07-09 09:01:49 -------- d-----w- C:\Program Files (x86)\PLAY ONLINE
2011-07-09 09:01:33 -------- d-----w- C:\ProgramData\DatacardService
2011-07-08 22:31:24 -------- d-----w- C:\Users\dominik\AppData\Roaming\TrueCrypt
2011-07-08 22:31:11 230352 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2011-07-08 22:31:11 -------- d-----w- C:\Program Files\TrueCrypt
2011-07-08 21:51:44 -------- d-sh--w- C:\Windows\Installer
2011-07-08 21:47:22 -------- d-----w- C:\Windows\SysWow64\Wat
2011-07-08 21:47:22 -------- d-----w- C:\Windows\System32\Wat
2011-07-08 21:45:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-08 21:45:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-08 21:45:00 141104 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2011-07-08 21:43:32 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-08 21:43:29 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1BE2FC09-DC48-4B05-BBE6-FB4D2A8DD10D}\mpengine.dll
2011-07-08 21:40:20 -------- d-----w- C:\Windows\Panther
2011-07-08 20:43:52 0 ----a-w- C:\Windows\ativpsrm.bin
.
==================== Find3M ====================
.
2011-07-10 09:26:04 121872 ----a-w- C:\Windows\System32\drivers\AtiHdmi.sys
2011-07-10 09:23:29 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2011-07-10 09:23:26 214312 ----a-w- C:\Windows\System32\SynTPAPI.dll
2011-07-10 09:23:26 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2011-07-10 09:23:26 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2011-07-10 09:23:25 316464 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2011-07-10 09:23:23 396584 ----a-w- C:\Windows\System32\SynCOM.dll
2011-07-10 09:23:23 264488 ----a-w- C:\Windows\System32\SynCtrl.dll
2011-07-10 09:23:23 210216 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2011-07-10 09:23:23 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2011-07-09 22:18:06 4675976 ----a-w- C:\Windows\System32\ETDUI.cpl
2011-07-09 22:17:58 136192 ----a-w- C:\Windows\System32\drivers\ETD.sys
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-24 17:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-11 16:14:03 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-05-11 16:14:03 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-05-11 16:14:03 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-05-11 16:14:03 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-05-11 16:14:03 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-05-11 16:14:03 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-05-11 16:14:03 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-05-11 16:14:03 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-05-11 16:14:03 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-05-11 16:14:03 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-05-11 16:14:03 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-05-11 16:12:54 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-05-11 16:12:54 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-05-11 16:12:44 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-05-11 16:12:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-05-11 16:12:31 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
.
============= FINISH: 12:22:42,25 ===============

Attached Files


Edited by Varrad, 25 July 2011 - 05:47 AM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:01 AM

Posted 01 August 2011 - 05:03 AM

Hi Varrad, and welcome to Bleeping Computer.

Możemy rozmawiać/pisać po polsku?.. ;)

Have you been receiving help elsewhere (I see OTL.exe already downloaded)??..

Please do the following:

Firstly,
Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Secondly,
Please delete your current copy of OTL.exe, download a fresh copy to your desktop:
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Varrad

Varrad
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 01 August 2011 - 05:42 AM

Witam
Oczywiście możemy pisać po polsku :). Dzięki za odpowiedź bo już zaczynałem się martwic.
Zrobiłem wszystko jak pisałeś oto logi:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Wersja bazy: 7343

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

2011-08-01 12:28:37
mbam-log-2011-08-01 (12-28-37).txt

Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 165387
Upłynęło: 2 minut(y), 32 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 4
Zainfekowanych wartości rejestru: 1
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 3

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XMZH42I4GI (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Zainfekowanych wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Value: 8DDYX0ZBPZ -> Quarantined and deleted successfully.

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
c:\Users\dominik\AppData\Roaming\googlejui.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\dominik\AppData\Roaming\googlevet.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\dominik\AppData\Local\Temp\chnt25.exe (Trojan.Agent) -> Quarantined and deleted successfully.



OTL logfile created on: 2011-08-01 12:33:02 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dominik\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,97 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,71% Memory free
7,93 Gb Paging File | 6,63 Gb Available in Paging File | 83,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 26,92 Gb Free Space | 46,02% Space Free | Partition Type: NTFS
Drive E: | 343,65 Gb Total Space | 266,05 Gb Free Space | 77,42% Space Free | Partition Type: NTFS
Drive G: | 38,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DOMINIK-R720 | User Name: dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-08-01 12:32:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dominik\Desktop\OTL.exe
PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010-11-16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009-04-14 21:28:46 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\dominik\AppData\Roaming\PLAY ONLINE\ouc.exe


========== Modules (SafeList) ==========

MOD - [2011-08-01 12:32:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dominik\Desktop\OTL.exe
MOD - [2010-11-21 05:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-01-12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009-09-01 23:55:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-07-17 17:47:34 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011-07-10 11:26:04 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2011-07-10 11:23:25 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011-07-10 00:17:58 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011-07-09 00:31:11 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011-07-06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011-05-11 18:14:03 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-05-11 18:14:03 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-12-21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010-12-21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010-12-21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-09 14:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010-08-31 18:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010-08-07 17:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010-07-27 09:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010-01-13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Sterownik karty Intel®
DRV:64bit: - [2009-09-28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009-09-02 00:31:48 | 006,204,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel®
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-07-09 23:46:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-07-23 20:26:38 | 000,000,000 | ---D | M]

[2011-07-09 23:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dominik\AppData\Roaming\mozilla\Extensions
[2011-07-17 17:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dominik\AppData\Roaming\mozilla\Firefox\Profiles\1tv9q8j0.default\extensions
[2011-07-17 17:47:29 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\dominik\AppData\Roaming\mozilla\Firefox\Profiles\1tv9q8j0.default\extensions\DTToolbar@toolbarnet.com
[2011-07-17 17:47:28 | 000,002,055 | ---- | M] () -- C:\Users\dominik\AppData\Roaming\Mozilla\Firefox\Profiles\1tv9q8j0.default\searchplugins\daemon-search.xml
[2011-07-09 23:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) --
[2011-06-16 06:51:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_PLAY ONLINE] C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-11-16 23:37:37 | 000,142,336 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008-03-07 10:34:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9047bef2-a9a2-11e0-a308-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9047bef2-a9a2-11e0-a308-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\setup.hta
O33 - MountPoints2\{dfa9f553-aa09-11e0-aeb4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dfa9f553-aa09-11e0-aeb4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dfa9f591-aa09-11e0-aeb4-0c6076dce07f}\Shell - "" = AutoRun
O33 - MountPoints2\{dfa9f591-aa09-11e0-aeb4-0c6076dce07f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010-11-16 23:37:37 | 000,142,336 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-08-01 12:32:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\dominik\Desktop\OTL.exe
[2011-08-01 12:23:25 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Malwarebytes
[2011-08-01 12:23:19 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-08-01 12:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-08-01 12:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-08-01 12:23:15 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-08-01 12:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-08-01 12:18:08 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\dominik\Desktop\mbam-setup-1.51.1.1800.exe
[2011-07-28 10:08:30 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\TS3Client
[2011-07-28 10:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011-07-28 09:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011-07-25 11:46:48 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011-07-25 11:45:50 | 000,000,000 | ---D | C] -- C:\strona
[2011-07-25 11:45:05 | 000,607,017 | ---- | C] (Swearware) -- C:\dds.scr
[2011-07-23 21:30:32 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Skype
[2011-07-23 21:30:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011-07-23 21:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011-07-23 21:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011-07-23 21:20:51 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\ESET
[2011-07-23 20:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011-07-23 20:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011-07-23 20:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-07-23 15:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2011-07-23 15:45:29 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Diagnostics
[2011-07-23 15:32:43 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Google
[2011-07-23 15:31:23 | 000,000,000 | ---D | C] -- C:\Microsoft Office 2007 Enterprise
[2011-07-23 12:04:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011-07-23 12:02:37 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\uTorrent
[2011-07-23 12:02:37 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\uTorrent
[2011-07-21 14:05:09 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\HpUpdate
[2011-07-21 14:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011-07-21 14:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011-07-21 14:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011-07-21 14:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011-07-21 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\HP
[2011-07-17 19:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011-07-17 19:00:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2011-07-17 18:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011-07-17 18:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011-07-17 18:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2011-07-17 17:49:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011-07-17 17:47:34 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011-07-17 17:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2011-07-17 17:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011-07-17 17:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011-07-17 17:46:53 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\DAEMON Tools Lite
[2011-07-17 17:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011-07-16 00:08:00 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011-07-16 00:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011-07-16 00:07:59 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Notepad++
[2011-07-16 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2011-07-16 00:03:41 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\BESTplayer
[2011-07-15 16:14:14 | 000,000,000 | ---D | C] -- C:\games
[2011-07-15 16:08:41 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Ubisoft
[2011-07-15 16:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011-07-15 15:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011-07-15 15:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011-07-15 15:38:35 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011-07-15 15:38:35 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011-07-15 15:38:35 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011-07-15 15:38:35 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011-07-15 15:38:35 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011-07-15 15:38:35 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011-07-15 15:38:34 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011-07-15 15:38:34 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011-07-15 15:38:34 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011-07-15 15:38:34 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011-07-15 15:38:34 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011-07-15 15:38:34 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011-07-15 15:38:34 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011-07-15 15:38:34 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011-07-15 15:38:34 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011-07-15 15:38:34 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011-07-15 15:38:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011-07-15 15:38:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011-07-15 15:38:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011-07-15 15:38:33 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011-07-15 15:38:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011-07-15 15:38:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011-07-15 15:38:33 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011-07-15 15:38:33 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011-07-15 15:38:32 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011-07-15 15:38:32 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011-07-15 15:38:32 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011-07-15 15:38:32 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011-07-15 15:38:32 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011-07-15 15:38:32 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011-07-15 15:38:31 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011-07-15 15:38:31 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011-07-15 15:38:31 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011-07-15 15:38:31 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011-07-15 15:38:31 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011-07-15 15:38:31 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011-07-15 15:38:31 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011-07-15 15:38:31 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011-07-15 15:38:30 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011-07-15 15:38:30 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011-07-15 15:38:30 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011-07-15 15:38:30 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011-07-15 15:38:30 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011-07-15 15:38:30 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011-07-15 15:38:30 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011-07-15 15:38:30 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011-07-15 15:38:30 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011-07-15 15:38:30 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011-07-15 15:38:29 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011-07-15 15:38:29 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011-07-15 15:38:29 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011-07-15 15:38:29 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011-07-15 15:38:29 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011-07-15 15:38:29 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011-07-15 15:38:29 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011-07-15 15:38:29 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011-07-15 15:38:28 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011-07-15 15:38:28 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011-07-15 15:38:28 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011-07-15 15:38:28 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011-07-15 15:38:28 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011-07-15 15:38:28 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011-07-15 15:38:27 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011-07-15 15:38:27 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011-07-15 15:38:27 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011-07-15 15:38:27 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011-07-15 15:38:26 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011-07-15 15:38:26 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011-07-15 15:38:26 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011-07-15 15:38:26 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011-07-15 15:38:26 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011-07-15 15:38:26 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011-07-15 15:38:26 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011-07-15 15:38:26 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011-07-15 15:38:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011-07-15 15:38:26 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011-07-15 15:38:26 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011-07-15 15:38:26 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011-07-15 15:38:25 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011-07-15 15:38:25 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011-07-15 15:38:25 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011-07-15 15:38:25 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011-07-15 15:38:24 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011-07-15 15:38:24 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011-07-15 15:38:24 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011-07-15 15:38:24 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011-07-15 15:38:24 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011-07-15 15:38:24 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011-07-15 15:38:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011-07-15 15:38:24 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011-07-15 15:38:24 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011-07-15 15:38:24 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011-07-15 15:38:23 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011-07-15 15:38:23 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011-07-15 15:38:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011-07-15 15:38:22 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011-07-15 15:38:22 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011-07-15 15:38:22 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011-07-15 15:38:21 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011-07-15 15:38:21 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011-07-15 15:38:21 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011-07-15 15:38:21 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011-07-15 15:38:20 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011-07-15 15:38:20 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011-07-15 15:38:20 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011-07-15 15:38:20 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011-07-15 15:38:20 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011-07-15 15:38:20 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011-07-15 15:38:20 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011-07-15 15:38:20 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011-07-15 15:38:20 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011-07-15 15:38:20 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011-07-15 15:38:19 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011-07-15 15:38:19 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011-07-15 15:38:19 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011-07-15 15:38:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011-07-15 15:38:19 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011-07-15 15:38:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011-07-15 15:38:19 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011-07-15 15:38:19 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011-07-15 15:38:19 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011-07-15 15:38:19 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011-07-15 15:38:19 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011-07-15 15:38:19 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011-07-15 15:38:18 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011-07-15 15:38:18 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011-07-15 15:38:18 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011-07-15 15:38:18 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011-07-15 15:38:18 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011-07-15 15:38:18 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011-07-15 15:38:18 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011-07-15 15:38:18 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011-07-15 15:38:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011-07-15 15:38:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011-07-15 15:38:18 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011-07-15 15:38:18 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011-07-15 15:38:18 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011-07-15 15:38:18 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011-07-15 15:38:17 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011-07-15 15:38:17 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011-07-15 15:38:17 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011-07-15 15:38:17 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011-07-15 15:38:16 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011-07-15 15:38:16 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011-07-15 15:38:16 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011-07-15 15:38:16 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011-07-15 15:38:16 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011-07-15 15:38:16 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011-07-15 15:38:16 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011-07-15 15:38:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011-07-15 15:38:16 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011-07-15 15:38:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011-07-15 15:38:16 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011-07-15 15:38:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011-07-15 15:38:15 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011-07-15 15:38:15 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011-07-15 15:38:15 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011-07-15 15:38:15 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011-07-15 15:38:14 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011-07-15 15:38:14 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011-07-15 15:38:14 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011-07-15 15:38:14 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011-07-15 15:38:14 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011-07-15 15:38:14 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011-07-15 15:38:12 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011-07-15 15:38:12 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011-07-15 15:38:12 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011-07-15 15:38:12 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011-07-15 15:38:12 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011-07-15 15:38:12 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011-07-15 15:38:12 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011-07-15 15:38:12 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011-07-15 15:38:11 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011-07-15 15:38:11 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011-07-15 15:38:10 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011-07-15 15:38:10 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011-07-15 15:38:10 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011-07-15 15:38:10 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011-07-15 15:38:10 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011-07-15 15:38:10 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011-07-15 15:38:09 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011-07-15 15:38:09 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011-07-15 15:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011-07-15 15:21:46 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Adobe
[2011-07-15 15:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011-07-15 15:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011-07-15 15:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011-07-15 13:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011-07-15 12:02:32 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\WinRAR
[2011-07-15 12:02:32 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-07-15 12:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-07-15 12:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011-07-14 23:52:18 | 000,078,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2011-07-14 23:52:18 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2011-07-14 23:52:11 | 000,111,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2011-07-14 23:52:11 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2011-07-14 23:51:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2011-07-14 23:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011-07-14 23:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011-07-14 23:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2011-07-14 23:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011-07-14 23:42:09 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011-07-14 23:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011-07-14 23:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011-07-14 23:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011-07-14 23:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011-07-14 23:32:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2011-07-14 23:32:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2011-07-14 23:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2011-07-14 10:19:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011-07-14 09:57:05 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\Visual Studio 2005
[2011-07-13 22:27:41 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Microsoft_Corporation
[2011-07-13 22:26:32 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\Integration Services Script Component
[2011-07-13 22:26:06 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\Integration Services Script Task
[2011-07-13 22:25:49 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\SQL Server Management Studio
[2011-07-13 22:23:00 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\Visual Studio 2008
[2011-07-13 22:22:47 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Microsoft Help
[2011-07-13 22:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011-07-13 22:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011-07-13 22:21:21 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\ElevatedDiagnostics
[2011-07-13 22:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011-07-13 22:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011-07-13 22:18:04 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Winamp
[2011-07-13 22:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011-07-13 22:07:43 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Matroska Pack
[2011-07-13 22:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Matroska Pack
[2011-07-13 22:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Matroska Pack
[2011-07-13 21:40:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RtlGina
[2011-07-13 21:39:07 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2011-07-13 21:39:07 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2011-07-13 21:39:07 | 000,063,648 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll
[2011-07-13 21:39:07 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011-07-13 21:39:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO
[2011-07-13 21:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2011-07-13 21:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2011-07-13 21:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011-07-13 21:37:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2011-07-13 21:37:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011-07-13 21:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011-07-13 21:37:39 | 001,632,800 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2011-07-13 21:37:39 | 001,496,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2011-07-13 21:37:39 | 001,178,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2011-07-13 21:37:39 | 000,611,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2011-07-13 21:37:39 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011-07-13 21:37:39 | 000,436,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2011-07-13 21:37:39 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011-07-13 21:37:39 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2011-07-13 21:37:39 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011-07-13 21:37:39 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011-07-13 21:37:39 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011-07-13 21:37:39 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011-07-13 21:37:39 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011-07-13 21:37:39 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011-07-13 21:37:39 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2011-07-13 21:37:39 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011-07-13 21:37:39 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011-07-13 21:37:39 | 000,064,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2011-07-13 21:37:38 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011-07-13 21:37:38 | 000,309,760 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011-07-13 21:37:38 | 000,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2011-07-13 21:37:38 | 000,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2011-07-13 21:37:37 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011-07-13 21:37:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011-07-13 21:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011-07-13 21:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011-07-13 21:35:48 | 000,408,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2011-07-13 21:35:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011-07-13 21:35:45 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\InstallShield
[2011-07-13 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\ATI
[2011-07-13 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\ATI
[2011-07-13 21:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011-07-13 21:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011-07-13 21:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011-07-13 21:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011-07-13 21:23:43 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\enchant
[2011-07-13 21:23:41 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\.purple
[2011-07-13 21:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2011-07-13 21:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2011-07-13 21:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011-07-13 21:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2011-07-13 21:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2011-07-13 21:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2011-07-13 21:15:32 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\Visual Studio 2010
[2011-07-13 21:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2011-07-13 21:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011-07-13 21:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011-07-13 21:08:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011-07-10 11:27:56 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011-07-10 11:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011-07-10 11:27:47 | 000,000,000 | ---D | C] -- C:\Intel
[2011-07-10 11:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011-07-10 11:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011-07-10 00:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2011-07-10 00:04:06 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Macromedia
[2011-07-10 00:04:06 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Adobe
[2011-07-09 23:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2011-07-09 23:52:28 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011-07-09 23:52:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011-07-09 23:46:26 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Mozilla
[2011-07-09 23:46:26 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Mozilla
[2011-07-09 23:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011-07-09 23:42:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011-07-09 11:03:29 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\PLAY ONLINE
[2011-07-09 11:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAY ONLINE
[2011-07-09 11:02:11 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2011-07-09 11:02:11 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01007.dll
[2011-07-09 11:02:11 | 000,196,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2011-07-09 11:02:11 | 000,093,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2011-07-09 11:02:11 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2011-07-09 11:02:11 | 000,055,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2011-07-09 11:02:11 | 000,029,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2011-07-09 11:02:06 | 000,999,936 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2011-07-09 11:02:06 | 000,256,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2011-07-09 11:02:06 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2011-07-09 11:02:06 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2011-07-09 11:02:06 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2011-07-09 11:01:58 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2011-07-09 11:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PLAY ONLINE
[2011-07-09 11:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2011-07-09 00:31:24 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\TrueCrypt
[2011-07-09 00:31:11 | 000,230,352 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011-07-09 00:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2011-07-08 23:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011-07-08 23:51:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011-07-08 23:47:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011-07-08 23:47:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011-07-08 23:45:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011-07-08 23:45:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011-07-08 23:44:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011-07-08 23:44:58 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011-07-08 23:44:58 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011-07-08 23:44:58 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011-07-08 23:44:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011-07-08 23:44:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011-07-08 23:41:56 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011-07-08 23:41:56 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011-07-08 23:41:55 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011-07-08 23:41:55 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011-07-08 23:41:55 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011-07-08 23:41:55 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011-07-08 23:41:55 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011-07-08 23:41:55 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011-07-08 23:41:55 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011-07-08 23:41:55 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011-07-08 23:41:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011-07-08 23:41:55 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011-07-08 23:41:55 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011-07-08 23:41:55 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011-07-08 23:41:53 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011-07-08 23:41:53 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011-07-08 23:41:52 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011-07-08 23:41:52 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011-07-08 23:41:52 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011-07-08 23:41:52 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011-07-08 23:41:52 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011-07-08 23:41:52 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011-07-08 23:41:52 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011-07-08 23:41:52 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011-07-08 23:41:50 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011-07-08 23:41:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011-07-08 23:41:47 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011-07-08 23:40:20 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011-07-08 22:49:48 | 000,000,000 | R--D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011-07-08 22:49:48 | 000,000,000 | R--D | C] -- C:\Users\dominik\Searches
[2011-07-08 22:49:48 | 000,000,000 | R--D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011-07-08 22:49:38 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Identities
[2011-07-08 22:49:36 | 000,000,000 | R--D | C] -- C:\Users\dominik\Contacts
[2011-07-08 22:49:34 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\VirtualStore
[2011-07-08 22:49:22 | 000,000,000 | --SD | C] -- C:\Users\dominik\AppData\Roaming\Microsoft
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Videos
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Saved Games
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Pictures
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Music
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Links
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Favorites
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Downloads
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Documents
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Desktop
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Ustawienia lokalne
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\AppData\Local\Temporary Internet Files
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Szablony
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\SendTo
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Recent
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\PrintHood
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\NetHood
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Documents\Moje wideo
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Documents\Moje obrazy
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Moje dokumenty
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Documents\Moja muzyka
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Menu Start
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\AppData\Local\Historia
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Dane aplikacji
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\AppData\Local\Dane aplikacji
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Cookies
[2011-07-08 22:49:22 | 000,000,000 | -H-D | C] -- C:\Users\dominik\AppData
[2011-07-08 22:49:22 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Temp
[2011-07-08 22:49:22 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Microsoft
[2011-07-08 22:49:22 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Media Center Programs
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji
[2011-07-08 22:44:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011-07-08 22:41:44 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011-07-08 22:40:57 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011-04-02 01:51:20 | 000,463,152 | ---- | C] (Microsoft Corporation) -- C:\Users\dominik\AppData\Roaming\setup.exe
[2010-11-19 06:27:00 | 000,587,776 | ---- | C] (Igor Pavlov) -- C:\Users\dominik\AppData\Roaming\7za.exe

========== Files - Modified Within 30 Days ==========

[2011-08-01 12:36:33 | 001,847,366 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-08-01 12:36:33 | 000,803,702 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2011-08-01 12:36:33 | 000,717,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-08-01 12:36:33 | 000,179,424 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2011-08-01 12:36:33 | 000,145,868 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-08-01 12:32:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dominik\Desktop\OTL.exe
[2011-08-01 12:30:55 | 000,000,320 | -HS- | M] () -- C:\Windows\tasks\bqssceo.job
[2011-08-01 12:30:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-08-01 12:30:41 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-01 12:23:19 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-08-01 12:18:39 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\dominik\Desktop\mbam-setup-1.51.1.1800.exe
[2011-08-01 09:44:51 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-08-01 09:44:51 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-07-28 01:08:27 | 001,749,491 | ---- | M] () -- C:\Users\dominik\Documents\mala-biblia-efektywnej-nauki.pdf
[2011-07-25 12:16:50 | 000,000,168 | ---- | M] () -- C:\Users\dominik\defogger_reenable
[2011-07-25 11:46:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011-07-25 11:46:33 | 001,383,430 | ---- | M] () -- C:\tdsskiller.zip
[2011-07-25 11:45:23 | 000,000,126 | ---- | M] () -- C:\U6vxVJxm.html.part
[2011-07-25 11:45:05 | 000,607,017 | ---- | M] (Swearware) -- C:\dds.scr
[2011-07-23 17:05:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011-07-23 15:58:39 | 000,064,512 | RHS- | M] () -- C:\Windows\SysWow64\cryptsvcw.dll
[2011-07-23 15:58:37 | 000,306,007 | ---- | M] () -- C:\Users\dominik\AppData\Roaming\xnij.exe
[2011-07-21 01:57:08 | 000,009,064 | ---- | M] () -- C:\Users\dominik\AppData\Roaming\a.7z
[2011-07-17 17:47:34 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011-07-14 23:41:34 | 001,631,522 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-07-10 11:26:04 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2011-07-10 11:24:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011-07-10 11:23:29 | 001,721,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2011-07-10 11:23:26 | 000,214,312 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2011-07-10 11:23:26 | 000,147,752 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2011-07-10 11:23:26 | 000,107,816 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2011-07-10 11:23:25 | 000,316,464 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2011-07-10 11:23:23 | 000,396,584 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2011-07-10 11:23:23 | 000,264,488 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2011-07-10 11:23:23 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2011-07-10 11:23:23 | 000,173,352 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2011-07-10 00:18:06 | 004,675,976 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\ETDUI.cpl
[2011-07-10 00:17:58 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\drivers\ETD.sys
[2011-07-09 23:42:28 | 294,488,906 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-07-09 11:02:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011-07-09 00:31:11 | 000,230,352 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011-07-08 23:48:33 | 000,274,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-07-08 23:27:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-07-08 22:45:28 | 000,067,912 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011-07-08 22:45:28 | 000,067,912 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011-07-08 22:43:52 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-07-06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011-08-01 12:23:19 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-28 01:08:20 | 001,749,491 | ---- | C] () -- C:\Users\dominik\Documents\mala-biblia-efektywnej-nauki.pdf
[2011-07-25 12:16:50 | 000,000,168 | ---- | C] () -- C:\Users\dominik\defogger_reenable
[2011-07-25 11:46:33 | 001,383,430 | ---- | C] () -- C:\tdsskiller.zip
[2011-07-25 11:45:22 | 000,000,126 | ---- | C] () -- C:\U6vxVJxm.html.part
[2011-07-23 15:58:39 | 000,064,512 | RHS- | C] () -- C:\Windows\SysWow64\cryptsvcw.dll
[2011-07-23 15:58:39 | 000,000,320 | -HS- | C] () -- C:\Windows\tasks\bqssceo.job
[2011-07-23 15:58:34 | 000,306,007 | ---- | C] () -- C:\Users\dominik\AppData\Roaming\xnij.exe
[2011-07-23 12:10:17 | 026,325,407 | ---- | C] () -- C:\Users\dominik\Documents\Microsoft Office Excel 2007 Bible.pdf
[2011-07-21 01:57:08 | 000,009,064 | ---- | C] () -- C:\Users\dominik\AppData\Roaming\a.7z
[2011-07-15 15:19:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011-07-13 21:39:07 | 000,356,795 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2011-07-13 21:39:07 | 000,058,488 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2011-07-13 21:21:32 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2011-07-13 21:12:23 | 001,631,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-07-10 11:24:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011-07-09 23:46:19 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-07-09 23:42:28 | 294,488,906 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011-07-09 11:02:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011-07-08 23:27:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-07-08 22:49:56 | 000,001,417 | ---- | C] () -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011-07-08 22:49:50 | 000,001,451 | ---- | C] () -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011-07-08 22:45:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011-07-08 22:45:02 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011-07-08 22:43:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-07-08 22:40:57 | 3193,393,152 | -HS- | C] () -- C:\hiberfil.sys
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011-07-25 11:45:05 | 000,607,017 | ---- | M] (Swearware) -- C:\dds.scr
[2011-08-01 12:30:41 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-25 11:46:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011-08-01 12:30:46 | 4257,861,632 | -HS- | M] () -- C:\pagefile.sys
[2011-07-13 22:30:25 | 000,002,162 | ---- | M] () -- C:\RHDSetup.log
[2011-07-13 22:30:25 | 000,000,206 | ---- | M] () -- C:\setup.log
[2011-07-25 11:46:33 | 001,383,430 | ---- | M] () -- C:\tdsskiller.zip
[2011-07-25 11:45:23 | 000,000,126 | ---- | M] () -- C:\U6vxVJxm.html.part

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >



OTL Extras logfile created on: 2011-08-01 12:33:02 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dominik\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,97 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,71% Memory free
7,93 Gb Paging File | 6,63 Gb Available in Paging File | 83,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 26,92 Gb Free Space | 46,02% Space Free | Partition Type: NTFS
Drive E: | 343,65 Gb Total Space | 266,05 Gb Free Space | 77,42% Space Free | Partition Type: NTFS
Drive G: | 38,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DOMINIK-R720 | User Name: dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{2C7079FF-145F-55D4-1798-8F142C8CE52D}" = ccc-utility64
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3A44C087-94C4-CEA2-70EF-CFF112F451EA}" = ATI Catalyst Install Manager
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{6F5A03BD-6415-4EA8-99EC-F0A0A163DBB0}" = HP Deskjet 2050 J510 series Badanie ulepszeń produktu
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{AAD6E537-3EFC-4ECB-825D-C17094DB5076}" = HP Deskjet 2050 J510 series Podstawowe oprogramowanie urządzenia
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D7647425-7A6F-4DC6-9F9A-71148AB424CD}" = ESET NOD32 Antivirus
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Pomoc
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Polish
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"HaaliMkx" = Haali Media Splitter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800
"Matroska Pack" = Matroska Pack
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"Mozilla Firefox 5.0 (x86 pl)" = Mozilla Firefox 5.0 (x86 pl)
"Notepad++" = Notepad++
"Pidgin" = Pidgin
"PLAY ONLINE" = PLAY ONLINE
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-07-27 01:25:05 | Computer Name = dominik-r720 | Source = WinMgmt | ID = 10
Description =

Error - 2011-07-27 06:17:15 | Computer Name = dominik-r720 | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: PLAY ONLINE.exe, wersja: 1.0.0.1,
sygnatura czasowa: 0x4a1a2814 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x46495245
Identyfikator
procesu powodującego błąd: 0x8a0 Godzina uruchomienia aplikacji powodującej błąd:
0x01cc4c1d521c72d2 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\PLAY
ONLINE\PLAY ONLINE.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu:
99508692-b839-11e0-83e3-001e101f21c1

Error - 2011-07-27 10:06:49 | Computer Name = dominik-r720 | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: PLAY ONLINE.exe, wersja: 1.0.0.1,
sygnatura czasowa: 0x4a1a2814 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x5145525f
Identyfikator
procesu powodującego błąd: 0xe6c Godzina uruchomienia aplikacji powodującej błąd:
0x01cc4c466a6154c9 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\PLAY
ONLINE\PLAY ONLINE.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu:
ab1607dd-b859-11e0-83e3-001e101f21c1

Error - 2011-07-27 16:31:24 | Computer Name = dominik-r720 | Source = WinMgmt | ID = 10
Description =

Error - 2011-07-28 16:19:17 | Computer Name = dominik-r720 | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: PLAY ONLINE.exe, wersja: 1.0.0.1,
sygnatura czasowa: 0x4a1a2814 Nazwa modułu powodującego błąd: mshtml.dll, wersja:
9.0.8112.16430, sygnatura czasowa: 0x4db210c4 Kod wyjątku: 0xc0000005 Przesunięcie
błędu: 0x0041ce6e Identyfikator procesu powodującego błąd: 0x864 Godzina uruchomienia
aplikacji powodującej błąd: 0x01cc4c9bef03c1af Ścieżka aplikacji powodującej błąd:
C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe Ścieżka modułu powodującego błąd:
C:\Windows\SysWOW64\mshtml.dll Identyfikator raportu: ddcff521-b956-11e0-ba7a-001e101f1f81

Error - 2011-07-29 01:57:10 | Computer Name = dominik-r720 | Source = WinMgmt | ID = 10
Description =

Error - 2011-07-30 09:09:49 | Computer Name = dominik-r720 | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: PLAY ONLINE.exe, wersja: 1.0.0.1,
sygnatura czasowa: 0x4a1a2814 Nazwa modułu powodującego błąd: mshtml.dll, wersja:
9.0.8112.16430, sygnatura czasowa: 0x4db210c4 Kod wyjątku: 0xc0000005 Przesunięcie
błędu: 0x0041ce6e Identyfikator procesu powodującego błąd: 0x830 Godzina uruchomienia
aplikacji powodującej błąd: 0x01cc4db424f7e88e Ścieżka aplikacji powodującej błąd:
C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe Ścieżka modułu powodującego błąd:
C:\Windows\SysWOW64\mshtml.dll Identyfikator raportu: 33e17c26-baad-11e0-aea0-001e101fa1f5

Error - 2011-07-31 03:06:06 | Computer Name = dominik-r720 | Source = WinMgmt | ID = 10
Description =

Error - 2011-07-31 13:40:10 | Computer Name = dominik-r720 | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: PLAY ONLINE.exe, wersja: 1.0.0.1,
sygnatura czasowa: 0x4a1a2814 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x3838206e
Identyfikator
procesu powodującego błąd: 0x95c Godzina uruchomienia aplikacji powodującej błąd:
0x01cc4f501a275359 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\PLAY
ONLINE\PLAY ONLINE.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu:
22f38982-bb9c-11e0-aecd-001e101f7f74

Error - 2011-08-01 06:32:35 | Computer Name = dominik-r720 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2011-07-12 18:01:11 | Computer Name = dominik-r720 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2011-07-12 18:01:11 | Computer Name = dominik-r720 | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2011-07-12 18:06:34 | Computer Name = dominik-r720 | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2011-07-13 15:04:21 | Computer Name = dominik-r720 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2011-07-13 15:04:21 | Computer Name = dominik-r720 | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2011-07-13 15:40:44 | Computer Name = dominik-r720 | Source = Service Control Manager | ID = 7030
Description = Usługa Realtek9xp jest oznaczona jako usługa interakcyjna. System
jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
ta usługa może nie działać właściwie.

Error - 2011-07-14 16:48:58 | Computer Name = dominik-r720 | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 2011-07-15 13:30:53 | Computer Name = dominik-r720 | Source = volsnap | ID = 393252
Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie
można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.

Error - 2011-07-22 05:37:38 | Computer Name = dominik-r720 | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 11:21:26 na ?2011-?07-?22 było
nieoczekiwane.

Error - 2011-07-24 06:36:46 | Computer Name = dominik-r720 | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
z usługi LanmanServer.


< End of report >

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:01 AM

Posted 01 August 2011 - 10:30 AM

Witaj ponownie, Dominiku!.. :)

Hmm, zainfekować komputer niecały miesiąc po instalacji... ;)
Na mój gust, źródłem infekcji było pirackie oprogramowanie/crack/keygen ściągnięty via torrent; patrząc na daty:

2011-07-23 13:58:39 64512 --sha-r- C:\Windows\SysWow64\cryptsvcw.dll
2011-07-23 13:58:34 32768 ----a-w- C:\Users\dominik\AppData\Roaming\googlevet.exe
2011-07-23 13:58:34 306007 ----a-w- C:\Users\dominik\AppData\Roaming\xnij.exe
2011-07-23 13:52:11 -------- d-----w- C:\ProgramData\RegCure
2011-07-23 13:45:29 -------- d-----w- C:\Users\dominik\AppData\Local\Diagnostics
2011-07-23 13:32:43 32768 ------w- C:\Users\dominik\AppData\Roaming\googlejui.exe
2011-07-23 13:31:23 -------- d-----w- C:\Microsoft Office 2007 Enterprise
2011-07-23 10:04:13 -------- d-----w- C:\Program Files (x86)\uTorrent

Tak więc mogę tylko przestrzec przed pobieraniem, instalowaniem czegokolwiek z niepewnych źródeł!!..

Proszę odinstalować ten program (użyj: Start -> Control Panel -> Programs and Features) - jest to adware toolbar, sam program bez tego będzie działał zupełnie normalnie...
DAEMON Tools Toolbar

Następnie, proszę wykonać skrypt w OTL:
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
    [2011-07-17 17:47:29 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\dominik\AppData\Roaming\mozilla\Firefox\Profiles\1tv9q8j0.default\extensions\DTToolbar@toolbarnet.com
    [2011-07-17 17:47:28 | 000,002,055 | ---- | M] () -- C:\Users\dominik\AppData\Roaming\Mozilla\Firefox\Profiles\1tv9q8j0.default\searchplugins\daemon-search.xml
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
    O4 - HKLM..\Run: [] File not found
    [2011-07-23 15:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
    [2011-08-01 12:30:55 | 000,000,320 | -HS- | M] () -- C:\Windows\tasks\bqssceo.job
    [2011-07-23 15:58:39 | 000,064,512 | RHS- | M] () -- C:\Windows\SysWow64\cryptsvcw.dll
    [2011-07-23 15:58:37 | 000,306,007 | ---- | M] () -- C:\Users\dominik\AppData\Roaming\xnij.exe
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Po restarcie:
- spakuj folder c:\_OTL (najprościej: prawo-klik, wybierz: Wyślij do --> Folder skompresowany (zip) ), plik archiwum prześlij proszę na serwer (zostanie przekazane dalej, by dodać do detekcji): Upload a file (pojawi się: The file has been uploaded!, będzie oznaczać, że plik się wgrał)...

- sprawdź spokojnie czy problem nadal występuje...
- wykonaj nowy skan OTL.exe - pojawi się tylko log OTL.txt, wklej go w odpowiedzi do tematu...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 Varrad

Varrad
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 01 August 2011 - 12:57 PM

Tak, masz rację infekcję spowodował pirat z torrentów... Chwila głupoty.
Po zalecanych operacjach problem zniknął, przynajmniej narazie:)
Spakowany folder wysłałem, log wklejam.
Dzięki wielkie za pomoc.

OTL logfile created on: 2011-08-01 19:37:49 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dominik\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,97 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 65,37% Memory free
7,93 Gb Paging File | 6,34 Gb Available in Paging File | 79,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 28,49 Gb Free Space | 48,70% Space Free | Partition Type: NTFS
Drive E: | 343,65 Gb Total Space | 266,05 Gb Free Space | 77,42% Space Free | Partition Type: NTFS
Drive G: | 38,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DOMINIK-R720 | User Name: dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-08-01 12:32:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dominik\Desktop\OTL.exe
PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-06-16 06:51:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010-11-16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009-04-14 21:28:46 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\dominik\AppData\Roaming\PLAY ONLINE\ouc.exe


========== Modules (SafeList) ==========

MOD - [2011-08-01 12:32:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dominik\Desktop\OTL.exe
MOD - [2010-11-21 05:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-01-12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011-01-12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009-09-01 23:55:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-07-17 17:47:34 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011-07-10 11:26:04 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2011-07-10 11:23:25 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011-07-10 00:17:58 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011-07-09 00:31:11 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011-07-06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011-05-11 18:14:03 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-05-11 18:14:03 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-12-21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010-12-21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010-12-21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-09 14:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010-08-31 18:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010-08-07 17:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010-07-27 09:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010-01-13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Sterownik karty Intel®
DRV:64bit: - [2009-09-28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009-09-02 00:31:48 | 006,204,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel®
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-07-09 23:46:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-07-23 20:26:38 | 000,000,000 | ---D | M]

[2011-07-09 23:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dominik\AppData\Roaming\mozilla\Extensions
[2011-08-01 19:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dominik\AppData\Roaming\mozilla\Firefox\Profiles\1tv9q8j0.default\extensions
[2011-07-09 23:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) --
[2011-06-16 06:51:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_PLAY ONLINE] C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-11-16 23:37:37 | 000,142,336 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008-03-07 10:34:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9047bef2-a9a2-11e0-a308-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9047bef2-a9a2-11e0-a308-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\setup.hta
O33 - MountPoints2\{dfa9f553-aa09-11e0-aeb4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dfa9f553-aa09-11e0-aeb4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dfa9f591-aa09-11e0-aeb4-0c6076dce07f}\Shell - "" = AutoRun
O33 - MountPoints2\{dfa9f591-aa09-11e0-aeb4-0c6076dce07f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010-11-16 23:37:37 | 000,142,336 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-08-01 19:25:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-08-01 12:32:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\dominik\Desktop\OTL.exe
[2011-08-01 12:23:25 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Malwarebytes
[2011-08-01 12:23:19 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-08-01 12:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-08-01 12:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-08-01 12:23:15 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-08-01 12:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-08-01 12:18:08 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\dominik\Desktop\mbam-setup-1.51.1.1800.exe
[2011-07-28 10:08:30 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\TS3Client
[2011-07-28 10:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011-07-28 09:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011-07-25 11:46:48 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011-07-25 11:45:50 | 000,000,000 | ---D | C] -- C:\strona
[2011-07-25 11:45:05 | 000,607,017 | ---- | C] (Swearware) -- C:\dds.scr
[2011-07-23 21:30:32 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Skype
[2011-07-23 21:30:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011-07-23 21:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011-07-23 21:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011-07-23 21:20:51 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\ESET
[2011-07-23 20:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011-07-23 20:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011-07-23 20:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-07-23 15:45:29 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Diagnostics
[2011-07-23 15:32:43 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Google
[2011-07-23 15:31:23 | 000,000,000 | ---D | C] -- C:\Microsoft Office 2007 Enterprise
[2011-07-23 12:04:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011-07-23 12:02:37 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\uTorrent
[2011-07-23 12:02:37 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\uTorrent
[2011-07-21 14:05:09 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\HpUpdate
[2011-07-21 14:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011-07-21 14:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011-07-21 14:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011-07-21 14:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011-07-21 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\HP
[2011-07-17 19:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011-07-17 19:00:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2011-07-17 18:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011-07-17 18:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011-07-17 18:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2011-07-17 17:49:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011-07-17 17:47:34 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011-07-17 17:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2011-07-17 17:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011-07-17 17:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011-07-17 17:46:53 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\DAEMON Tools Lite
[2011-07-17 17:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011-07-16 00:08:00 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011-07-16 00:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011-07-16 00:07:59 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Notepad++
[2011-07-16 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2011-07-16 00:03:41 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\BESTplayer
[2011-07-15 16:14:14 | 000,000,000 | ---D | C] -- C:\games
[2011-07-15 16:08:41 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Ubisoft
[2011-07-15 16:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011-07-15 15:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011-07-15 15:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011-07-15 15:38:35 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011-07-15 15:38:35 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011-07-15 15:38:35 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011-07-15 15:38:35 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011-07-15 15:38:35 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011-07-15 15:38:35 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011-07-15 15:38:34 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011-07-15 15:38:34 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011-07-15 15:38:34 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011-07-15 15:38:34 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011-07-15 15:38:34 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011-07-15 15:38:34 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011-07-15 15:38:34 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011-07-15 15:38:34 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011-07-15 15:38:34 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011-07-15 15:38:34 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011-07-15 15:38:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011-07-15 15:38:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011-07-15 15:38:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011-07-15 15:38:33 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011-07-15 15:38:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011-07-15 15:38:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011-07-15 15:38:33 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011-07-15 15:38:33 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011-07-15 15:38:32 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011-07-15 15:38:32 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011-07-15 15:38:32 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011-07-15 15:38:32 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011-07-15 15:38:32 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011-07-15 15:38:32 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011-07-15 15:38:31 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011-07-15 15:38:31 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011-07-15 15:38:31 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011-07-15 15:38:31 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011-07-15 15:38:31 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011-07-15 15:38:31 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011-07-15 15:38:31 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011-07-15 15:38:31 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011-07-15 15:38:30 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011-07-15 15:38:30 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011-07-15 15:38:30 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011-07-15 15:38:30 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011-07-15 15:38:30 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011-07-15 15:38:30 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011-07-15 15:38:30 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011-07-15 15:38:30 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011-07-15 15:38:30 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011-07-15 15:38:30 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011-07-15 15:38:29 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011-07-15 15:38:29 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011-07-15 15:38:29 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011-07-15 15:38:29 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011-07-15 15:38:29 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011-07-15 15:38:29 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011-07-15 15:38:29 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011-07-15 15:38:29 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011-07-15 15:38:28 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011-07-15 15:38:28 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011-07-15 15:38:28 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011-07-15 15:38:28 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011-07-15 15:38:28 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011-07-15 15:38:28 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011-07-15 15:38:27 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011-07-15 15:38:27 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011-07-15 15:38:27 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011-07-15 15:38:27 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011-07-15 15:38:26 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011-07-15 15:38:26 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011-07-15 15:38:26 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011-07-15 15:38:26 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011-07-15 15:38:26 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011-07-15 15:38:26 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011-07-15 15:38:26 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011-07-15 15:38:26 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011-07-15 15:38:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011-07-15 15:38:26 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011-07-15 15:38:26 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011-07-15 15:38:26 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011-07-15 15:38:25 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011-07-15 15:38:25 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011-07-15 15:38:25 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011-07-15 15:38:25 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011-07-15 15:38:24 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011-07-15 15:38:24 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011-07-15 15:38:24 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011-07-15 15:38:24 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011-07-15 15:38:24 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011-07-15 15:38:24 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011-07-15 15:38:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011-07-15 15:38:24 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011-07-15 15:38:24 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011-07-15 15:38:24 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011-07-15 15:38:23 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011-07-15 15:38:23 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011-07-15 15:38:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011-07-15 15:38:22 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011-07-15 15:38:22 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011-07-15 15:38:22 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011-07-15 15:38:21 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011-07-15 15:38:21 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011-07-15 15:38:21 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011-07-15 15:38:21 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011-07-15 15:38:20 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011-07-15 15:38:20 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011-07-15 15:38:20 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011-07-15 15:38:20 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011-07-15 15:38:20 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011-07-15 15:38:20 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011-07-15 15:38:20 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011-07-15 15:38:20 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011-07-15 15:38:20 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011-07-15 15:38:20 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011-07-15 15:38:19 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011-07-15 15:38:19 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011-07-15 15:38:19 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011-07-15 15:38:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011-07-15 15:38:19 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011-07-15 15:38:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011-07-15 15:38:19 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011-07-15 15:38:19 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011-07-15 15:38:19 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011-07-15 15:38:19 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011-07-15 15:38:19 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011-07-15 15:38:19 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011-07-15 15:38:18 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011-07-15 15:38:18 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011-07-15 15:38:18 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011-07-15 15:38:18 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011-07-15 15:38:18 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011-07-15 15:38:18 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011-07-15 15:38:18 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011-07-15 15:38:18 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011-07-15 15:38:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011-07-15 15:38:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011-07-15 15:38:18 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011-07-15 15:38:18 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011-07-15 15:38:18 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011-07-15 15:38:18 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011-07-15 15:38:17 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011-07-15 15:38:17 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011-07-15 15:38:17 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011-07-15 15:38:17 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011-07-15 15:38:16 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011-07-15 15:38:16 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011-07-15 15:38:16 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011-07-15 15:38:16 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011-07-15 15:38:16 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011-07-15 15:38:16 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011-07-15 15:38:16 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011-07-15 15:38:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011-07-15 15:38:16 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011-07-15 15:38:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011-07-15 15:38:16 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011-07-15 15:38:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011-07-15 15:38:15 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011-07-15 15:38:15 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011-07-15 15:38:15 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011-07-15 15:38:15 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011-07-15 15:38:14 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011-07-15 15:38:14 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011-07-15 15:38:14 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011-07-15 15:38:14 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011-07-15 15:38:14 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011-07-15 15:38:14 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011-07-15 15:38:12 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011-07-15 15:38:12 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011-07-15 15:38:12 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011-07-15 15:38:12 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011-07-15 15:38:12 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011-07-15 15:38:12 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011-07-15 15:38:12 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011-07-15 15:38:12 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011-07-15 15:38:11 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011-07-15 15:38:11 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011-07-15 15:38:10 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011-07-15 15:38:10 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011-07-15 15:38:10 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011-07-15 15:38:10 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011-07-15 15:38:10 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011-07-15 15:38:10 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011-07-15 15:38:09 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011-07-15 15:38:09 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011-07-15 15:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011-07-15 15:21:46 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Adobe
[2011-07-15 15:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011-07-15 15:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011-07-15 15:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011-07-15 13:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011-07-15 12:02:32 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\WinRAR
[2011-07-15 12:02:32 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-07-15 12:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-07-15 12:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011-07-14 23:52:18 | 000,078,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2011-07-14 23:52:18 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2011-07-14 23:52:11 | 000,111,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2011-07-14 23:52:11 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2011-07-14 23:51:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2011-07-14 23:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011-07-14 23:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011-07-14 23:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2011-07-14 23:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011-07-14 23:42:09 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011-07-14 23:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011-07-14 23:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011-07-14 23:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011-07-14 23:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011-07-14 23:32:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2011-07-14 23:32:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2011-07-14 23:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2011-07-14 10:19:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011-07-14 09:57:05 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\Visual Studio 2005
[2011-07-13 22:27:41 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Microsoft_Corporation
[2011-07-13 22:26:32 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\Integration Services Script Component
[2011-07-13 22:26:06 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\Integration Services Script Task
[2011-07-13 22:25:49 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\SQL Server Management Studio
[2011-07-13 22:23:00 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\Visual Studio 2008
[2011-07-13 22:22:47 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Microsoft Help
[2011-07-13 22:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011-07-13 22:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011-07-13 22:21:21 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\ElevatedDiagnostics
[2011-07-13 22:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011-07-13 22:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011-07-13 22:18:04 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Winamp
[2011-07-13 22:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011-07-13 22:07:43 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Matroska Pack
[2011-07-13 22:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Matroska Pack
[2011-07-13 22:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Matroska Pack
[2011-07-13 21:40:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RtlGina
[2011-07-13 21:39:07 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2011-07-13 21:39:07 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2011-07-13 21:39:07 | 000,063,648 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll
[2011-07-13 21:39:07 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011-07-13 21:39:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO
[2011-07-13 21:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2011-07-13 21:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2011-07-13 21:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011-07-13 21:37:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2011-07-13 21:37:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011-07-13 21:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011-07-13 21:37:39 | 001,632,800 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2011-07-13 21:37:39 | 001,496,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2011-07-13 21:37:39 | 001,178,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2011-07-13 21:37:39 | 000,611,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2011-07-13 21:37:39 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011-07-13 21:37:39 | 000,436,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2011-07-13 21:37:39 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011-07-13 21:37:39 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2011-07-13 21:37:39 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011-07-13 21:37:39 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011-07-13 21:37:39 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011-07-13 21:37:39 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011-07-13 21:37:39 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011-07-13 21:37:39 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011-07-13 21:37:39 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2011-07-13 21:37:39 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011-07-13 21:37:39 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011-07-13 21:37:39 | 000,064,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2011-07-13 21:37:38 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011-07-13 21:37:38 | 000,309,760 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011-07-13 21:37:38 | 000,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2011-07-13 21:37:38 | 000,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2011-07-13 21:37:37 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011-07-13 21:37:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011-07-13 21:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011-07-13 21:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011-07-13 21:35:48 | 000,408,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2011-07-13 21:35:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011-07-13 21:35:45 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\InstallShield
[2011-07-13 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\ATI
[2011-07-13 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\ATI
[2011-07-13 21:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011-07-13 21:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011-07-13 21:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011-07-13 21:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011-07-13 21:23:43 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\enchant
[2011-07-13 21:23:41 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\.purple
[2011-07-13 21:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2011-07-13 21:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2011-07-13 21:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011-07-13 21:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2011-07-13 21:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2011-07-13 21:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2011-07-13 21:15:32 | 000,000,000 | ---D | C] -- C:\Users\dominik\Documents\Visual Studio 2010
[2011-07-13 21:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2011-07-13 21:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011-07-13 21:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011-07-13 21:08:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011-07-10 11:27:56 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011-07-10 11:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011-07-10 11:27:47 | 000,000,000 | ---D | C] -- C:\Intel
[2011-07-10 11:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011-07-10 11:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011-07-10 00:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2011-07-10 00:04:06 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Macromedia
[2011-07-10 00:04:06 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Adobe
[2011-07-09 23:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2011-07-09 23:52:28 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011-07-09 23:52:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011-07-09 23:46:26 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Mozilla
[2011-07-09 23:46:26 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Mozilla
[2011-07-09 23:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011-07-09 23:42:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011-07-09 11:03:29 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\PLAY ONLINE
[2011-07-09 11:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAY ONLINE
[2011-07-09 11:02:11 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2011-07-09 11:02:11 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01007.dll
[2011-07-09 11:02:11 | 000,196,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2011-07-09 11:02:11 | 000,093,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2011-07-09 11:02:11 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2011-07-09 11:02:11 | 000,055,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2011-07-09 11:02:11 | 000,029,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2011-07-09 11:02:06 | 000,999,936 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2011-07-09 11:02:06 | 000,256,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2011-07-09 11:02:06 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2011-07-09 11:02:06 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2011-07-09 11:02:06 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2011-07-09 11:01:58 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2011-07-09 11:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PLAY ONLINE
[2011-07-09 11:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2011-07-09 00:31:24 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\TrueCrypt
[2011-07-09 00:31:11 | 000,230,352 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011-07-09 00:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2011-07-08 23:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011-07-08 23:51:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011-07-08 23:47:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011-07-08 23:47:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011-07-08 23:45:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011-07-08 23:45:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011-07-08 23:44:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011-07-08 23:44:58 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011-07-08 23:44:58 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011-07-08 23:44:58 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011-07-08 23:44:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011-07-08 23:44:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011-07-08 23:41:56 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011-07-08 23:41:56 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011-07-08 23:41:55 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011-07-08 23:41:55 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011-07-08 23:41:55 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011-07-08 23:41:55 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011-07-08 23:41:55 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011-07-08 23:41:55 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011-07-08 23:41:55 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011-07-08 23:41:55 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011-07-08 23:41:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011-07-08 23:41:55 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011-07-08 23:41:55 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011-07-08 23:41:55 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011-07-08 23:41:53 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011-07-08 23:41:53 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011-07-08 23:41:52 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011-07-08 23:41:52 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011-07-08 23:41:52 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011-07-08 23:41:52 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011-07-08 23:41:52 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011-07-08 23:41:52 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011-07-08 23:41:52 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011-07-08 23:41:52 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011-07-08 23:41:50 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011-07-08 23:41:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011-07-08 23:41:47 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011-07-08 23:40:20 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011-07-08 22:49:48 | 000,000,000 | R--D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011-07-08 22:49:48 | 000,000,000 | R--D | C] -- C:\Users\dominik\Searches
[2011-07-08 22:49:48 | 000,000,000 | R--D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011-07-08 22:49:38 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Identities
[2011-07-08 22:49:36 | 000,000,000 | R--D | C] -- C:\Users\dominik\Contacts
[2011-07-08 22:49:34 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\VirtualStore
[2011-07-08 22:49:22 | 000,000,000 | --SD | C] -- C:\Users\dominik\AppData\Roaming\Microsoft
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Videos
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Saved Games
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Pictures
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Music
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Links
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Favorites
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Downloads
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Documents
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\Desktop
[2011-07-08 22:49:22 | 000,000,000 | R--D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Ustawienia lokalne
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\AppData\Local\Temporary Internet Files
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Szablony
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\SendTo
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Recent
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\PrintHood
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\NetHood
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Documents\Moje wideo
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Documents\Moje obrazy
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Moje dokumenty
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Documents\Moja muzyka
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Menu Start
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\AppData\Local\Historia
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Dane aplikacji
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\AppData\Local\Dane aplikacji
[2011-07-08 22:49:22 | 000,000,000 | -HSD | C] -- C:\Users\dominik\Cookies
[2011-07-08 22:49:22 | 000,000,000 | -H-D | C] -- C:\Users\dominik\AppData
[2011-07-08 22:49:22 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Temp
[2011-07-08 22:49:22 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\Microsoft
[2011-07-08 22:49:22 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Media Center Programs
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2011-07-08 22:49:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji
[2011-07-08 22:44:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011-07-08 22:41:44 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011-07-08 22:40:57 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011-04-02 01:51:20 | 000,463,152 | ---- | C] (Microsoft Corporation) -- C:\Users\dominik\AppData\Roaming\setup.exe
[2010-11-19 06:27:00 | 000,587,776 | ---- | C] (Igor Pavlov) -- C:\Users\dominik\AppData\Roaming\7za.exe

========== Files - Modified Within 30 Days ==========

[2011-08-01 19:36:40 | 000,346,162 | ---- | M] () -- C:\Users\dominik\Desktop\_OTL.zip
[2011-08-01 19:35:46 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-08-01 19:35:46 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-08-01 19:32:49 | 001,847,366 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-08-01 19:32:49 | 000,803,702 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2011-08-01 19:32:49 | 000,717,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-08-01 19:32:49 | 000,179,424 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2011-08-01 19:32:49 | 000,145,868 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-08-01 19:28:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-08-01 19:28:19 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-01 12:32:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dominik\Desktop\OTL.exe
[2011-08-01 12:23:19 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-08-01 12:18:39 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\dominik\Desktop\mbam-setup-1.51.1.1800.exe
[2011-07-28 01:08:27 | 001,749,491 | ---- | M] () -- C:\Users\dominik\Documents\mala-biblia-efektywnej-nauki.pdf
[2011-07-25 12:16:50 | 000,000,168 | ---- | M] () -- C:\Users\dominik\defogger_reenable
[2011-07-25 11:46:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011-07-25 11:46:33 | 001,383,430 | ---- | M] () -- C:\tdsskiller.zip
[2011-07-25 11:45:05 | 000,607,017 | ---- | M] (Swearware) -- C:\dds.scr
[2011-07-23 17:05:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011-07-21 01:57:08 | 000,009,064 | ---- | M] () -- C:\Users\dominik\AppData\Roaming\a.7z
[2011-07-17 17:47:34 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011-07-14 23:41:34 | 001,631,522 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-07-10 11:26:04 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2011-07-10 11:24:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011-07-10 11:23:29 | 001,721,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2011-07-10 11:23:26 | 000,214,312 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2011-07-10 11:23:26 | 000,147,752 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2011-07-10 11:23:26 | 000,107,816 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2011-07-10 11:23:25 | 000,316,464 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2011-07-10 11:23:23 | 000,396,584 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2011-07-10 11:23:23 | 000,264,488 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2011-07-10 11:23:23 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2011-07-10 11:23:23 | 000,173,352 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2011-07-10 00:18:06 | 004,675,976 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\ETDUI.cpl
[2011-07-10 00:17:58 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\drivers\ETD.sys
[2011-07-09 23:42:28 | 294,488,906 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-07-09 11:02:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011-07-09 00:31:11 | 000,230,352 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011-07-08 23:48:33 | 000,274,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-07-08 23:27:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-07-08 22:45:28 | 000,067,912 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011-07-08 22:45:28 | 000,067,912 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011-07-08 22:43:52 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-07-06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011-08-01 19:36:40 | 000,346,162 | ---- | C] () -- C:\Users\dominik\Desktop\_OTL.zip
[2011-08-01 12:23:19 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-28 01:08:20 | 001,749,491 | ---- | C] () -- C:\Users\dominik\Documents\mala-biblia-efektywnej-nauki.pdf
[2011-07-25 12:16:50 | 000,000,168 | ---- | C] () -- C:\Users\dominik\defogger_reenable
[2011-07-25 11:46:33 | 001,383,430 | ---- | C] () -- C:\tdsskiller.zip
[2011-07-23 12:10:17 | 026,325,407 | ---- | C] () -- C:\Users\dominik\Documents\Microsoft Office Excel 2007 Bible.pdf
[2011-07-21 01:57:08 | 000,009,064 | ---- | C] () -- C:\Users\dominik\AppData\Roaming\a.7z
[2011-07-15 15:19:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011-07-13 21:39:07 | 000,356,795 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2011-07-13 21:39:07 | 000,058,488 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2011-07-13 21:21:32 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2011-07-13 21:12:23 | 001,631,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-07-10 11:24:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011-07-09 23:46:19 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-07-09 23:42:28 | 294,488,906 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011-07-09 11:02:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011-07-08 23:27:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011-07-08 22:49:56 | 000,001,417 | ---- | C] () -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011-07-08 22:49:50 | 000,001,451 | ---- | C] () -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011-07-08 22:45:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011-07-08 22:45:02 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011-07-08 22:43:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-07-08 22:40:57 | 3193,393,152 | -HS- | C] () -- C:\hiberfil.sys
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:01 AM

Posted 01 August 2011 - 02:39 PM

Witaj ponownie!!..

Tak, powinno być już ok - plik(i) odpowiedzialne za przekierowania zostały usunięte...
Dzięki za przesłane pliki!.. Wysłałem do MBAM i Eset - powinni dodać do detekcji w najbliższym czasie...

Dzięki wielkie za pomoc.

Nie ma problemu!.. :)

Możesz usunąć ten zbędny folder:
C:\Program Files (x86)\DAEMON Tools Toolbar

Rozumiem, że pełny skan systemu programem Nod32 wykonywałeś już wcześniej??.. Jeśli tak to ok, jeśli nie, wykonaj proszę...
Wykonajmy dodatkowe skanowanie jako sprawdzenie:
(stary ściągnięty plik usuń: C:\tdsskiller.zip)

  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 Varrad

Varrad
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 02 August 2011 - 01:57 AM

Witam
Skany wykonane, tdsskiller nic nie znalazł, nod tez.
Jeszcze raz dziękuję.

2011/08/02 08:53:34.0616 1860 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/02 08:53:35.0350 1860 ================================================================================
2011/08/02 08:53:35.0350 1860 SystemInfo:
2011/08/02 08:53:35.0350 1860
2011/08/02 08:53:35.0351 1860 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/02 08:53:35.0351 1860 Product type: Workstation
2011/08/02 08:53:35.0351 1860 ComputerName: DOMINIK-R720
2011/08/02 08:53:35.0351 1860 UserName: dominik
2011/08/02 08:53:35.0351 1860 Windows directory: C:\Windows
2011/08/02 08:53:35.0351 1860 System windows directory: C:\Windows
2011/08/02 08:53:35.0351 1860 Running under WOW64
2011/08/02 08:53:35.0351 1860 Processor architecture: Intel x64
2011/08/02 08:53:35.0351 1860 Number of processors: 2
2011/08/02 08:53:35.0351 1860 Page size: 0x1000
2011/08/02 08:53:35.0351 1860 Boot type: Normal boot
2011/08/02 08:53:35.0351 1860 ================================================================================
2011/08/02 08:53:36.0133 1860 Initialize success
2011/08/02 08:53:40.0078 4200 ================================================================================
2011/08/02 08:53:40.0078 4200 Scan started
2011/08/02 08:53:40.0078 4200 Mode: Manual;
2011/08/02 08:53:40.0078 4200 ================================================================================
2011/08/02 08:53:40.0901 4200 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/02 08:53:41.0005 4200 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/02 08:53:41.0063 4200 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/02 08:53:41.0244 4200 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/08/02 08:53:41.0351 4200 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/08/02 08:53:41.0491 4200 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/08/02 08:53:41.0579 4200 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/02 08:53:41.0652 4200 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/02 08:53:41.0728 4200 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/02 08:53:41.0797 4200 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/02 08:53:41.0852 4200 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/08/02 08:53:41.0908 4200 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2011/08/02 08:53:41.0968 4200 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/02 08:53:42.0041 4200 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/08/02 08:53:42.0098 4200 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/02 08:53:42.0182 4200 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/02 08:53:42.0267 4200 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/08/02 08:53:42.0329 4200 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/08/02 08:53:42.0400 4200 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/02 08:53:42.0443 4200 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/02 08:53:42.0517 4200 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/02 08:53:42.0688 4200 atikmdag (9746d950c3cf6434b2d1b385edab7ae5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/02 08:53:42.0943 4200 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/08/02 08:53:42.0991 4200 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/02 08:53:43.0059 4200 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/02 08:53:43.0113 4200 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/02 08:53:43.0171 4200 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/02 08:53:43.0236 4200 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/08/02 08:53:43.0257 4200 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/08/02 08:53:43.0315 4200 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/02 08:53:43.0358 4200 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/02 08:53:43.0392 4200 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/02 08:53:43.0425 4200 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/02 08:53:43.0468 4200 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/02 08:53:43.0536 4200 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/08/02 08:53:43.0608 4200 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/02 08:53:43.0664 4200 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys
2011/08/02 08:53:43.0725 4200 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/02 08:53:43.0775 4200 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/02 08:53:43.0818 4200 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/02 08:53:43.0883 4200 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/08/02 08:53:43.0925 4200 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/02 08:53:44.0062 4200 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/02 08:53:44.0102 4200 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/02 08:53:44.0151 4200 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/02 08:53:44.0216 4200 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/02 08:53:44.0272 4200 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/02 08:53:44.0318 4200 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/08/02 08:53:44.0378 4200 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/08/02 08:53:44.0434 4200 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/02 08:53:44.0471 4200 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/02 08:53:44.0541 4200 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/08/02 08:53:44.0616 4200 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
2011/08/02 08:53:44.0700 4200 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/02 08:53:44.0780 4200 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/08/02 08:53:44.0835 4200 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/02 08:53:44.0917 4200 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
2011/08/02 08:53:45.0032 4200 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/08/02 08:53:45.0207 4200 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/08/02 08:53:45.0380 4200 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/08/02 08:53:45.0434 4200 epfwwfpr (954fade8e59f159b0a71d0cfcc99a76e) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/08/02 08:53:45.0479 4200 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/02 08:53:45.0557 4200 ETD (438021c3f32f30e227d0f5dfd118b7b1) C:\Windows\system32\DRIVERS\ETD.sys
2011/08/02 08:53:45.0648 4200 ewusbnet (d83eb7ade99d99a4cd6568ac1261d35e) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/08/02 08:53:45.0695 4200 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
2011/08/02 08:53:45.0735 4200 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/02 08:53:45.0799 4200 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/02 08:53:45.0871 4200 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/08/02 08:53:45.0944 4200 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/02 08:53:45.0988 4200 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/02 08:53:46.0040 4200 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/08/02 08:53:46.0077 4200 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/02 08:53:46.0148 4200 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/02 08:53:46.0190 4200 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/02 08:53:46.0227 4200 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/02 08:53:46.0290 4200 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/02 08:53:46.0362 4200 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/02 08:53:46.0416 4200 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/02 08:53:46.0439 4200 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/02 08:53:46.0471 4200 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/08/02 08:53:46.0528 4200 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/08/02 08:53:46.0575 4200 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/08/02 08:53:46.0656 4200 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/02 08:53:46.0706 4200 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/02 08:53:46.0760 4200 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/02 08:53:46.0888 4200 huawei_enumerator (c2212c930d7a6cc21972b9882683d271) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
2011/08/02 08:53:46.0951 4200 hwdatacard (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/08/02 08:53:47.0015 4200 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/02 08:53:47.0083 4200 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/02 08:53:47.0144 4200 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/02 08:53:47.0176 4200 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/02 08:53:47.0252 4200 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/08/02 08:53:47.0355 4200 IntcAzAudAddService (9c1d5314d42b7f1bd6ad6fb1ba8870a8) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/02 08:53:47.0549 4200 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/02 08:53:47.0594 4200 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/02 08:53:47.0649 4200 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/02 08:53:47.0683 4200 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/02 08:53:47.0708 4200 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/02 08:53:47.0761 4200 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/02 08:53:47.0785 4200 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/02 08:53:47.0845 4200 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/02 08:53:47.0902 4200 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/02 08:53:47.0943 4200 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/02 08:53:47.0972 4200 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/02 08:53:47.0998 4200 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/02 08:53:48.0040 4200 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/02 08:53:48.0163 4200 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/02 08:53:48.0227 4200 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/02 08:53:48.0286 4200 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/02 08:53:48.0320 4200 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/08/02 08:53:48.0365 4200 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/02 08:53:48.0412 4200 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/02 08:53:48.0537 4200 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/02 08:53:48.0631 4200 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/08/02 08:53:48.0689 4200 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/08/02 08:53:48.0747 4200 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/02 08:53:48.0792 4200 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/02 08:53:48.0845 4200 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/02 08:53:48.0892 4200 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/02 08:53:48.0942 4200 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/02 08:53:48.0987 4200 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/02 08:53:49.0023 4200 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/02 08:53:49.0091 4200 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/02 08:53:49.0148 4200 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/02 08:53:49.0176 4200 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/02 08:53:49.0334 4200 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/02 08:53:49.0435 4200 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/02 08:53:49.0485 4200 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/02 08:53:49.0558 4200 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/02 08:53:49.0585 4200 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/02 08:53:49.0610 4200 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/02 08:53:49.0671 4200 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/02 08:53:49.0716 4200 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/02 08:53:49.0737 4200 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/02 08:53:49.0791 4200 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/02 08:53:49.0827 4200 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/02 08:53:49.0890 4200 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/02 08:53:49.0907 4200 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/08/02 08:53:49.0935 4200 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/02 08:53:50.0008 4200 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/02 08:53:50.0093 4200 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/02 08:53:50.0190 4200 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/02 08:53:50.0244 4200 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/02 08:53:50.0275 4200 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/02 08:53:50.0313 4200 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/02 08:53:50.0348 4200 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/02 08:53:50.0398 4200 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/02 08:53:50.0444 4200 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/02 08:53:50.0732 4200 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/08/02 08:53:51.0104 4200 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/08/02 08:53:51.0277 4200 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/08/02 08:53:51.0351 4200 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/02 08:53:51.0413 4200 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/02 08:53:51.0493 4200 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/02 08:53:51.0585 4200 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/02 08:53:51.0630 4200 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/02 08:53:51.0668 4200 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/02 08:53:51.0806 4200 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/02 08:53:51.0867 4200 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/02 08:53:51.0948 4200 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2011/08/02 08:53:52.0008 4200 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/02 08:53:52.0056 4200 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/02 08:53:52.0078 4200 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/02 08:53:52.0127 4200 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/08/02 08:53:52.0172 4200 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/02 08:53:52.0220 4200 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/02 08:53:52.0359 4200 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/02 08:53:52.0434 4200 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/08/02 08:53:52.0503 4200 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/02 08:53:52.0562 4200 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/08/02 08:53:52.0635 4200 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/08/02 08:53:52.0670 4200 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/02 08:53:52.0715 4200 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/02 08:53:52.0768 4200 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/02 08:53:52.0809 4200 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/02 08:53:52.0864 4200 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/02 08:53:52.0888 4200 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/02 08:53:52.0941 4200 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/02 08:53:52.0971 4200 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/02 08:53:53.0030 4200 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/02 08:53:53.0071 4200 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/08/02 08:53:53.0144 4200 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/02 08:53:53.0168 4200 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/02 08:53:53.0199 4200 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/02 08:53:53.0251 4200 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/02 08:53:53.0304 4200 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/02 08:53:53.0389 4200 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/08/02 08:53:53.0460 4200 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/02 08:53:53.0515 4200 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/08/02 08:53:53.0538 4200 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/02 08:53:53.0598 4200 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/02 08:53:53.0664 4200 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/02 08:53:53.0742 4200 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2011/08/02 08:53:53.0804 4200 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2011/08/02 08:53:53.0909 4200 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/08/02 08:53:53.0981 4200 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/02 08:53:54.0028 4200 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/02 08:53:54.0061 4200 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/02 08:53:54.0098 4200 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/08/02 08:53:54.0151 4200 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/08/02 08:53:54.0214 4200 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/08/02 08:53:54.0269 4200 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/02 08:53:54.0326 4200 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/02 08:53:54.0435 4200 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/02 08:53:54.0507 4200 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/02 08:53:54.0553 4200 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/02 08:53:54.0613 4200 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/08/02 08:53:54.0665 4200 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/02 08:53:54.0697 4200 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/08/02 08:53:54.0731 4200 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/02 08:53:54.0805 4200 SynTP (3c80203c725c28cea5713d1ab242880a) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/02 08:53:54.0950 4200 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/08/02 08:53:55.0159 4200 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/02 08:53:55.0222 4200 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/02 08:53:55.0291 4200 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/02 08:53:55.0346 4200 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/02 08:53:55.0400 4200 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/02 08:53:55.0437 4200 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/02 08:53:55.0594 4200 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
2011/08/02 08:53:55.0673 4200 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/02 08:53:55.0715 4200 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/02 08:53:55.0765 4200 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
2011/08/02 08:53:55.0808 4200 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/02 08:53:55.0853 4200 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/08/02 08:53:55.0902 4200 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/02 08:53:55.0962 4200 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/02 08:53:56.0013 4200 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/02 08:53:56.0051 4200 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/08/02 08:53:56.0101 4200 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/02 08:53:56.0155 4200 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/02 08:53:56.0184 4200 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/02 08:53:56.0249 4200 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/02 08:53:56.0301 4200 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/08/02 08:53:56.0354 4200 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/02 08:53:56.0417 4200 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/02 08:53:56.0441 4200 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/02 08:53:56.0466 4200 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/02 08:53:56.0574 4200 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/02 08:53:56.0671 4200 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/02 08:53:56.0755 4200 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/02 08:53:56.0788 4200 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/02 08:53:56.0839 4200 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/02 08:53:56.0883 4200 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/02 08:53:56.0946 4200 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/08/02 08:53:57.0031 4200 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/02 08:53:57.0071 4200 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/02 08:53:57.0131 4200 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/02 08:53:57.0169 4200 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/02 08:53:57.0250 4200 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/08/02 08:53:57.0301 4200 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/02 08:53:57.0365 4200 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/02 08:53:57.0426 4200 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/08/02 08:53:57.0468 4200 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/02 08:53:57.0504 4200 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/02 08:53:57.0561 4200 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/08/02 08:53:57.0600 4200 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/02 08:53:57.0721 4200 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/02 08:53:57.0769 4200 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/02 08:53:57.0873 4200 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/02 08:53:57.0943 4200 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/02 08:53:58.0011 4200 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/02 08:53:58.0075 4200 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/02 08:53:58.0137 4200 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/08/02 08:53:58.0207 4200 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/02 08:53:58.0252 4200 Boot (0x1200) (cff2489588dcfbaa951fe0334263182e) \Device\Harddisk0\DR0\Partition0
2011/08/02 08:53:58.0270 4200 Boot (0x1200) (29030a88b3ccfa2d1148701570c00b15) \Device\Harddisk0\DR0\Partition1
2011/08/02 08:53:58.0307 4200 Boot (0x1200) (943e9f73e51b57f122ea98de01b18ae6) \Device\Harddisk0\DR0\Partition2
2011/08/02 08:53:58.0313 4200 ================================================================================
2011/08/02 08:53:58.0313 4200 Scan finished
2011/08/02 08:53:58.0313 4200 ================================================================================
2011/08/02 08:53:58.0325 2920 Detected object count: 0
2011/08/02 08:53:58.0325 2920 Actual detected object count: 0

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:01 AM

Posted 02 August 2011 - 12:52 PM

Witaj ponownie!!.. :)

Fajnie, jeśli nie ma już żadnego problemu z komputerem, końcowe kroki do wykonania:

Firstly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Secondly,
Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:01 AM

Posted 12 August 2011 - 03:52 PM

Glad we could help. :)

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users