Jump to content

KittyCat

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I suspect that my colleague has installed a keylogger or similar software that sends him information about my activities on the PC to my laptop. Can you please check my log? Thank you so much in advance! Logfile of random's system information tool 1.09 (written by random/random) Run by Renca at 2013-06-22 14:08:22 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 193 GB (81%) free of 238 GB Total RAM: 3033 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:08:36, on 22.6.2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16611) Boot mode: Normal Running processes: C:\ProgramData\DatacardService\DCSHelper.exe C:\Users\Renca\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Renca\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\Renca.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Renca\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Renca\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files (x86)\WEB Partner\WEB Partner O4 - HKCU\..\Run: [googletalk] C:\Users\Renca\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [showBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7042 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch winlogon.exe C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe "taskhost.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" "C:\ProgramData\DatacardService\DCSHelper.exe" C:\Windows\SysWOW64\rpcnet.exe "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Users\Renca\AppData\Local\Google\Update\GoogleUpdate.exe" /c "C:\Users\Renca\AppData\Roaming\Google\Google Talk\googletalk.exe" /autostart "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" C:\Windows\system32\svchost.exe -k imgsvc "c:\Program Files\Microsoft Security Client\NisSrv.exe" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2124.0.712598899\214242287" --supports-dual-gpus=false --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2302 --ignored=" --type=renderer " /prefetch:822062411 "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/4/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-accelerated-2d-canvas --channel="2124.2.1483782974\483403213" /prefetch:673131151 "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/4/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-accelerated-2d-canvas --channel="2124.3.1033461813\2037108886" /prefetch:673131151 "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/4/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-accelerated-2d-canvas --channel="2124.4.1283402643\1393150312" /prefetch:673131151 "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate \??\C:\Windows\system32\conhost.exe "-532467685-7400630701635661876543761802572154354646499343-580462447-50501113 C:\Windows\system32\svchost.exe -k bthsvcs "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2124.6.1794813806\1878685711" --lang=cs --ignored=" --type=renderer " /prefetch:-632637702 C:\Windows\servicing\TrustedInstaller.exe "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 96715962-8F2D-C548-6C4D-9B734DFE83EF -Reinvoke "C:\Users\Renca\Downloads\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1001Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1001UA.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1005Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1005UA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1005Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1005UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-30 449512] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-30 157672] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Users\Renca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 116648] "Facebook Update"=C:\Users\Renca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 138096] "Mobile Partner"=C:\Program Files (x86)\WEB Partner\WEB Partner [] "googletalk"=C:\Users\Renca\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648] "ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2013-04-11 89600] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-02-11 272896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "MSVideo8"=VfWWDM32.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 2 months====== 2013-06-22 14:08:22 ----D---- C:\rsit 2013-06-22 14:08:22 ----D---- C:\Program Files\trend micro 2013-06-17 19:49:50 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-06-17 19:49:50 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-06-17 19:49:50 ----A---- C:\Windows\system32\iesetup.dll 2013-06-17 19:49:50 ----A---- C:\Windows\system32\iernonce.dll 2013-06-17 19:49:50 ----A---- C:\Windows\system32\ie4uinit.exe 2013-06-17 19:49:49 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-06-17 19:49:49 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-06-17 19:49:49 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-06-17 19:49:49 ----A---- C:\Windows\system32\iesysprep.dll 2013-06-17 19:49:48 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-06-17 19:49:48 ----A---- C:\Windows\system32\msfeeds.dll 2013-06-17 19:49:47 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-06-17 19:49:47 ----A---- C:\Windows\system32\jscript9.dll 2013-06-17 19:49:47 ----A---- C:\Windows\system32\jscript.dll 2013-06-17 19:49:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-06-17 19:49:43 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-06-17 19:49:43 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-06-17 19:49:43 ----A---- C:\Windows\system32\wininet.dll 2013-06-17 19:49:43 ----A---- C:\Windows\system32\jsproxy.dll 2013-06-17 19:49:09 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-06-17 19:49:09 ----A---- C:\Windows\system32\urlmon.dll 2013-06-17 19:49:08 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-06-17 19:49:07 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-06-17 19:49:07 ----A---- C:\Windows\system32\ieui.dll 2013-06-17 19:49:07 ----A---- C:\Windows\system32\iertutil.dll 2013-06-17 19:49:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-06-17 19:49:05 ----A---- C:\Windows\system32\ieframe.dll 2013-06-17 19:49:03 ----A---- C:\Windows\system32\mshtml.dll 2013-06-17 19:49:01 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-06-17 14:20:55 ----D---- C:\Users\Renca\AppData\Roaming\Mozilla 2013-06-17 13:51:43 ----A---- C:\Windows\SYSWOW64\win32spl.dll 2013-06-17 13:51:43 ----A---- C:\Windows\system32\win32spl.dll 2013-06-17 13:51:42 ----A---- C:\Windows\system32\drivers\tcpip.sys 2013-06-17 13:51:36 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll 2013-06-17 13:51:36 ----A---- C:\Windows\system32\cryptdlg.dll 2013-06-17 13:51:29 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll 2013-06-17 13:51:29 ----A---- C:\Windows\system32\WindowsCodecs.dll 2013-06-17 13:51:18 ----A---- C:\Windows\system32\certutil.exe 2013-06-17 13:51:17 ----A---- C:\Windows\SYSWOW64\certutil.exe 2013-06-17 13:51:17 ----A---- C:\Windows\system32\crypt32.dll 2013-06-17 13:51:16 ----A---- C:\Windows\SYSWOW64\crypt32.dll 2013-06-17 13:51:16 ----A---- C:\Windows\system32\cryptsvc.dll 2013-06-17 13:51:16 ----A---- C:\Windows\system32\cryptnet.dll 2013-06-17 13:51:15 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll 2013-06-17 13:51:15 ----A---- C:\Windows\SYSWOW64\cryptnet.dll 2013-06-17 13:51:15 ----A---- C:\Windows\system32\certenc.dll 2013-06-17 13:51:14 ----A---- C:\Windows\SYSWOW64\certenc.dll 2013-06-17 13:50:22 ----A---- C:\Windows\SYSWOW64\d3d11.dll 2013-06-17 13:50:22 ----A---- C:\Windows\system32\d3d11.dll 2013-05-22 11:04:59 ----D---- C:\Windows\SYSWOW64\Adobe 2013-05-16 13:40:35 ----A---- C:\Windows\system32\drivers\dxgmms1.sys 2013-05-16 13:40:35 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2013-05-16 13:40:35 ----A---- C:\Windows\system32\cdd.dll 2013-05-16 13:40:25 ----A---- C:\Windows\system32\shell32.dll 2013-05-16 13:40:24 ----A---- C:\Windows\system32\shdocvw.dll 2013-05-16 13:40:24 ----A---- C:\Windows\system32\authui.dll 2013-05-16 13:40:23 ----A---- C:\Windows\SYSWOW64\shell32.dll 2013-05-16 13:40:23 ----A---- C:\Windows\SYSWOW64\shdocvw.dll 2013-05-16 13:40:23 ----A---- C:\Windows\SYSWOW64\authui.dll 2013-05-16 13:40:23 ----A---- C:\Windows\system32\consent.exe 2013-05-16 13:40:22 ----A---- C:\Windows\system32\appinfo.dll 2013-05-16 13:40:07 ----A---- C:\Windows\system32\wwansvc.dll 2013-05-16 13:40:07 ----A---- C:\Windows\system32\wwanprotdim.dll 2013-05-16 13:40:04 ----A---- C:\Windows\system32\win32k.sys 2013-04-29 10:01:09 ----A---- C:\Windows\system32\mstscax.dll 2013-04-29 10:01:08 ----A---- C:\Windows\SYSWOW64\mstscax.dll 2013-04-29 10:01:07 ----A---- C:\Windows\SYSWOW64\tsgqec.dll 2013-04-29 10:01:07 ----A---- C:\Windows\SYSWOW64\aaclient.dll 2013-04-29 10:01:07 ----A---- C:\Windows\system32\tsgqec.dll 2013-04-29 10:01:07 ----A---- C:\Windows\system32\aaclient.dll 2013-04-29 10:00:50 ----A---- C:\Windows\system32\drivers\ntfs.sys 2013-04-29 10:00:50 ----A---- C:\Windows\system32\drivers\fvevol.sys 2013-04-29 10:00:47 ----A---- C:\Windows\system32\ntoskrnl.exe 2013-04-29 10:00:46 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2013-04-29 10:00:46 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2013-04-29 10:00:45 ----A---- C:\Windows\SYSWOW64\apisetschema.dll 2013-04-29 10:00:45 ----A---- C:\Windows\system32\smss.exe 2013-04-29 10:00:45 ----A---- C:\Windows\system32\csrsrv.dll 2013-04-28 21:44:50 ----D---- C:\Program Files (x86)\O2 2013-04-28 21:17:32 ----D---- C:\HUAWEI ======List of files/folders modified in the last 2 months====== 2013-06-22 14:08:36 ----D---- C:\Windows\Prefetch 2013-06-22 14:08:22 ----RD---- C:\Program Files 2013-06-22 14:06:55 ----D---- C:\Windows\Temp 2013-06-22 14:04:46 ----D---- C:\Windows\system32\config 2013-06-22 14:04:08 ----D---- C:\Windows\tracing 2013-06-22 13:54:06 ----A---- C:\Windows\system32\rpcnetp.exe 2013-06-22 13:53:57 ----A---- C:\Windows\SYSWOW64\rpcnet.dll 2013-06-21 12:10:45 ----D---- C:\Windows\winsxs 2013-06-21 12:10:38 ----A---- C:\Windows\SYSWOW64\rpcnetp.dll 2013-06-21 12:09:50 ----A---- C:\Windows\SYSWOW64\rpcnetp.exe 2013-06-21 12:09:08 ----D---- C:\Windows\system32\drivers 2013-06-21 12:09:08 ----D---- C:\Program Files (x86)\Internet Explorer 2013-06-21 12:09:07 ----D---- C:\Windows\SysWOW64 2013-06-21 12:09:07 ----D---- C:\Windows\System32 2013-06-21 12:09:07 ----D---- C:\Program Files\Internet Explorer 2013-06-21 12:09:05 ----D---- C:\Windows\SYSWOW64\cs-CZ 2013-06-21 12:09:05 ----D---- C:\Windows\system32\cs-CZ 2013-06-17 19:52:03 ----SHD---- C:\Windows\Installer 2013-06-17 19:52:03 ----D---- C:\ProgramData\Microsoft Help 2013-06-17 19:50:25 ----A---- C:\Windows\system32\MRT.exe 2013-06-17 19:50:09 ----D---- C:\Windows\system32\catroot2 2013-06-17 19:50:09 ----D---- C:\Windows\system32\catroot 2013-06-17 19:48:18 ----SHD---- C:\System Volume Information 2013-06-17 15:34:44 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2013-06-17 13:41:41 ----D---- C:\Windows\inf 2013-06-17 13:41:41 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-06-06 16:32:51 ----D---- C:\Program Files\BatteryBar 2013-06-01 11:36:37 ----D---- C:\Users\Renca\AppData\Roaming\BatteryBar 2013-05-22 11:09:50 ----D---- C:\Windows 2013-05-22 11:05:00 ----D---- C:\Windows\Downloaded Program Files 2013-05-21 13:38:00 ----D---- C:\Windows\rescache 2013-05-21 11:55:43 ----D---- C:\Windows\Microsoft.NET 2013-05-21 11:55:42 ----RSD---- C:\Windows\assembly 2013-05-17 10:33:14 ----D---- C:\Windows\AppPatch 2013-05-10 18:39:07 ----A---- C:\Windows\SYSWOW64\identprv.dll 2013-05-02 17:29:56 ----N---- C:\Windows\system32\MpSigStub.exe 2013-04-28 21:44:50 ----D---- C:\Program Files (x86) 2013-04-28 21:31:32 ----D---- C:\Windows\system32\NDF 2013-04-28 21:11:28 ----D---- C:\Windows\Tasks 2013-04-28 21:11:28 ----D---- C:\Windows\system32\wfp 2013-04-28 21:11:28 ----D---- C:\Windows\system32\drivers\UMDF 2013-04-28 21:11:27 ----D---- C:\Windows\system32\wbem 2013-04-28 21:10:35 ----D---- C:\Windows\system32\DriverStore 2013-04-28 21:10:35 ----D---- C:\Windows\system32\CodeIntegrity 2013-04-28 21:10:33 ----D---- C:\Windows\AppCompat 2013-04-28 21:10:28 ----D---- C:\Windows\registration ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-07-08 2769400] R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984] R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784] R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384] R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 86016] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640] R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056] S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960] S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248] S3 ewusbmbb;HUAWEI USB-WWAN miniport; C:\Windows\system32\DRIVERS\ewusbwwan.sys [2010-12-23 421376] S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2010-10-08 32768] S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-02-25 98816] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-12-24 221312] S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760] S3 WinUsb;Ovladač WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-03-14 346976] R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056] R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\SysWOW64\rpcnet.exe [2013-02-15 58288] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-17 256904] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-20 1255736] -----------------EOF-----------------
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.