Zephyr Skrevet 12. februar 2010 Del Skrevet 12. februar 2010 Har et stort problem med at min server som kjører Win2003 server blir overtatt av et botnett. Det er hvertfall det det ser ut som. De siste 2 ukene har den blitt overtatt en 5-6 ganger og sist for ca 20min siden. Dette er det jeg veit blir forandret; Disse filene blir kopiert inn i C:\Documents and Settings\Administrator; 222.exe -->Passordbeskyttet SFX som inneholder tianxia.bat Kommentarer i filen er: Path=%systemroot%\system32 SavePath Setup=tianxia.bat Silent=1 Overwrite=1 Spools13.exe --> Kjører som en prosess Xg.exe --> Forandrer port for Remote Desktop til 3399 eller 3366 i registeret. My Computer\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\(PortNumber(3366)) I tillegg blir det lagt til noen flere verdier i registeret: My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Image File Execution Options\sethc.exe\(debugger(c:\windows\config\222.exe)) Som jeg har skjønt det var det slik den kom inn første gangen. Tydeligvis er ikke sethc.exe en beskyttet operativsystemfil. Den kan derfor forandres uten at windows sier ifra. Det er programfilen til ”sticky keys” eller trege taster og kan startes ved loginskjermen. My Computer\HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SkServer\(ImagePath(C:\Documents and Settings\Administrator\spools13.exe)) My Computer\HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SkServer\(ImagePath(C:\Documents and Settings\Administrator\spools13.exe)) Lurer på om hele den SkServer mappa er no rusk, men er ikke sikker. Under Services er det også lagt til Snake SockProxy Service som ikke høres helt bra ut. Problemet er at uansett hva jeg fjerner og redigerer av registre så kommer denna saken tilbake. Er det noen som har vært borti samme greia eller har noen tips til hvordan man skal kunne bli kvitt alt. Maskinen blir i tillegg restartet for å aktivere nye innstillinger og forandre port på RDP mellom hver gang. Meget irriterende det her. Kjører også NOD32 V4 Antivirus og Ad-Aware Live, men ser ikke ut til at de klarer og stoppe noe som helst her. Lenke til kommentar
medlem-68510 Skrevet 12. februar 2010 Del Skrevet 12. februar 2010 (endret) Start maskinen i sikkermodus, bruk msconfig til å fjerne skumle programmer og tjenester fra oppstart, bytt passord på kontoene dine og kjør antivirus-scan igjen. EDIT: Pass også på at du har alle de nyeste oppdateringene fra Windows Update. Endret 12. februar 2010 av Jckf Lenke til kommentar
Zephyr Skrevet 12. februar 2010 Forfatter Del Skrevet 12. februar 2010 (endret) Har fjernet alt jeg kan finne av ting nå og kjørte en HijackThis runde og kom opp med det her; Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 14:20:06, on 12.02.2010 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\PROGRA~2\Serv-U\ServUDaemon.exe C:\WINDOWS\SysWOW64\svchost.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\PROGRA~2\Serv-U\SERVUT~1.EXE C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://google.no/" target="_blank" rel="nofollow">http://google.no/</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=69157</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=54896</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=54896</a> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=69157</a> F2 - REG:system.ini: UserInit=userinit O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [servUTrayIcon] C:\PROGRA~2\Serv-U\SERVUT~1.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O15 - ESC Trusted Zone: <a href="http://runonce.msn.com" target="_blank" rel="nofollow">http://runonce.msn.com</a> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - <a href="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264937302639" target="_blank" rel="nofollow">http://update.microsoft.com/windowsupdate/...b?1264937302639</a> O17 - HKLM\System\CCS\Services\Tcpip\..\{E34F4D04-CFCC-427B-8B47-77B024E60D1E}: NameServer = 10.0.0.1 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~2\Serv-U\ServUDaemon.exe O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 5342 bytes Noe som ser skummelt ut her ?? Endret 19. februar 2010 av Zephyr Lenke til kommentar
norbat Skrevet 12. februar 2010 Del Skrevet 12. februar 2010 Kan ikke se noe skummelt i loggen. La oss prøve en annen skanner: Hent OTL.exe, legg den på skrivebordet. Kjør programmet og velg Run Scan. Post loggen (OTL.txt) Lenke til kommentar
Zephyr Skrevet 12. februar 2010 Forfatter Del Skrevet 12. februar 2010 (endret) Kjørte den som default og da kom jeg opp med det her. Den finner jo masse filer siden windows ble installert for under 30 dager siden. OTL logfile created on: 12.02.2010 19:49:47 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Administrator\Desktop 64bit-Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer Internet Explorer (Version = 8.0.6001.18702) Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 11,00 Gb Available Physical Memory | 92,00% Memory free 13,00 Gb Paging File | 13,00 Gb Available in Paging File | 97,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 37,57 Gb Total Space | 28,12 Gb Free Space | 74,87% Space Free | Partition Type: NTFS Drive D: | 195,32 Gb Total Space | 170,79 Gb Free Space | 87,44% Space Free | Partition Type: NTFS Drive E: | 8381,78 Gb Total Space | 539,99 Gb Free Space | 6,44% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SERVER Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Processes (SafeList) ==========<!--colorc--></span><!--/colorc--> PRC - [2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2010.02.04 22:24:04 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010.02.04 13:38:03 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2010.02.03 10:24:36 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010.01.31 19:13:09 | 003,364,352 | ---- | M] (Cat Soft) -- C:\Program Files (x86)\Serv-U\servudaemon.exe PRC - [2010.01.16 04:17:22 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009.10.26 08:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe PRC - [2008.08.18 13:25:10 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2005.01.04 10:41:36 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\Serv-U\ServUTray.exe <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Modules (SafeList) ==========<!--colorc--></span><!--/colorc--> MOD - [2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe MOD - [2009.10.26 08:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll MOD - [2007.02.18 11:24:12 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll MOD - [2007.02.18 11:06:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\winsta.dll MOD - [2007.02.18 11:05:38 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime MOD - [2007.02.18 11:05:22 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Win32 Services (SafeList) ==========<!--colorc--></span><!--/colorc--> SRV:<b>64bit:</b> - [2008.08.18 13:31:02 | 000,021,760 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:<b>64bit:</b> - [2008.08.18 13:25:10 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2010.02.04 22:24:04 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.01.31 19:13:09 | 003,364,352 | ---- | M] (Cat Soft) [Auto | Running] -- C:\Program Files (x86)\Serv-U\servudaemon.exe -- (Serv-U) SRV - [2009.09.28 19:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint) SRV - [2008.08.11 12:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2008.07.25 10:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\microsoft.net\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2008.07.25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\microsoft.net\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2007.02.18 11:05:48 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\rsopprov.exe -- (RSoPProv) SRV - [2007.02.18 11:05:44 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\ntfrs.exe -- (NtFrs) SRV - [2007.02.18 11:05:34 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\llssrv.exe -- (LicenseService) SRV - [2007.02.18 11:05:32 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\ismserv.exe -- (IsmServ) SRV - [2007.02.18 11:05:24 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\dfssvc.exe -- (Dfs) SRV - [2007.02.17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc) SRV - [2005.11.30 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet) SRV - [2005.11.30 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\trksvr.dll -- (TrkSvr) SRV - [2005.11.30 13:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf) <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Driver Services (SafeList) ==========<!--colorc--></span><!--/colorc--> DRV - [2010.01.16 01:49:49 | 000,000,006 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Mozilla Firefox\update.locale -- (Update) DRV - [2008.08.11 12:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2005.11.30 13:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wlbs.exe -- (WLBS) DRV - [2005.11.30 13:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\mnmdd.dll -- (mnmdd) <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Standard Registry (SafeList) ==========<!--colorc--></span><!--/colorc--> <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Internet Explorer ==========<!--colorc--></span><!--/colorc--> IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href="http://google.no/" target="_blank" rel="nofollow">http://google.no/</a> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== FireFox ==========<!--colorc--></span><!--/colorc--> FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.01.31 12:32:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.01.31 12:32:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.01.31 12:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2010.02.11 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\anou8m4b.default\extensions [2010.01.31 12:32:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.01.16 01:49:49 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010.01.16 01:49:49 | 000,000,955 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bok-NO.xml [2010.01.16 01:49:49 | 000,000,968 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\qxl-NO.xml [2010.01.16 01:49:49 | 000,001,203 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\telefonkatalogen-NO.xml [2010.01.16 01:49:49 | 000,001,176 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-NO.xml [2010.01.16 01:49:49 | 000,001,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-NO.xml Hosts file not found O4:<b>64bit:</b> - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:<b>64bit:</b> - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:<b>64bit:</b> - HKLM..\Run: [NodEnabler] C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe () O4:<b>64bit:</b> - HKLM..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe File not found O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [servUTrayIcon] C:\Program Files (x86)\Serv-U\ServUTray.exe () O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15:<b>64bit:</b> - ..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} <a href="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264937302639" target="_blank" rel="nofollow">http://update.microsoft.com/windowsupdate/...b?1264937302639</a> (WUWebControl Class) O18:<b>64bit:</b> - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found O18:<b>64bit:</b> - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18:<b>64bit:</b> - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18:<b>64bit:</b> - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O20:<b>64bit:</b> - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:<b>64bit:</b> - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found O20:<b>64bit:</b> - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20:<b>64bit:</b> - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\LMIinit: DllName - Reg Error: Key error. - File not found O20:<b>64bit:</b> - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found O20:<b>64bit:</b> - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O21:<b>64bit:</b> - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found O28:<b>64bit:</b> - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.31 23:55:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found <b>64bit:</b> O35 - comfile [open] -- "%1" %* File not found <b>64bit:</b> O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files/Folders - Created Within 30 Days ==========<!--colorc--></span><!--/colorc--> [2010.02.12 19:49:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010.02.12 14:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro [2010.02.12 13:55:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010.02.11 09:27:11 | 030,364,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MRT.exe [2010.02.11 00:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Desktopicon [2010.02.11 00:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2010.02.04 13:36:53 | 000,319,280 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Administrator\Desktop\utorrent.exe [2010.02.03 17:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn [2010.02.03 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2010.02.03 16:58:45 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.0.0.exe [2010.02.03 15:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET [2010.02.03 13:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ESET [2010.02.03 13:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010.02.03 13:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search [2010.02.03 10:24:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2010.02.03 10:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.02.03 10:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010.02.03 10:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2010.02.03 10:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn [2010.02.03 10:06:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn [2010.02.03 10:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment [2010.02.01 11:14:22 | 001,703,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdiplus.dll [2010.02.01 11:14:22 | 000,991,232 | ---- | C] (Viscom Software ) -- C:\WINDOWS\SysWow64\imageviewer2.ocx [2010.02.01 11:14:22 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comctl32.ocx [2010.02.01 11:14:22 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tabctl32.ocx [2010.02.01 11:14:22 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\threed32.ocx [2010.02.01 11:14:22 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comct232.ocx [2010.02.01 11:14:22 | 000,151,552 | ---- | C] (Domenico Statuto - CCRP) -- C:\WINDOWS\SysWow64\ccrpfd6.ocx [2010.02.01 11:14:22 | 000,110,592 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\SysWow64\ccrpbds6.dll [2010.02.01 11:14:22 | 000,106,496 | ---- | C] (Marco Bellinaso) -- C:\WINDOWS\SysWow64\mbprgbar.ocx [2010.02.01 11:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PIXresizer [2010.02.01 11:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TagRename [2010.02.01 00:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2010.02.01 00:19:52 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\SysWow64\CSVer.dll [2010.02.01 00:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2010.02.01 00:19:42 | 000,000,000 | ---D | C] -- C:\Intel [2010.02.01 00:04:25 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcex.dll [2010.02.01 00:04:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\microsoft.managementconsole.dll [2010.02.01 00:04:25 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcfxcommon.dll [2010.02.01 00:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en [2010.02.01 00:04:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcperf.exe [2010.02.01 00:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities [2010.02.01 00:02:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [2010.02.01 00:02:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo [2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data [2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu [2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents [2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites [2010.02.01 00:02:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies [2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates [2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood [2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood [2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings [2010.02.01 00:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop [2010.02.01 00:02:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2010.02.01 00:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\wmpub [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\system [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\speechengines [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\microsoft shared [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\inetsrv [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ime [2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2010.01.31 23:55:16 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mapi32.dll [2010.01.31 23:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\MicrosoftPassport [2010.01.31 23:54:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM [2010.01.31 23:54:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information [2010.01.31 23:54:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ils.dll [2010.01.31 23:54:03 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\SysWow64\isrdbg32.dll [2010.01.31 23:54:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nmevtmsg.dll [2010.01.31 23:54:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msconf.dll [2010.01.31 23:54:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mnmdd.dll [2010.01.31 23:54:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nmmkcert.dll [2010.01.31 23:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeeting [2010.01.31 23:53:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2010.01.31 23:53:59 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2010.01.31 23:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Music [2010.01.31 23:53:37 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaucpl.cpl [2010.01.31 23:53:36 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll [2010.01.31 23:53:36 | 000,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuweb.dll [2010.01.31 23:53:36 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups2.dll [2010.01.31 23:53:36 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll [2010.01.31 23:53:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qmgrprxy.dll [2010.01.31 23:53:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bitsprx2.dll [2010.01.31 23:53:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bitsprx3.dll [2010.01.31 23:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player [2010.01.31 23:53:19 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msoeacct.dll [2010.01.31 23:53:19 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msoert2.dll [2010.01.31 23:53:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\acctres.dll [2010.01.31 23:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Services [2010.01.31 23:53:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH [2010.01.31 23:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2010.01.31 23:53:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetres.dll [2010.01.31 23:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlook Express [2010.01.31 23:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2010.01.31 23:53:08 | 000,300,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstask.dll [2010.01.31 23:53:08 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icwdial.dll [2010.01.31 23:53:08 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icwphbk.dll [2010.01.31 23:53:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstinit.exe [2010.01.31 23:53:08 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2010.01.31 23:53:07 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcfg.dll [2010.01.31 23:53:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\isign32.dll [2010.01.31 23:53:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icfgnt5.dll [2010.01.31 23:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\System [2010.01.31 23:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System [2010.01.31 23:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer [2010.01.31 23:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer [2010.01.31 23:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2010.01.31 23:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2010.01.31 23:52:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\write.exe [2010.01.31 23:52:01 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\accwiz.exe [2010.01.31 23:52:01 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\access.cpl [2010.01.31 23:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT [2010.01.31 23:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows NT [2010.01.31 23:51:55 | 000,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe [2010.01.31 23:51:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winchat.exe [2010.01.31 23:51:52 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clipbrd.exe [2010.01.31 23:51:51 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\getuname.dll [2010.01.31 23:51:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\charmap.exe [2010.01.31 23:51:50 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\calc.exe [2010.01.31 23:51:48 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\resrcmon.exe [2010.01.31 23:51:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cluster [2010.01.31 23:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Compatibility Scripts [2010.01.31 23:51:41 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tscc.dll [2010.01.31 23:51:41 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsmmc.dll [2010.01.31 23:51:41 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsmhst.dll [2010.01.31 23:51:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\quser.exe [2010.01.31 23:51:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chgusr.exe [2010.01.31 23:51:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chglogon.exe [2010.01.31 23:51:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\query.exe [2010.01.31 23:51:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\change.exe [2010.01.31 23:51:39 | 001,871,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll [2010.01.31 23:51:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qwinsta.exe [2010.01.31 23:51:39 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qprocess.exe [2010.01.31 23:51:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qappsrv.exe [2010.01.31 23:51:36 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxlegih.dll [2010.01.31 23:51:36 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxdm.dll [2010.01.31 23:51:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxex.dll [2010.01.31 23:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Com [2010.01.31 23:51:35 | 001,295,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll [2010.01.31 23:51:35 | 000,616,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll [2010.01.31 23:51:35 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comuid.dll [2010.01.31 23:51:35 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrv.dll [2010.01.31 23:51:35 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsnap.dll [2010.01.31 23:51:35 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comadmin.dll [2010.01.31 23:51:35 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clbcatex.dll [2010.01.31 23:51:35 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stclient.dll [2010.01.31 23:51:35 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\colbact.dll [2010.01.31 23:51:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comaddin.dll [2010.01.31 23:51:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvps.dll [2010.01.31 23:51:30 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcuiu.dll [2010.01.31 23:51:30 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxoci.dll [2010.01.31 23:51:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xolehlp.dll [2010.01.31 23:51:29 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcprx.dll [2010.01.31 23:51:26 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\servdeps.dll [2010.01.31 23:51:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmfutil.dll [2010.01.31 19:11:14 | 000,000,000 | ---D | C] -- C:\ftphome [2010.01.31 19:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serv-U [2010.01.31 17:35:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2010.01.31 17:34:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\windowspowershell [2010.01.31 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search [2010.01.31 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Desktop Search [2010.01.31 15:35:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\config [2010.01.31 15:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer [2010.01.31 15:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild [2010.01.31 15:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2010.01.31 15:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2010.01.31 15:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies [2010.01.31 15:30:58 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2010.01.31 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2010.01.31 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 6.0 [2010.01.31 15:25:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache [2010.01.31 15:24:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2010.01.31 15:21:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2010.01.31 15:21:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2010.01.31 14:53:54 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wininet.dll [2010.01.31 14:53:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll [2010.01.31 14:53:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.01.31 14:52:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010.01.31 14:51:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.01.31 14:35:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en-us [2010.01.31 13:32:32 | 000,963,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpsnap.dll [2010.01.31 13:32:32 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\msizap.exe [2010.01.31 13:32:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\azrlreg.exe [2010.01.31 13:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\microsoft.net [2010.01.31 13:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\adam [2010.01.31 13:32:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icacls.exe [2010.01.31 13:32:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\verclsid.exe [2010.01.31 13:32:31 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\setupn.exe [2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsmsno.dll [2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsmsfi.dll [2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdno1.dll [2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdfi1.dll [2010.01.31 13:32:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdukx.dll [2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmlt48.dll [2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmlt47.dll [2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdiultn.dll [2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdbhc.dll [2010.01.31 13:32:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpash.dll [2010.01.31 13:32:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdnepr.dll [2010.01.31 13:32:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmaori.dll [2010.01.31 13:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\adfs [2010.01.31 13:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2010.01.31 13:29:38 | 001,364,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2010.01.31 13:29:37 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\activeds.dll [2010.01.31 13:29:36 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adsldpc.dll [2010.01.31 13:29:32 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cabinet.dll [2010.01.31 13:29:30 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clusapi.dll [2010.01.31 13:29:29 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comdlg32.dll [2010.01.31 13:29:28 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comres.dll [2010.01.31 13:29:27 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cryptui.dll [2010.01.31 13:29:27 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credui.dll [2010.01.31 13:29:26 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cscui.dll [2010.01.31 13:29:15 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hnetcfg.dll [2010.01.31 13:29:14 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\imagehlp.dll [2010.01.31 13:29:12 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iphlpapi.dll [2010.01.31 13:29:08 | 000,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mlang.dll [2010.01.31 13:29:04 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mprapi.dll [2010.01.31 13:29:03 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msacm32.dll [2010.01.31 13:29:00 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msihnd.dll [2010.01.31 13:28:59 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msimtf.dll [2010.01.31 13:28:53 | 001,809,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netshell.dll [2010.01.31 13:28:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\olecli32.dll [2010.01.31 13:28:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\olecnv32.dll [2010.01.31 13:28:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasapi32.dll [2010.01.31 13:28:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasadhlp.dll [2010.01.31 13:28:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasman.dll [2010.01.31 13:28:43 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rsaenh.dll [2010.01.31 13:28:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sensapi.dll [2010.01.31 13:28:39 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sfc_os.dll [2010.01.31 13:28:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stdole2.tlb [2010.01.31 13:28:34 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sxs.dll [2010.01.31 13:28:32 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tapi32.dll [2010.01.31 13:28:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winsta.dll [2010.01.31 13:28:22 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wintrust.dll [2010.01.31 13:28:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wshtcpip.dll [2010.01.31 13:28:11 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xpsp2res.dll [2010.01.31 13:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET [2010.01.31 13:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR [2010.01.31 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRar [2010.01.31 13:21:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.01.31 13:19:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010.01.31 13:19:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\PolicyBackup [2010.01.31 13:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG8 [2010.01.31 12:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\UltraVNC [2010.01.31 12:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC [2010.01.31 12:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia [2010.01.31 12:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2010.01.31 12:50:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Macromed [2010.01.31 12:43:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2010.01.31 12:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2010.01.31 12:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent [2010.01.31 12:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Nedlastinger [2010.01.31 12:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla [2010.01.31 12:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2010.01.31 12:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.01.31 12:28:58 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaueng.dll.mui [2010.01.31 12:28:58 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaucpl.cpl.mui [2010.01.31 12:28:58 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll.mui [2010.01.31 12:28:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\SoftwareDistribution [2010.01.31 12:27:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData [2010.01.31 03:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ODBC [2010.01.31 03:44:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2010.01.31 03:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC [2010.01.31 03:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeechEngines [2010.01.31 03:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Shared [2010.01.31 03:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines [2010.01.31 03:44:04 | 000,000,000 | R--D | C] -- C:\Program Files [2010.01.31 03:44:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86) [2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared [2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files [2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files [2010.01.31 03:44:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtuq.dll [2010.01.31 03:44:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtuf.dll [2010.01.31 03:44:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdru1.dll [2010.01.31 03:44:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdaze.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdycc.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbduzb.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdur.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtat.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdru.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmon.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdkyr.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdkaz.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdbu.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdblr.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdazel.dll [2010.01.31 03:44:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhept.dll [2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhela3.dll [2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhela2.dll [2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgkl.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlv1.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlv.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe319.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe220.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdest.dll [2010.01.31 03:44:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlt1.dll [2010.01.31 03:44:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlt.dll [2010.01.31 03:44:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz2.dll [2010.01.31 03:44:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdycl.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsl1.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsl.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpl1.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpl.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhu.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz1.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcr.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAL.DLL [2010.01.31 03:44:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdro.dll [2010.01.31 03:44:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhu1.dll [2010.01.31 03:43:48 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE [2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu [2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents [2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Desktop [2010.01.31 03:43:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates [2010.01.31 03:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites [2010.01.31 03:41:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010.01.31 03:41:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data [2010.01.31 03:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings [2010.01.31 03:41:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.01.31 03:33:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2010.01.31 03:33:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\wbem [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\usmt [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\TAPI [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWOW64 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\mui [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent64 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\InstallShield [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\inf [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime (x86) [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ias [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\export [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Drivers [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\3076 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\2052 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1054 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1042 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1041 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1037 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1033 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1031 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1028 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1025 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files - Modified Within 30 Days ==========<!--colorc--></span><!--/colorc--> [2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010.02.12 16:24:37 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.02.12 16:24:37 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010.02.12 16:24:37 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010.02.12 16:24:36 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010.02.12 16:24:35 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010.02.12 14:19:55 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk [2010.02.12 14:19:40 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.msi [2010.02.12 11:37:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.02.12 11:37:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.02.12 11:35:35 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010.02.12 11:35:27 | 005,880,168 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2010.02.12 08:07:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010.02.11 09:21:35 | 000,003,583 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.02.04 13:38:08 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk [2010.02.04 13:37:05 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Administrator\Desktop\utorrent.exe [2010.02.03 16:59:29 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk [2010.02.03 16:59:16 | 002,169,915 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.0.0.exe [2010.02.03 10:42:20 | 000,000,192 | -H-- | M] () -- C:\aaw7boot.cmd [2010.02.03 10:24:03 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010.02.03 10:06:15 | 000,001,024 | ---- | M] () -- C:\.rnd [2010.02.01 11:40:20 | 000,036,390 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\folder.jpg [2010.02.01 11:26:22 | 030,364,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MRT.exe [2010.02.01 11:14:35 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010.02.01 11:13:48 | 000,159,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1.jpg [2010.02.01 00:04:40 | 000,001,465 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\R2Help.lnk [2010.01.31 23:55:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.01.31 23:55:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini [2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010.01.31 23:55:24 | 000,000,401 | ---- | M] () -- C:\WINDOWS\win.ini [2010.01.31 23:55:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010.01.31 23:55:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb [2010.01.31 23:55:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb [2010.01.31 23:55:16 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\wuaucpl.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\sapi.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\nwc.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\ncpa.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\cdplayer.exe.manifest [2010.01.31 23:52:27 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini [2010.01.31 23:52:27 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini [2010.01.31 23:50:33 | 000,000,221 | -HS- | M] () -- C:\boot.ini [2010.01.31 17:37:41 | 000,562,546 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2010.01.31 13:33:24 | 000,001,367 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk [2010.01.31 13:26:02 | 000,297,072 | RHS- | M] () -- C:\ntldr [2010.01.31 12:57:20 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode).lnk [2010.01.31 12:57:16 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode Encrypt)).lnk [2010.01.31 12:56:39 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UltraVNC Viewer.lnk [2010.01.31 12:32:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010.01.31 12:25:41 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2010.01.31 03:47:55 | 000,000,150 | ---- | M] () -- C:\WINDOWS\system.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files Created - No Company Name ==========<!--colorc--></span><!--/colorc--> [2010.02.12 14:19:50 | 000,002,493 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk [2010.02.12 14:19:38 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.msi [2010.02.04 13:38:08 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk [2010.02.03 16:59:29 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk [2010.02.03 10:26:34 | 000,000,192 | -H-- | C] () -- C:\aaw7boot.cmd [2010.02.03 10:25:58 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.02.03 10:25:58 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010.02.03 10:24:03 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010.02.03 10:06:14 | 000,001,024 | ---- | C] () -- C:\.rnd [2010.02.01 11:14:59 | 000,036,390 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\folder.jpg [2010.02.01 11:13:48 | 000,159,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1.jpg [2010.02.01 00:04:40 | 000,001,465 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\R2Help.lnk [2010.02.01 00:02:35 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010.02.01 00:02:34 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010.01.31 23:59:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.01.31 23:56:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20932.nls [2010.01.31 23:56:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20936.nls [2010.01.31 23:56:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_720.nls [2010.01.31 23:56:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_708.nls [2010.01.31 23:56:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_21027.nls [2010.01.31 23:56:10 | 000,187,938 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20005.nls [2010.01.31 23:56:10 | 000,180,258 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20004.nls [2010.01.31 23:56:09 | 000,185,378 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20003.nls [2010.01.31 23:56:09 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20002.nls [2010.01.31 23:56:08 | 000,186,402 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20001.nls [2010.01.31 23:56:08 | 000,180,258 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20000.nls [2010.01.31 23:56:07 | 000,189,986 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1361.nls [2010.01.31 23:56:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20108.nls [2010.01.31 23:56:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20107.nls [2010.01.31 23:56:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20106.nls [2010.01.31 23:56:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20105.nls [2010.01.31 23:56:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28596.nls [2010.01.31 23:56:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20269.nls [2010.01.31 23:56:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_870.nls [2010.01.31 23:56:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_21025.nls [2010.01.31 23:56:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20924.nls [2010.01.31 23:56:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20880.nls [2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20871.nls [2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20838.nls [2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20833.nls [2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20424.nls [2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20423.nls [2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20420.nls [2010.01.31 23:55:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20297.nls [2010.01.31 23:55:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20290.nls [2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20285.nls [2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20284.nls [2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20280.nls [2010.01.31 23:55:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20278.nls [2010.01.31 23:55:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20277.nls [2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20273.nls [2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1149.nls [2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1148.nls [2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1147.nls [2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1146.nls [2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1145.nls [2010.01.31 23:55:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1144.nls [2010.01.31 23:55:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1143.nls [2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1142.nls [2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1141.nls [2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1140.nls [2010.01.31 23:55:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1047.nls [2010.01.31 23:55:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10021.nls [2010.01.31 23:55:49 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10008.nls [2010.01.31 23:55:47 | 000,177,698 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10003.nls [2010.01.31 23:55:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10005.nls [2010.01.31 23:55:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10004.nls [2010.01.31 23:55:46 | 000,195,618 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10002.nls [2010.01.31 23:55:46 | 000,162,850 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10001.nls [2010.01.31 23:55:45 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_864.nls [2010.01.31 23:55:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_862.nls [2010.01.31 23:55:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_858.nls [2010.01.31 23:55:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010.01.31 23:55:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2010.01.31 23:55:25 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2010.01.31 23:55:25 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2010.01.31 23:55:22 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2010.01.31 23:55:21 | 000,023,392 | ---- | C] () -- C:\WINDOWS\SysWow64\nscompat.tlb [2010.01.31 23:55:21 | 000,016,832 | ---- | C] () -- C:\WINDOWS\SysWow64\amcompat.tlb [2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\wuaucpl.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\sapi.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\nwc.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\ncpa.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\cdplayer.exe.manifest [2010.01.31 23:53:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2010.01.31 23:53:49 | 000,001,367 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk [2010.01.31 23:53:26 | 000,049,104 | -HS- | C] () -- C:\WINDOWS\lanmannt.bmp [2010.01.31 23:53:26 | 000,049,104 | -HS- | C] () -- C:\WINDOWS\lanma256.bmp [2010.01.31 23:51:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp [2010.01.31 23:51:53 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp [2010.01.31 23:51:53 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp [2010.01.31 23:51:53 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp [2010.01.31 23:51:53 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp [2010.01.31 23:51:53 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2010.01.31 23:51:53 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp [2010.01.31 23:51:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp [2010.01.31 23:51:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp [2010.01.31 23:51:53 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp [2010.01.31 23:51:52 | 000,093,702 | ---- | C] () -- C:\WINDOWS\SysWow64\subrange.uce [2010.01.31 23:51:52 | 000,016,740 | ---- | C] () -- C:\WINDOWS\SysWow64\shiftjis.uce [2010.01.31 23:51:52 | 000,012,876 | ---- | C] () -- C:\WINDOWS\SysWow64\korean.uce [2010.01.31 23:51:52 | 000,008,484 | ---- | C] () -- C:\WINDOWS\SysWow64\kanji_2.uce [2010.01.31 23:51:52 | 000,006,948 | ---- | C] () -- C:\WINDOWS\SysWow64\kanji_1.uce [2010.01.31 23:51:52 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp [2010.01.31 23:51:51 | 000,060,458 | ---- | C] () -- C:\WINDOWS\SysWow64\ideograf.uce [2010.01.31 23:51:51 | 000,024,006 | ---- | C] () -- C:\WINDOWS\SysWow64\gb2312.uce [2010.01.31 23:51:51 | 000,022,984 | ---- | C] () -- C:\WINDOWS\SysWow64\bopomofo.uce [2010.01.31 15:31:22 | 000,562,546 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2010.01.31 13:32:31 | 001,099,264 | ---- | C] () -- C:\WINDOWS\adfs.msp [2010.01.31 12:57:20 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode).lnk [2010.01.31 12:57:16 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode Encrypt)).lnk [2010.01.31 12:56:39 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UltraVNC Viewer.lnk [2010.01.31 12:32:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.01.31 12:25:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2010.01.31 03:44:14 | 000,003,583 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.01.31 03:44:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_857.nls [2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28599.nls [2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28595.NLS [2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10081.nls [2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10017.nls [2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_869.nls [2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_866.nls [2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_855.nls [2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_737.nls [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_875.nls [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28603.nls [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28597.NLS [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28594.NLS [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10007.nls [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10006.nls [2010.01.31 03:44:01 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_852.nls [2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10082.nls [2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10029.nls [2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10010.nls [2010.01.31 03:43:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20127.nls [2010.01.31 03:39:14 | 000,000,221 | -HS- | C] () -- C:\boot.ini [2005.11.30 13:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll [2005.11.30 13:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll [2005.11.30 13:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll [2005.11.30 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll [2005.11.30 13:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll [2005.11.30 13:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2005.11.30 13:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll [2005.11.30 13:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll [2005.11.30 13:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll [2005.11.30 13:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll [2005.11.30 13:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll [2005.11.30 13:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll [2005.11.30 13:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll [2005.11.30 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll [2005.11.30 13:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll < End of report > Endret 19. februar 2010 av Zephyr Lenke til kommentar
norbat Skrevet 12. februar 2010 Del Skrevet 12. februar 2010 Fortsatt ikke noe å se til malwaren. Snake SockProxy Service er en trojan, men jeg kan ikke se at den kjører på pc'n din. Fjernet du noen før du kjørte skanningen? Hvis du starter HJT og velger "Open the misc tools section", klikk på "Generate Startuplist log". Post loggen. Lenke til kommentar
Zephyr Skrevet 12. februar 2010 Forfatter Del Skrevet 12. februar 2010 Jeg har fjernet alt jeg har funnet ja, men filene kommer tilbake hele tiden så lurte på om jeg hadde glemt noe. har også deaktivert Snake SockProxy Servicen. Er mulig det var det jeg glemte sist. Hvis det kommer tilbake snart så kan jeg kjøre tester uten å slette noe først. Lenke til kommentar
Zephyr Skrevet 14. februar 2010 Forfatter Del Skrevet 14. februar 2010 (endret) Da var den her tilbake igjen så poster logger fra HJT og OTL OTL logfile created on: 14.02.2010 14:58:58 - Run 2 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Administrator\Desktop 64bit-Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer Internet Explorer (Version = 8.0.6001.18702) Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 11,00 Gb Available Physical Memory | 92,00% Memory free 13,00 Gb Paging File | 13,00 Gb Available in Paging File | 97,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 37,57 Gb Total Space | 28,07 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Drive D: | 195,32 Gb Total Space | 170,30 Gb Free Space | 87,19% Space Free | Partition Type: NTFS Drive E: | 8381,78 Gb Total Space | 539,99 Gb Free Space | 6,44% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SERVER Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Processes (SafeList) ==========<!--colorc--></span><!--/colorc--> PRC - [2010.02.14 04:45:11 | 000,266,240 | ---- | M] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> -- C:\Documents and Settings\Administrator\spools13.exe PRC - [2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2010.02.04 22:24:04 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010.02.04 13:38:03 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2010.02.03 10:24:36 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010.01.31 19:13:09 | 003,364,352 | ---- | M] (Cat Soft) -- C:\Program Files (x86)\Serv-U\servudaemon.exe PRC - [2009.10.26 08:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe PRC - [2008.08.18 13:25:10 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2005.01.04 10:41:36 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\Serv-U\ServUTray.exe <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Modules (SafeList) ==========<!--colorc--></span><!--/colorc--> MOD - [2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe MOD - [2009.10.26 08:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll MOD - [2007.02.18 11:24:12 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll MOD - [2007.02.18 11:05:38 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime MOD - [2007.02.18 11:05:22 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Win32 Services (SafeList) ==========<!--colorc--></span><!--/colorc--> SRV:<b>64bit:</b> - [2008.08.18 13:31:02 | 000,021,760 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:<b>64bit:</b> - [2008.08.18 13:25:10 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2010.02.14 04:45:11 | 000,266,240 | ---- | M] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> [Auto | Running] -- C:\Documents and Settings\Administrator\spools13.exe -- (SkServer) SRV - [2010.02.04 22:24:04 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.01.31 19:13:09 | 003,364,352 | ---- | M] (Cat Soft) [Auto | Running] -- C:\Program Files (x86)\Serv-U\servudaemon.exe -- (Serv-U) SRV - [2009.09.28 19:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint) SRV - [2008.08.11 12:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2008.07.25 10:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\microsoft.net\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2008.07.25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\microsoft.net\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2007.02.18 11:05:48 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\rsopprov.exe -- (RSoPProv) SRV - [2007.02.18 11:05:44 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\ntfrs.exe -- (NtFrs) SRV - [2007.02.18 11:05:34 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\llssrv.exe -- (LicenseService) SRV - [2007.02.18 11:05:32 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\ismserv.exe -- (IsmServ) SRV - [2007.02.18 11:05:24 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\dfssvc.exe -- (Dfs) SRV - [2007.02.17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc) SRV - [2005.11.30 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet) SRV - [2005.11.30 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\trksvr.dll -- (TrkSvr) SRV - [2005.11.30 13:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf) <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Driver Services (SafeList) ==========<!--colorc--></span><!--/colorc--> DRV - [2008.08.11 12:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2005.11.30 13:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wlbs.exe -- (WLBS) DRV - [2005.11.30 13:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\mnmdd.dll -- (mnmdd) <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Standard Registry (SafeList) ==========<!--colorc--></span><!--/colorc--> <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Internet Explorer ==========<!--colorc--></span><!--/colorc--> IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href="http://google.no/" target="_blank" rel="nofollow">http://google.no/</a> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== FireFox ==========<!--colorc--></span><!--/colorc--> FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.01.31 12:32:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.01.31 12:32:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.01.31 12:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2010.02.12 14:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\anou8m4b.default\extensions [2010.01.31 12:32:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.01.16 01:49:49 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010.01.16 01:49:49 | 000,000,955 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bok-NO.xml [2010.01.16 01:49:49 | 000,000,968 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\qxl-NO.xml [2010.01.16 01:49:49 | 000,001,203 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\telefonkatalogen-NO.xml [2010.01.16 01:49:49 | 000,001,176 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-NO.xml [2010.01.16 01:49:49 | 000,001,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-NO.xml Hosts file not found O4:<b>64bit:</b> - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:<b>64bit:</b> - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:<b>64bit:</b> - HKLM..\Run: [NodEnabler] C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe () O4:<b>64bit:</b> - HKLM..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe File not found O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [servUTrayIcon] C:\Program Files (x86)\Serv-U\ServUTray.exe () O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15:<b>64bit:</b> - ..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} <a href="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264937302639" target="_blank" rel="nofollow">http://update.microsoft.com/windowsupdate/...b?1264937302639</a> (WUWebControl Class) O18:<b>64bit:</b> - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found O18:<b>64bit:</b> - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18:<b>64bit:</b> - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18:<b>64bit:</b> - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O20:<b>64bit:</b> - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:<b>64bit:</b> - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found O20:<b>64bit:</b> - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20:<b>64bit:</b> - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\LMIinit: DllName - Reg Error: Key error. - File not found O20:<b>64bit:</b> - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20:<b>64bit:</b> - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found O20:<b>64bit:</b> - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O21:<b>64bit:</b> - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found O27:<b>64bit:</b> - HKLM IFEO\sethc.exe: Debugger - c:\windows\config\222.exe File not found O28:<b>64bit:</b> - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.31 23:55:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found <b>64bit:</b> O35 - comfile [open] -- "%1" %* File not found <b>64bit:</b> O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files/Folders - Created Within 30 Days ==========<!--colorc--></span><!--/colorc--> [2010.02.14 04:45:40 | 000,077,824 | ---- | C] (http://yingzinet.com) -- C:\Documents and Settings\Administrator\xg.exe [2010.02.14 04:45:03 | 000,266,240 | ---- | C] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> -- C:\Documents and Settings\Administrator\spools13.exe [2010.02.14 04:38:32 | 000,025,088 | ---- | C] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> -- C:\Documents and Settings\Administrator\spools4.exe [2010.02.12 21:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FileZilla [2010.02.12 21:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2010.02.12 19:49:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010.02.12 14:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro [2010.02.12 13:55:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010.02.11 09:27:11 | 030,364,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MRT.exe [2010.02.11 00:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Desktopicon [2010.02.11 00:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2010.02.04 13:36:53 | 000,319,280 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Administrator\Desktop\utorrent.exe [2010.02.03 17:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn [2010.02.03 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2010.02.03 16:58:45 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.0.0.exe [2010.02.03 15:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET [2010.02.03 13:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ESET [2010.02.03 13:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010.02.03 13:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search [2010.02.03 10:24:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2010.02.03 10:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.02.03 10:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010.02.03 10:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2010.02.03 10:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn [2010.02.03 10:06:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn [2010.02.03 10:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment [2010.02.01 11:14:22 | 001,703,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdiplus.dll [2010.02.01 11:14:22 | 000,991,232 | ---- | C] (Viscom Software ) -- C:\WINDOWS\SysWow64\imageviewer2.ocx [2010.02.01 11:14:22 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comctl32.ocx [2010.02.01 11:14:22 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tabctl32.ocx [2010.02.01 11:14:22 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\threed32.ocx [2010.02.01 11:14:22 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comct232.ocx [2010.02.01 11:14:22 | 000,151,552 | ---- | C] (Domenico Statuto - CCRP) -- C:\WINDOWS\SysWow64\ccrpfd6.ocx [2010.02.01 11:14:22 | 000,110,592 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\SysWow64\ccrpbds6.dll [2010.02.01 11:14:22 | 000,106,496 | ---- | C] (Marco Bellinaso) -- C:\WINDOWS\SysWow64\mbprgbar.ocx [2010.02.01 11:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PIXresizer [2010.02.01 11:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TagRename [2010.02.01 00:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2010.02.01 00:19:52 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\SysWow64\CSVer.dll [2010.02.01 00:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2010.02.01 00:19:42 | 000,000,000 | ---D | C] -- C:\Intel [2010.02.01 00:04:25 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcex.dll [2010.02.01 00:04:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\microsoft.managementconsole.dll [2010.02.01 00:04:25 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcfxcommon.dll [2010.02.01 00:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en [2010.02.01 00:04:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcperf.exe [2010.02.01 00:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities [2010.02.01 00:02:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [2010.02.01 00:02:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo [2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data [2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu [2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents [2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites [2010.02.01 00:02:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies [2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates [2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood [2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood [2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings [2010.02.01 00:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop [2010.02.01 00:02:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2010.02.01 00:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\wmpub [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\system [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\speechengines [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\microsoft shared [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\inetsrv [2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ime [2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2010.01.31 23:55:16 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mapi32.dll [2010.01.31 23:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\MicrosoftPassport [2010.01.31 23:54:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM [2010.01.31 23:54:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information [2010.01.31 23:54:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ils.dll [2010.01.31 23:54:03 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\SysWow64\isrdbg32.dll [2010.01.31 23:54:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nmevtmsg.dll [2010.01.31 23:54:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msconf.dll [2010.01.31 23:54:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mnmdd.dll [2010.01.31 23:54:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nmmkcert.dll [2010.01.31 23:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeeting [2010.01.31 23:53:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2010.01.31 23:53:59 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2010.01.31 23:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Music [2010.01.31 23:53:37 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaucpl.cpl [2010.01.31 23:53:36 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll [2010.01.31 23:53:36 | 000,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuweb.dll [2010.01.31 23:53:36 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups2.dll [2010.01.31 23:53:36 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll [2010.01.31 23:53:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qmgrprxy.dll [2010.01.31 23:53:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bitsprx2.dll [2010.01.31 23:53:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bitsprx3.dll [2010.01.31 23:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player [2010.01.31 23:53:19 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msoeacct.dll [2010.01.31 23:53:19 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msoert2.dll [2010.01.31 23:53:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\acctres.dll [2010.01.31 23:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Services [2010.01.31 23:53:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH [2010.01.31 23:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2010.01.31 23:53:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetres.dll [2010.01.31 23:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlook Express [2010.01.31 23:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2010.01.31 23:53:08 | 000,300,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstask.dll [2010.01.31 23:53:08 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icwdial.dll [2010.01.31 23:53:08 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icwphbk.dll [2010.01.31 23:53:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstinit.exe [2010.01.31 23:53:08 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2010.01.31 23:53:07 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcfg.dll [2010.01.31 23:53:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\isign32.dll [2010.01.31 23:53:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icfgnt5.dll [2010.01.31 23:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\System [2010.01.31 23:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System [2010.01.31 23:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer [2010.01.31 23:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer [2010.01.31 23:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2010.01.31 23:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2010.01.31 23:52:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\write.exe [2010.01.31 23:52:01 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\accwiz.exe [2010.01.31 23:52:01 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\access.cpl [2010.01.31 23:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT [2010.01.31 23:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows NT [2010.01.31 23:51:55 | 000,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe [2010.01.31 23:51:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winchat.exe [2010.01.31 23:51:52 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clipbrd.exe [2010.01.31 23:51:51 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\getuname.dll [2010.01.31 23:51:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\charmap.exe [2010.01.31 23:51:50 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\calc.exe [2010.01.31 23:51:48 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\resrcmon.exe [2010.01.31 23:51:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cluster [2010.01.31 23:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Compatibility Scripts [2010.01.31 23:51:41 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tscc.dll [2010.01.31 23:51:41 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsmmc.dll [2010.01.31 23:51:41 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsmhst.dll [2010.01.31 23:51:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\quser.exe [2010.01.31 23:51:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chgusr.exe [2010.01.31 23:51:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chglogon.exe [2010.01.31 23:51:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\query.exe [2010.01.31 23:51:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\change.exe [2010.01.31 23:51:39 | 001,871,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll [2010.01.31 23:51:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qwinsta.exe [2010.01.31 23:51:39 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qprocess.exe [2010.01.31 23:51:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qappsrv.exe [2010.01.31 23:51:36 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxlegih.dll [2010.01.31 23:51:36 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxdm.dll [2010.01.31 23:51:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxex.dll [2010.01.31 23:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Com [2010.01.31 23:51:35 | 001,295,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll [2010.01.31 23:51:35 | 000,616,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll [2010.01.31 23:51:35 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comuid.dll [2010.01.31 23:51:35 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrv.dll [2010.01.31 23:51:35 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsnap.dll [2010.01.31 23:51:35 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comadmin.dll [2010.01.31 23:51:35 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clbcatex.dll [2010.01.31 23:51:35 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stclient.dll [2010.01.31 23:51:35 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\colbact.dll [2010.01.31 23:51:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comaddin.dll [2010.01.31 23:51:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvps.dll [2010.01.31 23:51:30 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcuiu.dll [2010.01.31 23:51:30 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxoci.dll [2010.01.31 23:51:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xolehlp.dll [2010.01.31 23:51:29 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcprx.dll [2010.01.31 23:51:26 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\servdeps.dll [2010.01.31 23:51:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmfutil.dll [2010.01.31 19:11:14 | 000,000,000 | ---D | C] -- C:\ftphome [2010.01.31 19:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serv-U [2010.01.31 17:35:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2010.01.31 17:34:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\windowspowershell [2010.01.31 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search [2010.01.31 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Desktop Search [2010.01.31 15:35:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\config [2010.01.31 15:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer [2010.01.31 15:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild [2010.01.31 15:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2010.01.31 15:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2010.01.31 15:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies [2010.01.31 15:30:58 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2010.01.31 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2010.01.31 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 6.0 [2010.01.31 15:25:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache [2010.01.31 15:24:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2010.01.31 15:21:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2010.01.31 15:21:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2010.01.31 14:53:54 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wininet.dll [2010.01.31 14:53:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll [2010.01.31 14:53:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.01.31 14:52:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010.01.31 14:51:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.01.31 14:35:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en-us [2010.01.31 13:32:32 | 000,963,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpsnap.dll [2010.01.31 13:32:32 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\msizap.exe [2010.01.31 13:32:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\azrlreg.exe [2010.01.31 13:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\microsoft.net [2010.01.31 13:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\adam [2010.01.31 13:32:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icacls.exe [2010.01.31 13:32:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\verclsid.exe [2010.01.31 13:32:31 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\setupn.exe [2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsmsno.dll [2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsmsfi.dll [2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdno1.dll [2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdfi1.dll [2010.01.31 13:32:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdukx.dll [2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmlt48.dll [2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmlt47.dll [2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdiultn.dll [2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdbhc.dll [2010.01.31 13:32:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpash.dll [2010.01.31 13:32:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdnepr.dll [2010.01.31 13:32:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmaori.dll [2010.01.31 13:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\adfs [2010.01.31 13:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2010.01.31 13:29:38 | 001,364,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2010.01.31 13:29:37 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\activeds.dll [2010.01.31 13:29:36 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adsldpc.dll [2010.01.31 13:29:32 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cabinet.dll [2010.01.31 13:29:30 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clusapi.dll [2010.01.31 13:29:29 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comdlg32.dll [2010.01.31 13:29:28 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comres.dll [2010.01.31 13:29:27 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cryptui.dll [2010.01.31 13:29:27 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credui.dll [2010.01.31 13:29:26 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cscui.dll [2010.01.31 13:29:15 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hnetcfg.dll [2010.01.31 13:29:14 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\imagehlp.dll [2010.01.31 13:29:12 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iphlpapi.dll [2010.01.31 13:29:08 | 000,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mlang.dll [2010.01.31 13:29:04 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mprapi.dll [2010.01.31 13:29:03 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msacm32.dll [2010.01.31 13:29:00 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msihnd.dll [2010.01.31 13:28:59 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msimtf.dll [2010.01.31 13:28:53 | 001,809,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netshell.dll [2010.01.31 13:28:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\olecli32.dll [2010.01.31 13:28:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\olecnv32.dll [2010.01.31 13:28:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasapi32.dll [2010.01.31 13:28:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasadhlp.dll [2010.01.31 13:28:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasman.dll [2010.01.31 13:28:43 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rsaenh.dll [2010.01.31 13:28:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sensapi.dll [2010.01.31 13:28:39 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sfc_os.dll [2010.01.31 13:28:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stdole2.tlb [2010.01.31 13:28:34 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sxs.dll [2010.01.31 13:28:32 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tapi32.dll [2010.01.31 13:28:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winsta.dll [2010.01.31 13:28:22 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wintrust.dll [2010.01.31 13:28:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wshtcpip.dll [2010.01.31 13:28:11 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xpsp2res.dll [2010.01.31 13:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET [2010.01.31 13:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR [2010.01.31 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRar [2010.01.31 13:21:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.01.31 13:19:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010.01.31 13:19:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\PolicyBackup [2010.01.31 13:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG8 [2010.01.31 12:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\UltraVNC [2010.01.31 12:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC [2010.01.31 12:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia [2010.01.31 12:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2010.01.31 12:50:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Macromed [2010.01.31 12:43:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2010.01.31 12:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2010.01.31 12:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent [2010.01.31 12:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Nedlastinger [2010.01.31 12:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla [2010.01.31 12:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2010.01.31 12:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.01.31 12:28:58 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaueng.dll.mui [2010.01.31 12:28:58 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaucpl.cpl.mui [2010.01.31 12:28:58 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll.mui [2010.01.31 12:28:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\SoftwareDistribution [2010.01.31 12:27:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData [2010.01.31 03:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ODBC [2010.01.31 03:44:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2010.01.31 03:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC [2010.01.31 03:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeechEngines [2010.01.31 03:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Shared [2010.01.31 03:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines [2010.01.31 03:44:04 | 000,000,000 | R--D | C] -- C:\Program Files [2010.01.31 03:44:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86) [2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared [2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files [2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files [2010.01.31 03:44:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtuq.dll [2010.01.31 03:44:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtuf.dll [2010.01.31 03:44:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdru1.dll [2010.01.31 03:44:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdaze.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdycc.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbduzb.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdur.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtat.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdru.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmon.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdkyr.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdkaz.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdbu.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdblr.dll [2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdazel.dll [2010.01.31 03:44:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhept.dll [2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhela3.dll [2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhela2.dll [2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgkl.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlv1.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlv.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe319.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe220.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe.dll [2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdest.dll [2010.01.31 03:44:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlt1.dll [2010.01.31 03:44:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlt.dll [2010.01.31 03:44:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz2.dll [2010.01.31 03:44:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdycl.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsl1.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsl.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpl1.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpl.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhu.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz1.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcr.dll [2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAL.DLL [2010.01.31 03:44:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdro.dll [2010.01.31 03:44:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhu1.dll [2010.01.31 03:43:48 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE [2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu [2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents [2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Desktop [2010.01.31 03:43:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates [2010.01.31 03:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites [2010.01.31 03:41:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010.01.31 03:41:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data [2010.01.31 03:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings [2010.01.31 03:41:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.01.31 03:33:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2010.01.31 03:33:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\wbem [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\usmt [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\TAPI [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWOW64 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\mui [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent64 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\InstallShield [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\inf [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime (x86) [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ias [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\export [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Drivers [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\3076 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\2052 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1054 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1042 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1041 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1037 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1033 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1031 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1028 [2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1025 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files - Modified Within 30 Days ==========<!--colorc--></span><!--/colorc--> [2010.02.14 10:24:05 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010.02.14 04:51:24 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.02.14 04:51:23 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010.02.14 04:51:23 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010.02.14 04:51:22 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010.02.14 04:49:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.02.14 04:49:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.02.14 04:47:17 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010.02.14 04:47:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010.02.14 04:47:09 | 000,464,516 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2010.02.14 04:45:49 | 000,103,771 | ---- | M] () -- C:\Documents and Settings\Administrator\222.exe [2010.02.14 04:45:44 | 000,077,824 | ---- | M] (http://yingzinet.com) -- C:\Documents and Settings\Administrator\xg.exe [2010.02.14 04:45:11 | 000,266,240 | ---- | M] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> -- C:\Documents and Settings\Administrator\spools13.exe [2010.02.14 04:38:35 | 000,025,088 | ---- | M] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> -- C:\Documents and Settings\Administrator\spools4.exe [2010.02.12 21:35:55 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk [2010.02.12 21:35:38 | 004,124,332 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FileZilla_3.3.1_win32-setup.exe [2010.02.12 20:22:34 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk [2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2010.02.12 14:19:40 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.msi [2010.02.11 09:21:35 | 000,003,583 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.02.04 13:38:08 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk [2010.02.04 13:37:05 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Administrator\Desktop\utorrent.exe [2010.02.03 16:59:29 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk [2010.02.03 16:59:16 | 002,169,915 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.0.0.exe [2010.02.03 10:42:20 | 000,000,192 | -H-- | M] () -- C:\aaw7boot.cmd [2010.02.03 10:24:03 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010.02.03 10:06:15 | 000,001,024 | ---- | M] () -- C:\.rnd [2010.02.01 11:40:20 | 000,036,390 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\folder.jpg [2010.02.01 11:26:22 | 030,364,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MRT.exe [2010.02.01 11:14:35 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010.02.01 11:13:48 | 000,159,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1.jpg [2010.02.01 00:04:40 | 000,001,465 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\R2Help.lnk [2010.01.31 23:55:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.01.31 23:55:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini [2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010.01.31 23:55:24 | 000,000,401 | ---- | M] () -- C:\WINDOWS\win.ini [2010.01.31 23:55:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010.01.31 23:55:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb [2010.01.31 23:55:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb [2010.01.31 23:55:16 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\wuaucpl.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\sapi.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\nwc.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\ncpa.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\cdplayer.exe.manifest [2010.01.31 23:52:27 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini [2010.01.31 23:52:27 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini [2010.01.31 23:50:33 | 000,000,221 | -HS- | M] () -- C:\boot.ini [2010.01.31 17:37:41 | 000,562,546 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2010.01.31 13:33:24 | 000,001,367 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk [2010.01.31 13:26:02 | 000,297,072 | RHS- | M] () -- C:\ntldr [2010.01.31 12:57:20 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode).lnk [2010.01.31 12:57:16 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode Encrypt)).lnk [2010.01.31 12:56:39 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UltraVNC Viewer.lnk [2010.01.31 12:32:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010.01.31 12:25:41 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2010.01.31 03:47:55 | 000,000,150 | ---- | M] () -- C:\WINDOWS\system.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] <!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files Created - No Company Name ==========<!--colorc--></span><!--/colorc--> [2010.02.14 04:45:44 | 000,103,771 | ---- | C] () -- C:\Documents and Settings\Administrator\222.exe [2010.02.12 21:35:55 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk [2010.02.12 21:35:33 | 004,124,332 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FileZilla_3.3.1_win32-setup.exe [2010.02.12 14:19:50 | 000,002,493 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk [2010.02.12 14:19:38 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.msi [2010.02.04 13:38:08 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk [2010.02.03 16:59:29 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk [2010.02.03 10:26:34 | 000,000,192 | -H-- | C] () -- C:\aaw7boot.cmd [2010.02.03 10:25:58 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.02.03 10:25:58 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010.02.03 10:24:03 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010.02.03 10:06:14 | 000,001,024 | ---- | C] () -- C:\.rnd [2010.02.01 11:14:59 | 000,036,390 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\folder.jpg [2010.02.01 11:13:48 | 000,159,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1.jpg [2010.02.01 00:04:40 | 000,001,465 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\R2Help.lnk [2010.02.01 00:02:35 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010.02.01 00:02:34 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010.01.31 23:59:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.01.31 23:56:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20932.nls [2010.01.31 23:56:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20936.nls [2010.01.31 23:56:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_720.nls [2010.01.31 23:56:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_708.nls [2010.01.31 23:56:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_21027.nls [2010.01.31 23:56:10 | 000,187,938 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20005.nls [2010.01.31 23:56:10 | 000,180,258 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20004.nls [2010.01.31 23:56:09 | 000,185,378 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20003.nls [2010.01.31 23:56:09 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20002.nls [2010.01.31 23:56:08 | 000,186,402 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20001.nls [2010.01.31 23:56:08 | 000,180,258 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20000.nls [2010.01.31 23:56:07 | 000,189,986 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1361.nls [2010.01.31 23:56:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20108.nls [2010.01.31 23:56:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20107.nls [2010.01.31 23:56:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20106.nls [2010.01.31 23:56:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20105.nls [2010.01.31 23:56:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28596.nls [2010.01.31 23:56:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20269.nls [2010.01.31 23:56:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_870.nls [2010.01.31 23:56:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_21025.nls [2010.01.31 23:56:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20924.nls [2010.01.31 23:56:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20880.nls [2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20871.nls [2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20838.nls [2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20833.nls [2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20424.nls [2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20423.nls [2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20420.nls [2010.01.31 23:55:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20297.nls [2010.01.31 23:55:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20290.nls [2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20285.nls [2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20284.nls [2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20280.nls [2010.01.31 23:55:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20278.nls [2010.01.31 23:55:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20277.nls [2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20273.nls [2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1149.nls [2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1148.nls [2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1147.nls [2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1146.nls [2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1145.nls [2010.01.31 23:55:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1144.nls [2010.01.31 23:55:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1143.nls [2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1142.nls [2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1141.nls [2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1140.nls [2010.01.31 23:55:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1047.nls [2010.01.31 23:55:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10021.nls [2010.01.31 23:55:49 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10008.nls [2010.01.31 23:55:47 | 000,177,698 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10003.nls [2010.01.31 23:55:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10005.nls [2010.01.31 23:55:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10004.nls [2010.01.31 23:55:46 | 000,195,618 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10002.nls [2010.01.31 23:55:46 | 000,162,850 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10001.nls [2010.01.31 23:55:45 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_864.nls [2010.01.31 23:55:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_862.nls [2010.01.31 23:55:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_858.nls [2010.01.31 23:55:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010.01.31 23:55:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2010.01.31 23:55:25 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2010.01.31 23:55:25 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2010.01.31 23:55:22 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2010.01.31 23:55:21 | 000,023,392 | ---- | C] () -- C:\WINDOWS\SysWow64\nscompat.tlb [2010.01.31 23:55:21 | 000,016,832 | ---- | C] () -- C:\WINDOWS\SysWow64\amcompat.tlb [2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\wuaucpl.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\sapi.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\nwc.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\ncpa.cpl.manifest [2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\cdplayer.exe.manifest [2010.01.31 23:53:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2010.01.31 23:53:49 | 000,001,367 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk [2010.01.31 23:53:26 | 000,049,104 | -HS- | C] () -- C:\WINDOWS\lanmannt.bmp [2010.01.31 23:53:26 | 000,049,104 | -HS- | C] () -- C:\WINDOWS\lanma256.bmp [2010.01.31 23:51:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp [2010.01.31 23:51:53 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp [2010.01.31 23:51:53 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp [2010.01.31 23:51:53 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp [2010.01.31 23:51:53 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp [2010.01.31 23:51:53 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2010.01.31 23:51:53 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp [2010.01.31 23:51:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp [2010.01.31 23:51:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp [2010.01.31 23:51:53 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp [2010.01.31 23:51:52 | 000,093,702 | ---- | C] () -- C:\WINDOWS\SysWow64\subrange.uce [2010.01.31 23:51:52 | 000,016,740 | ---- | C] () -- C:\WINDOWS\SysWow64\shiftjis.uce [2010.01.31 23:51:52 | 000,012,876 | ---- | C] () -- C:\WINDOWS\SysWow64\korean.uce [2010.01.31 23:51:52 | 000,008,484 | ---- | C] () -- C:\WINDOWS\SysWow64\kanji_2.uce [2010.01.31 23:51:52 | 000,006,948 | ---- | C] () -- C:\WINDOWS\SysWow64\kanji_1.uce [2010.01.31 23:51:52 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp [2010.01.31 23:51:51 | 000,060,458 | ---- | C] () -- C:\WINDOWS\SysWow64\ideograf.uce [2010.01.31 23:51:51 | 000,024,006 | ---- | C] () -- C:\WINDOWS\SysWow64\gb2312.uce [2010.01.31 23:51:51 | 000,022,984 | ---- | C] () -- C:\WINDOWS\SysWow64\bopomofo.uce [2010.01.31 15:31:22 | 000,562,546 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2010.01.31 13:32:31 | 001,099,264 | ---- | C] () -- C:\WINDOWS\adfs.msp [2010.01.31 12:57:20 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode).lnk [2010.01.31 12:57:16 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode Encrypt)).lnk [2010.01.31 12:56:39 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UltraVNC Viewer.lnk [2010.01.31 12:32:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.01.31 12:25:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2010.01.31 03:44:14 | 000,003,583 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.01.31 03:44:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_857.nls [2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28599.nls [2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28595.NLS [2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10081.nls [2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10017.nls [2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_869.nls [2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_866.nls [2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_855.nls [2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_737.nls [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_875.nls [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28603.nls [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28597.NLS [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28594.NLS [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10007.nls [2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10006.nls [2010.01.31 03:44:01 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_852.nls [2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10082.nls [2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10029.nls [2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10010.nls [2010.01.31 03:43:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20127.nls [2010.01.31 03:39:14 | 000,000,221 | -HS- | C] () -- C:\boot.ini [2005.11.30 13:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll [2005.11.30 13:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll [2005.11.30 13:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll [2005.11.30 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll [2005.11.30 13:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll [2005.11.30 13:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2005.11.30 13:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll [2005.11.30 13:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll [2005.11.30 13:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll [2005.11.30 13:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll [2005.11.30 13:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll [2005.11.30 13:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll [2005.11.30 13:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll [2005.11.30 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll [2005.11.30 13:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll < End of report > Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 15:07:26, on 14.02.2010 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\PROGRA~2\Serv-U\ServUDaemon.exe C:\Documents and Settings\Administrator\spools13.exe C:\WINDOWS\SysWOW64\svchost.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\PROGRA~2\Serv-U\SERVUT~1.EXE C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://google.no/" target="_blank" rel="nofollow">http://google.no/</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=69157</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=54896</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=54896</a> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=69157</a> F2 - REG:system.ini: UserInit=userinit O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [servUTrayIcon] C:\PROGRA~2\Serv-U\SERVUT~1.EXE O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O15 - ESC Trusted Zone: <a href="http://runonce.msn.com" target="_blank" rel="nofollow">http://runonce.msn.com</a> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - <a href="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264937302639" target="_blank" rel="nofollow">http://update.microsoft.com/windowsupdate/...b?1264937302639</a> O17 - HKLM\System\CCS\Services\Tcpip\..\{E34F4D04-CFCC-427B-8B47-77B024E60D1E}: NameServer = 10.0.0.1 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~2\Serv-U\ServUDaemon.exe O23 - Service: Snake SockProxy Service (SkServer) - noname. <a href="http://snake.gnuchina.org" target="_blank" rel="nofollow">http://snake.gnuchina.org</a> - C:\Documents and Settings\Administrator\spools13.exe O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 5641 bytes Endret 19. februar 2010 av Zephyr Lenke til kommentar
medlem-68510 Skrevet 14. februar 2010 Del Skrevet 14. februar 2010 Hadde ikke loggene egnet seg bedre som vedlegg? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå