Jump to content

Avira alerts about winlogonx.exe


Recommended Posts

Hello!

I got a Avira AntiVir Personal and it reported virus called winlogonx.exe. Computer is working normally, but I want to make sure that I'm secure. I would be grateful if you can check for any trojan horses. Malwarebytes' Anti-Malware deleted some infected registry keys.

OS: Windows 7

======================================

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Wersja bazy: 7577

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

2011-08-26 18:55:59

mbam-log-2011-08-26 (18-55-59).txt

Typ skanowania: Szybkie skanowanie

Przeskanowano obiektów: 186556

Upłynęło: 4 minut(y), 21 sekund(y)

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 2

Zainfekowanych wartości rejestru: 0

Zainfekowane informacje rejestru systemowego: 0

Zainfekowanych folderów: 0

Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:

HKEY_CURRENT_USER\SOFTWARE\5SK3BLHWHC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\B7GGEY1ZRR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Zainfekowanych wartości rejestru:

(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:

(Nie znaleziono zagrożeń)

Zainfekowanych folderów:

(Nie znaleziono zagrożeń)

Zainfekowanych plików:

(Nie znaleziono zagrożeń)

======================================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Oski at 19:07:29 on 2011-08-26

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1045.18.3959.2424 [GMT 2:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\GG Lite\GG Lite.exe

C:\Program Files (x86)\Xfire\Xfire.exe

C:\Program Files (x86)\Xfire\xfire64.exe

C:\Users\Oski\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Oski\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Oski\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Oski\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Oski\AppData\Local\Google\Chrome\Application\chrome.exe

D:\Pobierane\hel127q3.exe

C:\Users\Oski\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Oski\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Pomocnik logowania za pomocą identyfikatora Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 85.14.85.2 85.14.85.14

TCP: Interfaces\{899C470B-6ED7-4C15-A84D-997D7625B64B} : DhcpNameServer = 85.14.85.2 85.14.85.14

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-6-14 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-6-14 269480]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-14 13336]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-13 2214504]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-14 2320920]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-11 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]

.

=============== Created Last 30 ================

.

2011-08-26 22:22:30 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll

2011-08-26 22:22:30 28056 ----a-w- C:\Windows\System32\xfcodec64.dll

2011-08-26 16:47:54 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-26 16:47:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-26 07:15:09 -------- d-----w- C:\Users\Oski\AppData\Local\{39A4472E-9575-4FF0-B48D-77C284D34941}

2011-08-26 07:15:07 -------- d-----w- C:\Users\Oski\AppData\Local\{CEE58BC3-0C74-4333-9556-4CC5516F0324}

2011-08-25 13:33:56 -------- d-----w- C:\Users\Oski\AppData\Local\{C35165B7-A95C-483F-BE2D-F6AF5187FBD8}

2011-08-25 13:33:52 -------- d-----w- C:\Users\Oski\AppData\Local\{D005C208-ABCA-40E1-A882-328BB4DC16B1}

2011-08-24 15:09:01 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BF5C853-9808-4236-B1E0-B19364A2DE47}\mpengine.dll

2011-08-24 14:56:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-24 14:56:10 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-24 14:41:49 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-24 14:38:08 -------- d-----w- C:\Users\Oski\AppData\Local\temp

2011-08-24 10:51:19 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-08-24 09:18:43 -------- d-----w- C:\Users\Oski\AppData\Local\{CC1F296F-DE79-4DF0-ABD7-382D5ED137AC}

2011-08-24 09:18:41 -------- d-----w- C:\Users\Oski\AppData\Local\{E4E2436E-E971-41B6-A18D-A3FC1E3E30DF}

2011-08-23 20:50:11 -------- d-----w- C:\Users\Oski\AppData\Local\{B2359C2C-31B7-4CA5-ACA8-0D3E46601623}

2011-08-23 20:50:07 -------- d-----w- C:\Users\Oski\AppData\Local\{BE53D4CD-4B6A-4D32-A599-24E857CA5E73}

2011-08-23 12:22:00 -------- d-----w- C:\Users\Oski\AppData\Roaming\Xfire

2011-08-23 12:21:57 -------- d-----w- C:\ProgramData\Xfire

2011-08-23 12:21:57 -------- d-----w- C:\Program Files (x86)\Xfire

2011-08-23 12:11:09 -------- d-----w- C:\Users\Oski\AppData\Local\ElevatedDiagnostics

2011-08-23 08:46:03 -------- d-----w- C:\Users\Oski\AppData\Local\{66D4A997-85F3-4D8D-B25B-B189B2916D74}

2011-08-23 08:46:01 -------- d-----w- C:\Users\Oski\AppData\Local\{4E887550-3499-4875-9BEB-573EDA34DAA0}

2011-08-22 20:13:25 -------- d-----w- C:\Users\Oski\AppData\Local\{5A0A3A40-EDD4-4843-BA17-24D99CA6851B}

2011-08-22 20:13:24 -------- d-----w- C:\Users\Oski\AppData\Local\{DAE3CA9C-0F2C-4514-82BB-EE761CA10568}

2011-08-22 08:11:38 -------- d-----w- C:\Users\Oski\AppData\Local\{57ACDF5C-3983-4BBA-B4EE-329F77498BF5}

2011-08-22 08:11:35 -------- d-----w- C:\Users\Oski\AppData\Local\{449939BA-9013-443A-AB3C-B6795394DC29}

2011-08-21 10:27:36 -------- d-----w- C:\Users\Oski\AppData\Local\{8F685C79-5390-4732-BBA4-C957BD6F9BE1}

2011-08-21 10:27:34 -------- d-----w- C:\Users\Oski\AppData\Local\{A68F9738-ADDD-4D10-B2FF-3AE76CD15C55}

2011-08-20 10:09:51 -------- d-----w- C:\Users\Oski\AppData\Local\{2499B3C6-0EF6-42A0-A0CB-E383A3D3E9A0}

2011-08-20 10:09:50 -------- d-----w- C:\Users\Oski\AppData\Local\{BBBD6B45-0843-4F80-933F-0155983AD50A}

2011-08-19 22:06:49 -------- d-----w- C:\Users\Oski\AppData\Local\{DB2EB30A-3B1C-4025-8584-6863D81D1738}

2011-08-19 22:06:48 -------- d-----w- C:\Users\Oski\AppData\Local\{2FCECA11-2E8F-4664-84B3-691327BA4390}

2011-08-19 06:28:08 -------- d-----w- C:\Users\Oski\AppData\Local\{A3CA3D5A-C334-461F-AF5C-EF2BFA5808E7}

2011-08-19 06:28:06 -------- d-----w- C:\Users\Oski\AppData\Local\{55F5B1E7-A6F7-448D-81CE-7ABFADA0547E}

2011-08-18 10:53:42 -------- d-----w- C:\Users\Oski\AppData\Local\{5A254568-59D9-436C-A2DA-92298BF94AE5}

2011-08-18 10:53:30 -------- d-----w- C:\Users\Oski\AppData\Local\{0D1654FD-5B0D-49AB-993B-64B5730F5038}

2011-08-17 22:01:04 -------- d-----w- C:\Users\Oski\AppData\Local\{E5E92E16-DC27-48FB-8410-A36C4577E368}

2011-08-17 22:00:56 -------- d-----w- C:\Users\Oski\AppData\Local\{7ED80E4E-50BB-4BE6-B730-F0DAE50685CE}

2011-08-17 07:36:28 -------- d-----w- C:\Users\Oski\AppData\Local\{591A445F-7895-4D2F-A07B-D1EEE8FC3EFB}

2011-08-17 07:36:27 -------- d-----w- C:\Users\Oski\AppData\Local\{8E1E9B23-98A2-4120-A04E-23C6D3D60B0E}

2011-08-16 17:19:57 -------- d-----w- C:\Users\Oski\AppData\Local\{E60FADB8-8DAC-4E85-A1A0-DD26F8F56EF4}

2011-08-16 17:19:55 -------- d-----w- C:\Users\Oski\AppData\Local\{B305AB67-92BE-4499-AA3D-332F11E2D78F}

2011-08-13 19:37:56 -------- d-----w- C:\Users\Oski\AppData\Local\{5D870141-AE81-4170-9F62-86F804B29D70}

2011-08-13 19:37:52 -------- d-----w- C:\Users\Oski\AppData\Local\{429FD83E-47F8-4256-A18E-6F7635141C83}

2011-08-13 07:17:56 -------- d-----w- C:\Users\Oski\AppData\Local\{7D52A095-DAEE-4EAC-ADAD-77681E9CC50A}

2011-08-13 07:17:43 -------- d-----w- C:\Users\Oski\AppData\Local\{4351CBC5-FC86-4726-8BDE-8F23DC48E679}

2011-08-12 17:38:54 -------- d-----w- C:\Users\Oski\AppData\Local\{058D3B7D-30C6-43DF-BD46-9B74081CADB3}

2011-08-12 17:38:53 -------- d-----w- C:\Users\Oski\AppData\Local\{8F924228-8B16-4585-90C3-FB6E19313FD1}

2011-08-12 04:14:43 -------- d-----w- C:\Users\Oski\AppData\Local\{1F1B5985-2BEF-4B0F-BC80-F061725288CB}

2011-08-12 04:14:32 -------- d-----w- C:\Users\Oski\AppData\Local\{DCC70FA1-E384-44AB-9D7E-BB320D828CF9}

2011-08-12 01:31:55 -------- d-----w- C:\Users\Oski\AppData\Local\NFS Underground 2

2011-08-11 17:49:25 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-08-11 17:49:25 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-08-11 17:49:25 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2011-08-11 17:49:25 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-08-11 15:24:41 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-08-11 15:24:35 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2011-08-11 15:24:11 -------- d-----w- C:\Users\Oski\AppData\Roaming\DAEMON Tools Lite

2011-08-11 15:24:08 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2011-08-11 14:19:25 -------- d-----w- C:\ProgramData\Atheros

2011-08-11 14:18:47 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-08-11 14:18:47 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-08-11 14:18:46 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-08-11 13:41:13 -------- d-----w- C:\Users\Oski\AppData\Local\{B4BAA2A5-885B-4FF6-93FD-0465188AB5A1}

2011-08-11 13:41:11 -------- d-----w- C:\Users\Oski\AppData\Local\{2B0C24B2-1A80-4B50-8AD7-B16271ACA393}

2011-08-10 20:26:43 -------- d-----w- C:\Users\Oski\AppData\Roaming\Intense Group

2011-08-10 20:26:23 -------- d-----w- C:\Program Files (x86)\INTENSE Group

2011-08-10 20:25:43 -------- d-----w- C:\Program Files (x86)\Common Files\Business Objects

2011-08-10 20:14:24 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2011-08-10 20:14:20 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-08-10 20:00:11 72536 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll

2011-08-10 20:00:11 108376 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll

2011-08-10 20:00:11 105816 ----a-w- C:\Windows\System32\SQSRVRES.DLL

2011-08-10 19:04:35 -------- d-----w- C:\Users\Oski\AppData\Roaming\Soldat

2011-08-10 18:45:21 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-08-10 18:45:21 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-08-10 18:45:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-08-10 18:45:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-08-10 18:45:20 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-08-10 18:23:58 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll

2011-08-10 18:23:58 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll

2011-08-10 18:23:30 -------- d-----w- C:\Windows\System32\RsFx

2011-08-10 18:22:54 -------- d-----w- C:\Windows\SysWow64\1033

2011-08-10 18:22:54 -------- d-----w- C:\Windows\System32\1033

2011-08-10 11:47:01 -------- d-----w- C:\Users\Oski\AppData\Local\{B98F251C-F448-4407-B981-3714BE141C6F}

2011-08-10 11:46:59 -------- d-----w- C:\Users\Oski\AppData\Local\{22D7E718-D0B1-4ED5-9D69-A69EE4F102AC}

2011-08-09 23:39:40 -------- d-----w- C:\Users\Oski\AppData\Local\{81941A1B-6DC1-4555-B524-6DE363699D9B}

2011-08-09 23:39:27 -------- d-----w- C:\Users\Oski\AppData\Local\{61452D6F-038F-475D-B49B-F48E61B0B4CF}

2011-08-09 08:59:14 -------- d-----w- C:\Users\Oski\AppData\Local\{BDF2114B-9E4A-4101-A2E8-5D0939CDCD0D}

2011-08-09 08:59:09 -------- d-----w- C:\Users\Oski\AppData\Local\{F739EE34-E722-473E-9DE4-70A18D333056}

2011-08-08 20:30:53 -------- d-----w- C:\Users\Oski\AppData\Local\{84335DD1-401E-400F-9739-63E796644895}

2011-08-08 20:30:51 -------- d-----w- C:\Users\Oski\AppData\Local\{F909D39D-D43A-4D82-9391-76183748315D}

2011-08-08 12:31:08 -------- d-----w- C:\ProgramData\Nero

2011-08-08 07:07:51 -------- d-----w- C:\Users\Oski\AppData\Local\{6586C2ED-3DE6-4ECC-89B5-CCA84EA24620}

2011-08-08 07:07:43 -------- d-----w- C:\Users\Oski\AppData\Local\{F02682E7-9A5D-424A-BA0D-FEED4C1EEAC6}

2011-08-07 18:31:24 -------- d-----w- C:\Users\Oski\AppData\Local\SKIDROW

2011-08-07 11:44:10 -------- d-----w- C:\Users\Oski\AppData\Local\{98B1D818-501C-4DD8-BCB2-03F405930523}

2011-08-07 11:44:06 -------- d-----w- C:\Users\Oski\AppData\Local\{A9A3352D-28FF-48F6-98AD-61461F141A5B}

2011-08-06 22:35:59 -------- d-----w- C:\Users\Oski\AppData\Local\{CF80A224-A60E-40BF-9459-AB99748C8A7C}

2011-08-06 22:35:58 -------- d-----w- C:\Users\Oski\AppData\Local\{DCB3EFE4-BADD-4389-BC8F-6B87BE050193}

2011-08-06 10:04:29 -------- d-----w- C:\Users\Oski\AppData\Local\{B0AF6564-5283-4575-8F89-F01B7248B8AE}

2011-08-06 10:04:17 -------- d-----w- C:\Users\Oski\AppData\Local\{D844BAAE-9C0B-4A88-A079-F0DF52BC3E8F}

2011-08-05 21:45:09 -------- d-----w- C:\Users\Oski\AppData\Local\{0581B7F7-27DF-4E0F-8157-1F0C0A5DC622}

2011-08-05 21:45:07 -------- d-----w- C:\Users\Oski\AppData\Local\{677757BF-DCCA-4818-8594-876AB9E424D4}

2011-08-05 09:44:53 -------- d-----w- C:\Users\Oski\AppData\Local\{98B53F26-E200-4B8A-B486-31B1DE8FE977}

2011-08-05 09:44:51 -------- d-----w- C:\Users\Oski\AppData\Local\{D0929748-765E-4411-911A-F10871BEB61E}

2011-08-05 09:36:56 -------- d-----w- C:\Users\Oski\AppData\Local\{46FDD44F-675A-4EE5-8928-1282D2D3F513}

2011-08-05 08:48:34 -------- d-----w- C:\Users\Oski\AppData\Local\Windows Live

2011-08-05 08:48:31 -------- d-----w- C:\Users\Oski\AppData\Local\{9C065364-FB8E-4752-8C27-99D469DF3E60}

2011-08-04 17:31:06 -------- d-----w- C:\Users\Oski\AppData\Local\Microsoft_Corporation

2011-08-04 17:26:39 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2011-08-04 17:25:00 -------- d-----w- C:\Program Files\Microsoft SQL Server

2011-08-04 13:52:31 -------- d-----w- C:\Users\Oski\AppData\Local\{9E651357-ABFE-46FD-BB62-A49C10FD6503}

2011-08-03 17:48:03 -------- d-----w- C:\Users\Oski\AppData\Local\{40422E0F-E42A-4FCF-9BD2-16E75201DC49}

2011-08-03 05:18:39 -------- d-----w- C:\Users\Oski\AppData\Local\{6D078D74-376D-4F05-8B91-4BC5103AC004}

2011-08-02 09:06:28 -------- d-----w- C:\Users\Oski\AppData\Local\{0E3B8C19-75BB-4130-B8D8-91872D7E65EC}

2011-08-01 18:16:20 -------- d-----w- C:\Users\Oski\AppData\Local\{C20BA261-13D2-4E91-A463-B29388C5481A}

2011-08-01 06:13:34 -------- d-----w- C:\Users\Oski\AppData\Local\{CAC31232-111C-4E1E-ABA9-42A7C0316CA0}

2011-07-31 11:38:53 -------- d-----w- C:\Users\Oski\riotsGamesLogs

2011-07-31 10:25:18 -------- d-----w- C:\Users\Oski\AppData\Local\{5E8C6AE3-E8CD-4130-8D0F-D3291EA6469F}

.

==================== Find3M ====================

.

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-06 17:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-05 09:53:45 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-14 11:11:57 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2011-06-14 10:06:45 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-14 10:06:45 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-06-13 22:14:43 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys

2011-06-13 20:54:56 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-05-31 16:45:26 1404928 ----a-w- C:\Windows\System32\RCoRes64.dat

2011-05-31 15:21:28 2886888 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2011-05-31 14:38:54 91240 ----a-w- C:\Windows\System32\RCoInst64.dll

2011-05-31 08:09:30 3114088 ----a-w- C:\Windows\System32\RtkAPO64.dll

2011-05-31 07:42:06 728680 ----a-w- C:\Windows\System32\DTSBassEnhancementDLL64.dll

2011-05-31 07:42:06 712296 ----a-w- C:\Windows\System32\DTSSymmetryDLL64.dll

2011-05-31 07:42:06 693352 ----a-w- C:\Windows\System32\DTSVoiceClarityDLL64.dll

2011-05-31 07:42:06 491112 ----a-w- C:\Windows\System32\DTSNeoPCDLL64.dll

2011-05-31 07:42:06 432744 ----a-w- C:\Windows\System32\DTSLimiterDLL64.dll

2011-05-31 07:42:06 428648 ----a-w- C:\Windows\System32\DTSGainCompensatorDLL64.dll

2011-05-31 07:42:06 242792 ----a-w- C:\Windows\System32\DTSLFXAPO64.dll

2011-05-31 07:42:06 242792 ----a-w- C:\Windows\System32\DTSGFXAPO64.dll

2011-05-31 07:42:06 241768 ----a-w- C:\Windows\System32\DTSGFXAPONS64.dll

2011-05-31 07:42:06 1756264 ----a-w- C:\Windows\System32\DTSS2SpeakerDLL64.dll

2011-05-31 07:42:06 1568360 ----a-w- C:\Windows\System32\DTSS2HeadphoneDLL64.dll

2011-05-31 07:42:06 1486952 ----a-w- C:\Windows\System32\DTSBoostDLL64.dll

.

============= FINISH: 19:08:02,46 ===============

Greetings, netdis.

Attach.zip

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.