dragoi90
-
Content Count
4 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by dragoi90
-
-
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 2000 . (5.0.2195) Service Pack 4
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
Error OpenService (wscsvc) : 1060
[sharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 5.00.3700.1000
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:8 Go - Free:3 Go )
D:\ [CD_Rom]
.
Scan : 17:25.15
Path : C:\Documents and Settings\sporteli\Desktop\New Folder (5)\Rooter.exe
User : sporteli ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [system Process] (0)
______ System (8)
______ \SystemRoot\System32\smss.exe (156)
______ \??\C:\WINNT\system32\csrss.exe (176)
______ \??\C:\WINNT\system32\winlogon.exe (168)
______ C:\WINNT\system32\services.exe (228)
______ C:\WINNT\system32\lsass.exe (244)
______ C:\WINNT\system32\svchost.exe (428)
______ C:\WINNT\system32\spoolsv.exe (456)
______ C:\WINNT\system32\svchost.exe (500)
______ C:\WINNT\system32\hidserv.exe (516)
______ C:\WINNT\System32\svchost.exe (576)
______ C:\WINNT\system32\nvsvc32.exe (592)
______ C:\WINNT\System32\svchost.exe (640)
______ C:\WINNT\system32\regsvc.exe (660)
______ C:\WINNT\system32\MSTask.exe (676)
______ C:\WINNT\System32\snmp.exe (712)
______ C:\WINNT\system32\stisvc.exe (816)
______ C:\WINNT\system32\svchost.exe (876)
______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (916)
______ C:\WINNT\system32\mspmspsv.exe (808)
______ C:\WINNT\system32\svchost.exe (944)
______ C:\WINNT\system32\svchost.exe (960)
______ C:\Program Files\TeamViewer\Version4\TeamViewer.exe (1084)
______ C:\WINNT\Explorer.EXE (1112)
______ C:\WINNT\RTHDCPL.EXE (1240)
______ C:\WINNT\system32\RUNDLL32.EXE (1284)
______ C:\WINNT\system32\RUNDLL32.EXE (1312)
______ C:\WINNT\system32\RUNDLL32.EXE (1320)
______ C:\WINNT\system32\RUNDLL32.EXE (1208)
______ C:\Program Files\Skype\Phone\Skype.exe (1288)
______ C:\Documents and Settings\sporteli\Desktop\New Folder (5)\Rooter.exe (1052)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [sectors : 63 x 512 Bytes]
.
----------------------\\ Scheduled Tasks
.
C:\WINNT\Tasks\desktop.ini
C:\WINNT\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 17:25.27
.
C:\Rooter$\Rooter_1.txt - (17/01/2010 | 17:25.27)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eat.nfo
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\file_id.diz
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eat.nfo
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eat_rls.2000-2009_1130.nfo
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\file_id.diz
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eatvsp85\vuesca85_v8.5.39.exe
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eatvsp85\crack\vuescan.exe
scanner sequence 3.FA.11
----- EOF -----
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 17/01/2010 5:44:40 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\sporteli\Desktop\New Folder (5)
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 5.00.3700.1000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
895.00 Mb Total Physical Memory | 674.00 Mb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 8.79 Gb Total Space | 3.48 Gb Free Space | 39.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IMPERIAL-YJVVAC
Current User Name: sporteli
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINNT\fonts\services.exe" = C:\WINNT\fonts\services.exe:*:Enabled:services.exe -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3E713D52-C967-41FB-AA24-3A92CC1025A4}" = Remote Desktop Connection
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5932C9AC-9049-11D4-8111-005004D78BE4}" = ImpulseStudio 3.04
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7699B723-9718-41DE-8C18-549F341C02CE}" = Crystal Reports
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{DCA1B4C0-98A5-418B-8293-45663180B6C5}" = DCA1B4C0-98A5-418B-8293-45663180B6C5
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FFD44E90-AEA4-4D25-AF53-5CE2723E88DA}" = MarketingReg
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AERP_4.0.0" = AERP 4.0.0
"Data Dynamics SharpGrid 2.0" = Data Dynamics SharpGrid 2.0
"EPSON Printer and Utilities" = EPSON Printer Software
"LQ-300+II User's Guide" = LQ-300+II User's Guide
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"NVIDIA Drivers" = NVIDIA Drivers
"Q828026" = Windows Media Player Hotfix [see Q828026 for more information]
"TeamViewer 4" = TeamViewer 4
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"VueScan" = VueScan
"WinRAR archiver" = WinRAR archiver
"WMP7" = Windows Media Player 7.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19/12/2009 10:35:27 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 10005
Description = Product: ESET NOD32 Antivirus -- Error 5001. The computer has not
been restarted after a program uninstallation. Please restart the computer and run
the installer again.
Error - 19/12/2009 10:38:26 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)
failed to start. Verify that you have sufficient privileges to start system services.
Error - 19/12/2009 10:38:56 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)
failed to start. Verify that you have sufficient privileges to start system services.
Error - 19/12/2009 10:39:35 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 10005
Description = Product: ESET NOD32 Antivirus -- Error 5001. The computer has not
been restarted after a program uninstallation. Please restart the computer and run
the installer again.
Error - 19/12/2009 10:45:22 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)
failed to start. Verify that you have sufficient privileges to start system services.
Error - 19/12/2009 10:45:55 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)
failed to start. Verify that you have sufficient privileges to start system services.
Error - 19/12/2009 10:46:30 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)
failed to start. Verify that you have sufficient privileges to start system services.
Error - 16/01/2010 9:07:54 PM | Computer Name = IMPERIAL-YJVVAC | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).
Error - 16/01/2010 9:50:04 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service'
(ekrn) failed to start. Verify that you have sufficient privileges to start system
services.
Error - 16/01/2010 9:50:34 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service'
(ekrn) failed to start. Verify that you have sufficient privileges to start system
services.
[ System Events ]
Error - 16/01/2010 8:48:20 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper Service service depends on the AFD Networking
Support Environment service which failed to start because of the following error:
%%1077
Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The Messenger service depends on the NetBIOS Interface service which
failed to start because of the following error: %%31
Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1077
Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The Simple TCP/IP Services service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%1077
Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The Background Intelligent Transfer Service service depends on the
Windows Management Instrumentation Driver Extensions service which failed to start
because of the following error: %%1077
Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1077
Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BIOS MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
Error - 16/01/2010 8:50:53 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010
Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
with DCOM within the required timeout.
Error - 16/01/2010 8:54:00 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010
Description = The server {000C101C-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 16/01/2010 9:06:54 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010
Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
with DCOM within the required timeout.
< End of report >
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 17/01/2010 5:44:40 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\sporteli\Desktop\New Folder (5)
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 5.00.3700.1000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
895.00 Mb Total Physical Memory | 674.00 Mb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 8.79 Gb Total Space | 3.48 Gb Free Space | 39.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IMPERIAL-YJVVAC
Current User Name: sporteli
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/01/17 17:43:52 | 00,019,456 | ---- | M] () -- C:\WINNT\Temp\VRT3.tmp
PRC - [2010/01/17 11:04:31 | 00,567,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)\OTL.exe
PRC - [2009/06/02 10:56:00 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2008/12/23 08:04:10 | 03,950,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer.exe
PRC - [2008/12/23 07:44:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2007/12/20 10:47:36 | 16,882,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINNT\RTHDCPL.exe
PRC - [2007/11/27 21:26:00 | 00,176,128 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe
PRC - [2005/04/01 07:00:00 | 00,263,168 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2005/04/01 07:00:00 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\winmgmt.exe
PRC - [2005/04/01 07:00:00 | 00,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2005/04/01 07:00:00 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2005/04/01 07:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe
PRC - [2005/04/01 07:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\snmp.exe
PRC - [2003/06/19 12:05:04 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\hidserv.exe
PRC - [2001/10/01 13:48:44 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mspmspsv.exe
========== Modules (SafeList) ==========
MOD - [2010/01/17 17:35:58 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\msnjkwfb.dll
MOD - [2010/01/17 11:04:31 | 00,567,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)\OTL.exe
MOD - [2010/01/16 14:46:20 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\mssheatr.dll
MOD - [2010/01/12 07:04:37 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\msjuehus.dll
MOD - [2010/01/09 07:11:20 | 00,036,864 | ---- | M] () -- C:\WINNT\system32\msjgjzcu.dll
MOD - [2005/04/01 07:00:00 | 00,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
========== Win32 Services (SafeList) ==========
SRV - [2008/12/23 07:44:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2007/11/27 21:26:00 | 00,176,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/03/11 21:35:02 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006/11/08 10:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINNT\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 10:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINNT\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2005/04/01 07:00:00 | 00,217,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)
SRV - [2005/04/01 07:00:00 | 00,167,424 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2005/04/01 07:00:00 | 00,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2005/04/01 07:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\faxsvc.exe -- (Fax)
SRV - [2005/04/01 07:00:00 | 00,088,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2005/04/01 07:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)
SRV - [2005/04/01 07:00:00 | 00,080,384 | --S- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\System32\1Bc.exe -- (TapiSrvIpripRemoteAccess)
SRV - [2005/04/01 07:00:00 | 00,080,384 | --S- | M] () [Auto | Stopped] -- C:\WINNT\System32\12520437y.exe -- (TapiSrvIprip)
SRV - [2005/04/01 07:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\snmp.exe -- (SNMP)
SRV - [2005/04/01 07:00:00 | 00,045,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2005/04/01 07:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/07/28 06:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 12:05:04 | 00,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\hidserv.exe -- (HidServ)
SRV - [2001/10/01 13:48:44 | 00,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mspmspsv.exe -- (WMDM PMSP Service)
SRV - [1999/12/07 07:00:00 | 00,034,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip)
========== Driver Services (SafeList) ==========
DRV - [2008/01/07 04:32:06 | 00,029,096 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2007/12/20 12:00:06 | 04,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/11/27 21:26:00 | 06,866,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/11/17 02:43:56 | 00,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/11/17 02:43:36 | 00,050,304 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/10/12 02:53:10 | 00,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/03/07 00:20:50 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/03/07 00:20:49 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/07 00:20:48 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/04/01 07:00:00 | 00,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2005/04/01 07:00:00 | 00,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\dmio.sys -- (dmio)
DRV - [2005/04/01 07:00:00 | 00,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2005/04/01 07:00:00 | 00,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2005/04/01 07:00:00 | 00,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\efs.sys -- (EFS)
DRV - [2005/04/01 07:00:00 | 00,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)
DRV - [2005/04/01 07:00:00 | 00,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2005/04/01 07:00:00 | 00,017,680 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005/04/01 07:00:00 | 00,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2005/04/01 07:00:00 | 00,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\diskperf.sys -- (Diskperf)
DRV - [2005/04/01 07:00:00 | 00,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\dmload.sys -- (dmload)
DRV - [2005/04/01 07:00:00 | 00,006,992 | ---- | M] (SGI) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\sglfb.sys -- (sglfb)
DRV - [2005/03/16 01:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINNT\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/01/07 11:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/07/08 22:26:38 | 00,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([1999/12/07 07:00:00 | 00,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O4 - HKLM..\Run: [Alcmtr] C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINNT\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [gxwiyi] C:\WINNT\System32\msnjkwfb.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [qquaqe] C:\WINNT\System32\msjgjzcu.DLL ()
O4 - HKLM..\Run: [rscqdr] C:\WINNT\System32\mssheatr.DLL ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINNT\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [skyTel] C:\WINNT\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [soundMan] C:\WINNT\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vkqzej] C:\WINNT\System32\msjuehus.DLL ()
O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKLM..\RunOnce: [X0@] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229456552406 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229462185640 (MUWebControl Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39798.4922337963 (Update Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\sporteli\My Documents\My Pictures\5722_large.jpg
O24 - Desktop BackupWallPaper: C:\WINNT\Zapotec.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: BtwSrv - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2009/12/17 15:47:03 | 00,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINNT\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - C:\WINNT\system32\irmon.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SafeBootMin: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)
SafeBootMin: dmio.sys - C:\WINNT\system32\DRIVERS\dmio.sys (VERITAS Software Corp.)
SafeBootMin: dmload.sys - C:\WINNT\system32\drivers\dmload.sys (VERITAS Software Corp.)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sglfb.sys - C:\WINNT\system32\drivers\sglfb.sys (SGI)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: tga.sys - File not found
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SafeBootNet: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)
SafeBootNet: dmio.sys - C:\WINNT\system32\DRIVERS\dmio.sys (VERITAS Software Corp.)
SafeBootNet: dmload.sys - C:\WINNT\system32\drivers\dmload.sys (VERITAS Software Corp.)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NBF - Service
SafeBootNet: nbf.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: sglfb.sys - C:\WINNT\system32\drivers\sglfb.sys (SGI)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: tga.sys - File not found
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1b0357b8-e3fb-4918-915c-a8eb232c273e} - KB973354
ActiveX: {1d939273-21ce-4e7f-be14-490866ec66c2} - KB976325
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {390e5bb4-1d89-4343-b62d-b76303708a1d} - KB969897
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3c0d61fe-1db3-4d0b-8477-3cb53eab9469} - KB951066
ActiveX: {3e843540-63b3-42d7-9f4d-812ffd1e767a} - KB974455
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Visual Basic Scripting Support
ActiveX: {4fe13360-e1fd-11d2-83c7-0000f8051539} - Microsoft New ChangJie IME 98a
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495
ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 7
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7da6528e-45a6-4022-9e41-c45a8cf33eb5} - KB963027
ActiveX: {80b81c71-14cd-41c3-9e8c-08b9e06d02ef} - KB960714
ActiveX: {81aded60-e2d0-11d2-83c7-0000f8051539} - Microsoft New Phonetic IME 98a
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
ActiveX: {b6609c7e-4ad5-4b8b-9da5-9edbc50f7592} - KB958869
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {e41091c0-06d5-474f-836e-dd190348ea18} - KB958215
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f156e5b2-f52e-4094-800c-e7392fe62314} - KB938464
ActiveX: {f351bc8e-a11b-44ba-a436-cee0d27e3abb} - KB976749
ActiveX: {f3d9c2d1-579f-4d41-95ba-5354eeb398d0} - KB972260
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\system32\setup\wmpocm.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE
Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave2 - File not found
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found
SystemRestore not available.
========== Files/Folders - Created Within 30 Days ==========
[2010/01/17 17:25:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\New Folder (2)
[2010/01/17 17:25:27 | 00,000,000 | ---D | C] -- C:\Rooter$
[2010/01/17 17:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Application Data\Malwarebytes
[2010/01/17 17:16:37 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/01/17 17:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/17 17:16:35 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/01/17 17:16:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/17 17:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\REGYSTRI
[2010/01/17 17:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)
[2010/01/14 07:34:17 | 00,245,520 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\winsrv.dll
[2010/01/09 19:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\Avira AntiVir Premium v9.0.0.455
[2010/01/09 19:14:23 | 00,016,496 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZipr12.sys
[2010/01/09 19:14:13 | 00,049,920 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZid412.sys
[2010/01/09 19:14:11 | 00,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hppldcoi.dll
[2010/01/09 19:14:11 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINNT\System32\difxapi.dll
[2010/01/09 19:14:10 | 00,569,344 | R--- | C] (Hewlett-Packard Co.) -- C:\WINNT\System32\hpotscl3.dll
[2010/01/09 19:14:10 | 00,303,104 | R--- | C] (Hewlett-Packard Co.) -- C:\WINNT\System32\hpovst10.dll
[2010/01/09 19:14:10 | 00,229,376 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hpotpusd.dll
[2010/01/09 19:14:08 | 00,021,568 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZius12.sys
[2010/01/06 15:02:08 | 00,052,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\mtxclu.dll
[2010/01/04 15:06:42 | 01,735,808 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\NTKRPAMP.EXE
[2010/01/04 15:06:42 | 01,714,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\NTKRNLMP.EXE
[2010/01/04 15:06:42 | 01,713,536 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntkrnlpa.exe
[2010/01/04 15:06:42 | 01,690,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntoskrnl.exe
[2010/01/04 12:20:43 | 00,138,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\faxui.dll
[2010/01/04 12:20:43 | 00,138,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\faxui.dll
[2010/01/01 07:49:09 | 00,000,000 | ---D | C] -- C:\DrWatson
[2009/12/19 21:30:48 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/01/17 17:46:23 | 00,033,280 | ---- | M] (Andreas Hausladen) -- C:\WINNT\System32\4633753.exe
[2010/01/17 17:45:27 | 01,847,296 | -H-- | M] () -- C:\Documents and Settings\sporteli\NTUSER.DAT
[2010/01/17 17:44:03 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat
[2010/01/17 17:43:44 | 00,000,032 | --S- | M] () -- C:\WINNT\System32\1755361127.dat
[2010/01/17 17:43:38 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/01/17 17:37:21 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c0.dat
[2010/01/17 17:36:02 | 00,000,116 | ---- | M] () -- C:\WINNT\System32\757890.BAT
[2010/01/17 17:35:58 | 00,048,640 | ---- | M] () -- C:\WINNT\System32\2561086.exe
[2010/01/17 17:35:58 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\msnjkwfb.dll
[2010/01/17 17:24:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat
[2010/01/17 17:22:07 | 00,465,166 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2010/01/17 17:16:39 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/17 17:16:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_348.dat
[2010/01/16 22:42:31 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_354.dat
[2010/01/16 21:19:20 | 00,000,280 | -HS- | M] () -- C:\Documents and Settings\sporteli\ntuser.ini
[2010/01/16 21:00:57 | 00,000,538 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\VueScan.lnk
[2010/01/16 20:09:53 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_300.dat
[2010/01/16 19:38:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_320.dat
[2010/01/16 15:00:09 | 00,001,166 | -H-- | M] () -- C:\Documents and Settings\sporteli\My Documents\Default.rdp
[2010/01/16 14:46:20 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\mssheatr.dll
[2010/01/16 14:43:43 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_34c.dat
[2010/01/16 08:22:10 | 00,002,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/16 07:09:59 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_854.dat
[2010/01/15 07:23:40 | 00,180,240 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/01/15 07:05:42 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_790.dat
[2010/01/15 00:32:08 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_340.dat
[2010/01/14 07:32:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_324.dat
[2010/01/12 15:03:21 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_78c.dat
[2010/01/12 07:04:37 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\msjuehus.dll
[2010/01/12 07:03:46 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat
[2010/01/09 19:16:08 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2f8.dat
[2010/01/09 07:11:20 | 00,036,864 | ---- | M] () -- C:\WINNT\System32\msjgjzcu.dll
[2010/01/09 07:10:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_71c.dat
[2010/01/08 07:03:18 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_72c.dat
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,018,520 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/01/07 07:18:47 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5b0.dat
[2010/01/07 07:00:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_6bc.dat
[2010/01/06 07:09:27 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_67c.dat
[2010/01/05 07:40:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5f8.dat
[2010/01/05 07:23:29 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat
[2010/01/04 07:16:18 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat
[2010/01/02 07:18:25 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4b0.dat
[2009/12/30 07:40:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d8.dat
[2009/12/30 07:21:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_524.dat
[2009/12/28 11:23:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2ec.dat
[2009/12/27 15:13:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d0.dat
[2009/12/27 07:52:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_510.dat
[2009/12/26 10:53:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_1c70.dat
[2009/12/26 07:55:09 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_120c.dat
[2009/12/26 07:53:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat
[2009/12/25 12:46:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat
[2009/12/25 11:16:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_378.dat
[2009/12/24 15:41:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_35c.dat
[2009/12/24 07:59:33 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_47c.dat
[2009/12/24 07:36:51 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat
[2009/12/23 08:12:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_44c.dat
[2009/12/22 07:48:10 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat
[2009/12/22 07:25:25 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat
[2009/12/20 10:33:23 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e8.dat
[2009/12/20 08:11:06 | 00,000,120 | ---- | M] () -- C:\WINNT\System32\7138178.exe
[2009/12/19 21:42:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat
[2009/12/19 21:39:43 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\E-MAILI I HOTELIT.lnk
[2009/12/19 21:36:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2d0.dat
[2009/12/19 21:36:53 | 00,170,656 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ndis.sys
[2009/12/19 21:30:28 | 00,000,120 | ---- | M] () -- C:\WINNT\System32\7552737.exe
[2009/12/19 21:28:45 | 00,107,520 | RHS- | M] () -- C:\WINNT\het7upd.exe
[2009/12/19 21:28:40 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/01/17 17:44:03 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat
[2010/01/17 17:37:21 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c0.dat
[2010/01/17 17:36:02 | 00,000,116 | ---- | C] () -- C:\WINNT\System32\757890.BAT
[2010/01/17 17:35:58 | 00,048,640 | ---- | C] () -- C:\WINNT\System32\2561086.exe
[2010/01/17 17:35:58 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\msnjkwfb.dll
[2010/01/17 17:24:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat
[2010/01/17 17:16:39 | 00,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/17 17:16:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_348.dat
[2010/01/16 22:44:18 | 00,465,166 | -H-- | C] () -- C:\WINNT\ShellIconCache
[2010/01/16 22:42:31 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_354.dat
[2010/01/16 20:09:53 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_300.dat
[2010/01/16 19:38:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_320.dat
[2010/01/16 14:46:20 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\mssheatr.dll
[2010/01/16 14:43:43 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_34c.dat
[2010/01/16 07:09:59 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_854.dat
[2010/01/16 07:09:49 | 00,000,032 | --S- | C] () -- C:\WINNT\System32\1755361127.dat
[2010/01/15 07:05:42 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_790.dat
[2010/01/15 00:32:08 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_340.dat
[2010/01/14 07:32:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_324.dat
[2010/01/12 15:03:21 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_78c.dat
[2010/01/12 07:04:37 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\msjuehus.dll
[2010/01/12 07:03:46 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat
[2010/01/09 19:16:08 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2f8.dat
[2010/01/09 07:11:20 | 00,036,864 | ---- | C] () -- C:\WINNT\System32\msjgjzcu.dll
[2010/01/09 07:10:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_71c.dat
[2010/01/08 07:03:18 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_72c.dat
[2010/01/07 07:18:47 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5b0.dat
[2010/01/07 07:00:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6bc.dat
[2010/01/06 07:09:27 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_67c.dat
[2010/01/05 07:40:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5f8.dat
[2010/01/05 07:23:29 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat
[2010/01/04 07:16:18 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat
[2010/01/02 07:18:25 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4b0.dat
[2009/12/30 07:40:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d8.dat
[2009/12/30 07:21:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_524.dat
[2009/12/28 11:23:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ec.dat
[2009/12/27 15:13:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d0.dat
[2009/12/27 07:52:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_510.dat
[2009/12/26 10:53:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_1c70.dat
[2009/12/26 07:55:09 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_120c.dat
[2009/12/26 07:53:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat
[2009/12/25 12:46:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat
[2009/12/25 11:16:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_378.dat
[2009/12/24 15:41:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_35c.dat
[2009/12/24 07:59:33 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_47c.dat
[2009/12/24 07:36:51 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat
[2009/12/23 08:12:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_44c.dat
[2009/12/22 07:48:10 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat
[2009/12/22 07:25:25 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat
[2009/12/20 10:33:23 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e8.dat
[2009/12/20 08:11:06 | 00,000,120 | ---- | C] () -- C:\WINNT\System32\7138178.exe
[2009/12/19 21:42:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat
[2009/12/19 21:36:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2d0.dat
[2009/12/19 21:33:13 | 31,616,000 | ---- | C] () -- C:\Documents and Settings\sporteli\Desktop\eav_nt32_enu.msi
[2009/12/19 21:30:28 | 00,000,120 | ---- | C] () -- C:\WINNT\System32\7552737.exe
[2009/12/19 21:28:46 | 00,107,520 | RHS- | C] () -- C:\WINNT\het7upd.exe
[2009/12/19 21:28:40 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat
[2009/07/24 23:04:29 | 00,000,025 | ---- | C] () -- C:\WINNT\CDELQ300+II_Eu.ini
[2009/02/01 04:44:35 | 01,290,240 | ---- | C] () -- C:\WINNT\System32\wmploc.dll
[2009/02/01 04:44:35 | 01,122,304 | ---- | C] () -- C:\WINNT\System32\wmpui.dll
[2009/02/01 04:44:35 | 00,270,336 | ---- | C] () -- C:\WINNT\System32\pdbrowse.dll
[2009/02/01 04:44:35 | 00,184,320 | ---- | C] () -- C:\WINNT\System32\wmpcd.dll
[2009/02/01 04:44:34 | 00,147,456 | ---- | C] () -- C:\WINNT\System32\CEWMDM.dll
[2009/01/27 13:45:14 | 00,001,298 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/16 16:21:09 | 00,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2008/12/16 16:20:59 | 00,173,056 | ---- | C] () -- C:\WINNT\System32\qasf.dll
[2008/12/16 16:01:58 | 00,001,078 | ---- | C] () -- C:\WINNT\ODBC.INI
[2008/12/16 14:20:30 | 00,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2007/11/27 21:26:00 | 01,703,936 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2007/11/27 21:26:00 | 01,474,560 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2007/11/27 21:26:00 | 01,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2007/11/27 21:26:00 | 00,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2007/11/27 21:26:00 | 00,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2005/04/01 07:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2005/04/01 07:00:00 | 00,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2005/04/01 07:00:00 | 00,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2005/04/01 07:00:00 | 00,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2005/04/01 07:00:00 | 00,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2003/09/17 11:13:54 | 00,815,104 | ---- | C] () -- C:\WINNT\System32\wmpcore.dll
[2003/01/07 09:05:08 | 00,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[2000/10/25 20:15:00 | 00,017,920 | ---- | C] () -- C:\WINNT\System32\Implode.dll
[1999/10/26 03:00:00 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\CRInf9.dll
[1999/09/25 05:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 05:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/03/12 03:00:00 | 00,299,008 | ---- | C] () -- C:\WINNT\System32\Crutl14.dll
[1999/03/12 03:00:00 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\Crsybdtc14.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2005/04/01 07:00:00 | 00,150,528 | RHS- | M] () -- C:\arcldr.exe
[2005/04/01 07:00:00 | 00,163,840 | RHS- | M] () -- C:\arcsetup.exe
[2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2009/12/17 22:30:30 | 00,000,192 | -HS- | M] () -- C:\boot.ini
[2009/08/06 01:43:44 | 11,923,854 | ---- | M] () -- C:\br.bmp
[2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2008/12/16 14:20:56 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/16 14:20:56 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/16 16:31:37 | 00,000,206 | ---- | M] () -- C:\mylog.log
[2009/07/05 03:31:31 | 00,374,112 | ---- | M] (Nitro PDF Software ) -- C:\nitro_pdf_professional.exe
[2005/04/01 07:00:00 | 00,034,724 | RHS- | M] () -- C:\NTDETECT.COM
[2005/04/01 07:00:00 | 00,214,432 | RHS- | M] () -- C:\ntldr
[2010/01/17 17:43:28 | 14,092,86144 | -HS- | M] () -- C:\pagefile.sys
[2008/12/16 16:31:37 | 00,000,573 | ---- | M] () -- C:\RHDSetup.log
[2010/01/17 17:43:58 | 00,000,000 | ---- | M] () -- C:\RTHDCPL_Dump.txt
< MD5 for: AGP440.SYS >
[2005/04/01 07:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys
[2008/12/16 15:52:59 | 10,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:AGP440.sys
[2003/06/19 14:05:04 | 00,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\ServicePackFiles\i386\agp440.sys
< MD5 for: ATAPI.SYS >
[2005/04/01 07:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:atapi.sys
[2008/12/16 15:52:59 | 10,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:atapi.sys
[2003/06/19 14:05:04 | 00,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2005/04/01 07:00:00 | 00,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2003/06/19 14:05:04 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll
[2003/06/19 14:05:04 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2005/04/01 07:00:00 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\dllcache\eventlog.dll
[2005/04/01 07:00:00 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2003/06/19 14:05:04 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2005/04/01 07:00:00 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\dllcache\netlogon.dll
[2005/04/01 07:00:00 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2003/06/19 14:05:04 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll
[2003/06/19 14:05:04 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2005/04/01 07:00:00 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\dllcache\scecli.dll
[2005/04/01 07:00:00 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\scecli.dll
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\*. /mp /s >
< %PROGRAMFILES%\*. >
[2008/12/16 18:49:22 | 00,000,000 | ---D | M] -- C:\Program Files\Accessories
[2009/07/16 01:31:52 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/01/25 09:07:59 | 00,000,000 | ---D | M] -- C:\Program Files\BitComet
[2009/07/24 23:05:07 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/12/16 14:19:33 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/05/23 01:58:28 | 00,000,000 | ---D | M] -- C:\Program Files\Data Dynamics
[2008/12/16 16:29:43 | 00,000,000 | ---D | M] -- C:\Program Files\Driver
[2009/07/05 03:11:25 | 00,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/12/19 21:30:48 | 00,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/01/27 13:48:39 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/01/27 13:46:56 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2009/05/23 01:58:08 | 00,000,000 | ---D | M] -- C:\Program Files\Ingenuware
[2009/10/18 11:18:05 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/12/17 22:31:34 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/01/17 17:16:39 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/23 01:52:12 | 00,000,000 | ---D | M] -- C:\Program Files\MapInfo MapX
[2008/12/16 16:00:51 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/12/16 14:21:22 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/12/16 16:00:17 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/05/23 01:35:50 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2008/12/16 16:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/01/29 03:16:45 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/12/17 22:31:45 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/12/17 22:31:32 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/12/16 16:25:43 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/01/25 08:25:08 | 00,000,000 | ---D | M] -- C:\Program Files\Remote Desktop Control
[2009/05/23 01:51:38 | 00,000,000 | ---D | M] -- C:\Program Files\Seagate Software
[2009/06/10 23:09:36 | 00,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/01/25 08:34:58 | 00,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2009/05/23 01:36:10 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/12/17 22:31:47 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/12/16 15:54:05 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/12/16 14:48:16 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/12/18 00:01:10 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/01/25 08:16:54 | 00,000,000 | ---D | M] -- C:\Program Files\WinZip
< %userprofile%\Desktop\*.* >
[2009/12/18 00:28:29 | 00,001,359 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Alpha Platinum.exe.lnk
[2009/05/26 23:04:17 | 00,092,160 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Copy of Template_Artikuj_Celje.xls
[2008/08/02 04:33:40 | 05,498,912 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\delete_setup.exe
[2009/12/19 21:39:43 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\E-MAILI I HOTELIT.lnk
[2009/12/12 16:02:46 | 31,616,000 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\eav_nt32_enu.msi
[2009/12/13 14:46:10 | 09,099,811 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Hamrick[1].VueScan.Pro.v8.5.39..rar
[2009/12/08 21:36:26 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Karboni C.doc
[2009/07/05 22:59:11 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\KONTRATE E KLIENTIT ME IMPERIAL HOTEL.doc
[2009/02/12 08:43:14 | 01,122,294 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\logo.bmp
[2009/12/02 14:35:07 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\menuja e resorantit per seminaret.doc
[2009/07/02 23:19:12 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Microsoft Office Excel 2003.lnk
[2009/12/08 21:14:06 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Microsoft Office Word 2003.lnk
[2009/06/24 19:06:06 | 00,233,064 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\myspace_cube.pdf
[2009/07/05 03:31:31 | 00,374,112 | ---- | M] (Nitro PDF Software ) -- C:\Documents and Settings\sporteli\Desktop\nitro_pdf_professional.exe
[2009/12/03 15:57:21 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\OFERTA.doc
[2009/10/19 13:23:47 | 00,009,062 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\OFERTA.eml
[2009/12/11 10:23:11 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Rasti 1.doc
[2009/12/17 15:07:01 | 00,001,473 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Remote Desktop Connection.lnk
[2009/01/25 08:29:37 | 07,345,754 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\TeamViewer[1].4.0.Build.5459_.rar
[2009/09/23 13:47:46 | 00,228,864 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Vizioni.doc
[2009/12/13 14:18:56 | 06,751,440 | ---- | M] (Hamrick Software) -- C:\Documents and Settings\sporteli\Desktop\vuesca85.exe
[2010/01/16 21:00:57 | 00,000,538 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\VueScan.lnk
[2009/05/22 22:13:25 | 01,144,168 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\sporteli\Desktop\wlsetup-custom.exe
[2009/06/26 03:41:17 | 00,018,586 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\WM speech Tirana.rtf
[2009/12/16 11:17:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\sporteli\Desktop\~$nuja e resorantit per seminaret.doc
< %userprofile%\Desktop\*. >
[2010/01/09 19:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\Avira AntiVir Premium v9.0.0.455
[2009/05/14 01:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\DR
[2010/01/08 19:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\G.Kormaku
[2010/01/16 13:37:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\Gazmira
[2009/10/18 12:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\LPT TO USB
[2009/12/06 20:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder
[2010/01/17 17:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder (2)
[2010/01/17 17:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)
[2010/01/17 17:11:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\REGYSTRI
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-17 20:10:26
========== Files - Unicode (All) ==========
[2008/12/16 16:05:18 | 00,000,000 | R--D | M](C:\Documents and Settings\sporteli\My Documents\??) -- C:\Documents and Settings\sporteli\My Documents\安装
[2008/12/16 16:05:17 | 00,000,000 | R--D | C](C:\Documents and Settings\sporteli\My Documents\??) -- C:\Documents and Settings\sporteli\My Documents\安装
[2008/12/16 16:05:08 | 00,000,000 | R--D | M](C:\Documents and Settings\sporteli\My Documents\????) -- C:\Documents and Settings\sporteli\My Documents\使用说明
[2008/12/16 16:05:07 | 00,000,000 | R--D | C](C:\Documents and Settings\sporteli\My Documents\????) -- C:\Documents and Settings\sporteli\My Documents\使用说明
========== Alternate Data Streams ==========
@Alternate Data Stream - 6584 bytes -> C:\Documents and Settings\sporteli\Desktop\logo.bmp:Q30lsldxJoudresxAaaqpcawXc
< End of report >
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-17 17:31:07
Windows 5.0.2195 Service Pack 4
Running: gmer.exe; Driver: C:\DOCUME~1\sporteli\LOCALS~1\Temp\pwkiifod.sys
---- System - GMER 1.0.15 ----
INT 0x52 ? F9190044
INT 0x72 ? F925C844
INT 0xA2 ? F9190BE4
INT 0xA3 ? F91D6B64
INT 0xB1 ? F928F044
INT 0xB3 ? F91F5BE4
---- Kernel code sections - GMER 1.0.15 ----
? lljmn.sys The system cannot find the file specified. !
.reloc C:\WINNT\system32\drivers\NDIS.sys section is executable [0xF919B200, 0x2FBCA, 0xE0000060]
.text C:\WINNT\system32\DRIVERS\nv4_mini.sys section is writeable [0xBF6AA360, 0x30AD87, 0xE8000020]
.text ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
---- User code sections - GMER 1.0.15 ----
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FF947A4
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateFile 77F8F9BA 3 Bytes CALL 7FF94715
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateFile + 4 77F8F9BE 1 Byte [08]
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtQueryInformationProcess 77F93351 3 Bytes CALL 7FF947F2
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtQueryInformationProcess + 4 77F93355 1 Byte [08]
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtDeviceIoControlFile 77F950D4 5 Bytes CALL 7FF94A35
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtOpenFile 77F95337 5 Bytes CALL 7FF9479A
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.reloc C:\WINNT\Explorer.EXE[1112] C:\WINNT\Explorer.EXE section is executable [0x0043C000, 0x7000, 0xE0000060]
.reloc C:\WINNT\Explorer.EXE[1112] C:\WINNT\Explorer.EXE entry point in ".reloc" section [0x00442A0C]
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\NDIS \Device\Ndis [F919F235] NDIS.sys[.reloc]
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0
---- Files - GMER 1.0.15 ----
File C:\WINNT\system32\dllcache\ndis.sys (size mismatch) 200192/170656 bytes executable
File C:\WINNT\system32\drivers\ndis.sys (size mismatch) 200192/170656 bytes executable
File C:\WINNT\ServicePackFiles\i386\ndis.sys (size mismatch) 170928/170656 bytes executable
---- EOF - GMER 1.0.15 ----
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
LockSearch by jpshortstuff (05.11.09.1)
Log created at 17:26 on 17/01/2010 (sporteli)
Scanning C:\
C:\pagefile.sys
-------------------------
C:\WINNT\system32\12520437y.exe
-------------------------
C:\WINNT\system32\12520437y.exe [unable to get md5 : 80384 bytes]
-=E.O.F=-
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-
DEAR schrauber HERE ARE MY LOGS!
I HAVE ATTECHED THEM BELOW!
THANK YOU FOR YOUR TIME AND HELP!
PS.
BY THE WAY I HAVE WINDOWS 2000!
-
PLEASE HELP ME!
I CANT OPEN ANYTHING WITH MY WORK COMPUTER!
I CANT EVEN INSTALL AN ANTIVIRUS!
MY COMP IS EVEN VERY SLOWLY!
[PLEASE ANYONE HELP ME!
urgent help
in Malware Removal
Posted
SCHRAUBER I GET AN ERROR TABLE:
!!ALERT!!
IT IS NOT SAFE TO CONTINUE.
THE CONTENTS OF THE COMBOFIX HAS BEEN COMPROMISED!
NOTE:YOU MAY BE INFECTED WITH A FILE PATCHING VIRUS "VIRUT"
AND I GET ANOTHER TABLE WHEN THEY SAY THAT THE MEMORY COULD NOT BE WRITTEN AD COULD NOT BE READ!
(2 ERROR WINDOWS)