prosim o kontrolu logu

[emi]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Zuzana Kazmerova at 2011-11-20 13:00:05
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (5%) free of 81 GB
Total RAM: 1022 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:00:18, on 20. 11. 2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zuzana Kazmerova\Desktop\RSIT.exe
C:\Program Files\trend micro\Zuzana Kazmerova.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Intel Service Monitor] C:\WINDOWS\system32\igfxvtk2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4032048046
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11583 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "dave2x@download:0.5.9, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP]
"Description"=Viewpoint Media Player for Mozilla
"Path"=C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npFoxitReaderPlugin.dll
npnul32.dll
NPOFFICE.DLL
nsIQTScriptablePlugin.xpt
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\extensions\
dave2x@download

C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\
icqplugin-12.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2006-11-06 722472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}]
McAfee AntiPhishing Filter

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-12 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-03 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-12 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} -
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-12 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-05-01 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 602182]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-10 49152]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2004-11-19 442368]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Intel Service Monitor"=C:\WINDOWS\system32\igfxvtk2.exe [2011-10-22 183808]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2005-09-27 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe [2010-11-06 233936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe [2007-11-13 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-12 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2
"MSSQLServerADHelper"=3
"MSSQL$MICROSOFTSMLBIZ"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0
"DisallowRun"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\igfxvtk2.exe"="C:\WINDOWS\system32\igfxvtk2.exe:*:Enabled:bLAN"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\igfxvtk2.exe"="C:\WINDOWS\system32\igfxvtk2.exe:*:Enabled:bLAN"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"vidc.tscc"=tsccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-10-30 11:51:02 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2011-10-30 11:50:58 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2011-10-30 11:50:29 ----D---- C:\Documents and Settings\Zuzana Kazmerova\Application Data\TuneUp Software
2011-10-30 11:50:07 ----D---- C:\Program Files\TuneUp Utilities 2011
2011-10-30 11:49:29 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2011-10-30 11:49:03 ----SHD---- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-10-22 14:47:12 ----SH---- C:\WINDOWS\system32\igfxvtk2.exe

======List of files/folders modified in the last 1 month======

2011-11-20 13:00:09 ----D---- C:\Program Files\trend micro
2011-11-20 13:00:06 ----D---- C:\WINDOWS\Prefetch
2011-11-20 12:53:22 ----D---- C:\Program Files\Mozilla Firefox
2011-11-20 12:52:18 ----D---- C:\WINDOWS
2011-11-20 12:51:41 ----D---- C:\WINDOWS\temp
2011-11-20 12:49:58 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-20 12:49:55 ----D---- C:\WINDOWS\Registration
2011-11-20 12:49:50 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2011-11-13 23:56:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-13 23:53:18 ----RASH---- C:\boot.ini
2011-11-13 23:53:18 ----A---- C:\WINDOWS\win.ini
2011-11-13 23:53:18 ----A---- C:\WINDOWS\system.ini
2011-11-13 23:26:36 ----SD---- C:\WINDOWS\Tasks
2011-10-30 12:27:32 ----SHD---- C:\WINDOWS\CSC
2011-10-30 12:25:49 ----D---- C:\Documents and Settings\Zuzana Kazmerova\Application Data\uTorrent
2011-10-30 11:51:06 ----SHD---- C:\WINDOWS\Installer
2011-10-30 11:51:05 ----D---- C:\WINDOWS\system32\config
2011-10-30 11:51:02 ----SHD---- C:\WINDOWS\system32
2011-10-30 11:50:07 ----D---- C:\Program Files
2011-10-30 11:48:35 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-30 10:39:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-12-01 87488]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-04 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-10 223616]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-31 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-31 8552]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-10 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-10 163584]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-10 12416]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-26 1429632]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys [2008-01-15 257024]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
S3 catchme;catchme; \??\C:\DOCUME~1\ZUZANA~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cglptnt;cglptnt; \??\C:\Program Files\totalcmd\cglptnt.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-10 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-10 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TridVid;TM6000 TV Service; C:\WINDOWS\system32\DRIVERS\TridVid.sys [2007-12-24 230528]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-10-01 96341]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 dlcg_device;dlcg_device; C:\WINDOWS\system32\dlcgcoms.exe [2005-10-28 491520]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-04-24 1181328]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-04 323584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2005-05-04 9150464]
S4 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-04 73728]
S4 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]

-----------------EOF-----------------

[motji]

Dobré ranko

Co trápí počítač?

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[emi]

Dobry den,
pocitac trapi nejaky virus, aj pocas behu OTL vyskocilo okno s virusom (zial nechal som to zmazat skor ako som si uvedomil ze si to mam precitat)


OTL logfile created on: 21. 11. 2011 19:35:39 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Zuzana Kazmerova\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

1022,37 Mb Total Physical Memory | 577,02 Mb Available Physical Memory | 56,44% Memory free
2,40 Gb Paging File | 1,98 Gb Available in Paging File | 82,76% Paging File free
Paging file location(s): C:\pagefile.sys 2 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79,17 Gb Total Space | 4,32 Gb Free Space | 5,46% Space Free | Partition Type: NTFS
Drive D: | 26,23 Gb Total Space | 3,10 Gb Free Space | 11,80% Space Free | Partition Type: NTFS

Computer Name: SMOLKO | User Name: Zuzana Kazmerova | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.21 19:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zuzana Kazmerova\Desktop\OTL.exe
PRC - [2011.05.03 18:18:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2006.05.24 17:28:28 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.05.01 15:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006.05.01 15:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006.05.01 15:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006.05.01 15:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006.03.24 22:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006.01.02 23:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004.11.19 16:37:00 | 000,442,368 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2004.08.10 11:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011.04.24 10:17:12 | 000,163,728 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MOD - [2009.12.25 19:29:44 | 011,808,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\003aa2130224c14294773e8266b8b0e3\System.Web.ni.dll
MOD - [2009.12.25 19:29:16 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b7e22ad49e2cfc49b95833f272856a24\System.Configuration.ni.dll
MOD - [2009.12.25 19:29:00 | 000,026,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\a34ad3d075c19f459105869860fcdcf7\Accessibility.ni.dll
MOD - [2009.12.25 18:38:01 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\e578481dfc617247bc54ab4e9d81d9d9\System.Xml.ni.dll
MOD - [2009.12.25 18:37:52 | 013,107,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ae74b747b1b0c946bf0c8b01df0f2cad\System.Windows.Forms.ni.dll
MOD - [2009.12.25 18:37:37 | 001,626,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\4d1ff0905853584abd9dd9598f0a8348\System.Drawing.ni.dll
MOD - [2009.12.25 18:37:31 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ff02d9eb99c2e5418508475ee9987c3d\System.ni.dll
MOD - [2009.12.25 18:37:15 | 011,415,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\c79041790e63b842895c97b009f9cc12\mscorlib.ni.dll
MOD - [2009.12.25 18:36:22 | 000,368,640 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2009.12.25 18:36:22 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009.01.28 15:03:49 | 000,326,401 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2006.07.27 18:51:18 | 000,057,451 | ---- | M] () -- C:\Program Files\ICQLite\ICQLiteShell.dll
MOD - [2006.05.24 17:29:44 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006.05.01 15:38:06 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006.05.01 15:38:06 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006.05.01 15:38:06 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006.03.10 17:49:30 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005.08.30 05:13:42 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2005.08.05 20:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004.08.10 11:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004.08.10 11:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003.05.15 19:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.04.24 10:17:00 | 001,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006.05.01 15:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2005.10.28 13:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcgcoms.exe -- (dlcg_device)


========== Driver Services (SafeList) ==========

DRV - [2009.12.02 14:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.07.28 15:33:56 | 000,055,656 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.01.15 08:12:56 | 000,257,024 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv)
DRV - [2007.12.24 05:00:00 | 000,230,528 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TridVid.sys -- (TridVid)
DRV - [2007.09.14 07:02:10 | 000,007,888 | ---- | M] (C. Ghisler & Co.) [Kernel | On_Demand | Stopped] -- C:\Program Files\totalcmd\CGLPTNT.SYS -- (cglptnt)
DRV - [2006.11.07 09:42:16 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200bus.sys -- (w200bus) Sony Ericsson W200 driver (WDM)
DRV - [2006.05.24 17:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006.05.24 17:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006.05.24 17:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006.05.24 17:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.05.24 17:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006.05.24 17:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.05.24 16:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006.05.24 16:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006.05.23 13:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.05.01 15:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006.04.26 22:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006.03.24 22:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005.11.11 21:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005.10.14 14:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005.10.14 14:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.10.14 14:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005.08.10 17:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005.08.05 15:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.07.22 02:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.07.22 02:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.07.22 02:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004.08.10 11:00:00 | 000,223,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2004.08.10 11:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004.08.10 11:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.10 11:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004.02.13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001.08.17 19:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cli ... channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
IE - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.sk"
FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9
FF - prefs.js..network.proxy.autoconfig_url: "http://www.uniba.sk/proxy.pac"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 18:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.21 00:10:39 | 000,000,000 | ---D | M]

[2008.09.08 03:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Extensions
[2011.11.20 13:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\extensions
[2010.03.08 20:41:13 | 000,000,000 | ---D | M] (RDown - Rapidshare Downloader) -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\extensions\dave2x@download
[2011.11.20 13:03:22 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\icqplugin-12.xml
[2008.09.02 17:52:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\icqplugin-2.xml
[2008.09.08 03:37:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\icqplugin-3.xml
[2008.09.29 08:09:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\icqplugin-4.xml
[2009.09.11 21:57:55 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\icqplugin-5.xml
[2009.09.11 22:25:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\icqplugin-6.xml
[2009.10.31 17:32:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\icqplugin-7.xml
[2009.12.21 22:14:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\icqplugin-8.xml
[2010.01.07 18:04:58 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\icqplugin-9.xml
[2008.11.09 09:54:09 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\icqplugin.xml
[2009.05.21 14:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.01 15:50:13 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.11.02 20:29:21 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2010.11.02 20:29:21 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2010.11.02 20:29:21 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2010.11.02 20:29:21 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2010.11.02 20:29:21 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2010.11.02 20:29:21 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010.03.20 12:44:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Intel Service Monitor] C:\WINDOWS\system32\igfxvtk2.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-774951086-2105948453-1577513566-1006..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = avnotify.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 4032048046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.08.16 10:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{103e67c8-2827-11dd-855f-0016cffdf248}\Shell\AutoRun\command - "" = H:\USBNB.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-774951086-2105948453-1577513566-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.11.21 19:34:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zuzana Kazmerova\Desktop\OTL.exe
[2011.11.21 00:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011.11.21 00:28:39 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011.11.20 23:59:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.10.30 11:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\TuneUp Software
[2011.10.30 11:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011.10.30 11:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011.10.30 11:49:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.10.30 11:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zuzana Kazmerova\Start Menu\Programs\Google Chrome
[2011.10.30 11:27:53 | 000,606,560 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Zuzana Kazmerova\Desktop\ChromeSetup.exe
[2006.11.19 20:10:03 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgserv.dll
[2006.11.19 20:10:03 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgusb1.dll
[2006.11.19 20:10:03 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgprox.dll
[2006.11.19 20:10:03 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpplc.dll
[2006.11.19 20:10:02 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpmui.dll
[2006.11.19 20:10:02 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgih.exe
[2006.11.19 20:10:01 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomc.dll
[2006.11.19 20:10:01 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcoms.exe
[2006.11.19 20:10:01 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcglmpm.dll
[2006.11.19 20:10:01 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomm.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.21 19:38:44 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.11.21 19:34:33 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006UA.job
[2011.11.21 19:34:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zuzana Kazmerova\Desktop\OTL.exe
[2011.11.21 19:21:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.21 19:21:12 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.21 19:21:12 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.11.21 00:17:45 | 000,415,146 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.21 00:17:45 | 000,068,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.11.21 00:16:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.20 23:16:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011.11.20 17:23:16 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.11.20 17:23:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011.11.20 17:23:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011.11.20 17:23:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011.11.20 12:59:34 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Desktop\RSIT.exe
[2011.11.20 12:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.13 23:53:18 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011.10.30 12:28:47 | 000,047,109 | -H-- | M] () -- C:\WINDOWS\System32\userdiff.sav
[2011.10.30 12:28:47 | 000,047,109 | -H-- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\userdiff.sav
[2011.10.30 11:48:36 | 000,214,528 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.30 11:48:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.10.30 11:34:01 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006Core.job
[2011.10.30 11:30:55 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Desktop\Google Chrome.lnk
[2011.10.30 11:30:55 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.10.30 11:27:59 | 000,606,560 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Zuzana Kazmerova\Desktop\ChromeSetup.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.21 19:38:44 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.11.21 19:15:01 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2011.10.30 11:30:55 | 000,002,365 | ---- | C] () -- C:\Documents and Settings\Zuzana Kazmerova\Desktop\Google Chrome.lnk
[2011.10.30 11:30:55 | 000,002,343 | ---- | C] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.10.30 11:29:08 | 000,001,060 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006UA.job
[2011.10.30 11:29:06 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006Core.job
[2011.10.30 10:35:53 | 000,047,109 | -H-- | C] () -- C:\WINDOWS\System32\userdiff.sav
[2011.10.30 10:35:53 | 000,047,109 | -H-- | C] () -- C:\Documents and Settings\Zuzana Kazmerova\userdiff.sav
[2011.10.22 14:47:12 | 000,183,808 | -HS- | C] () -- C:\WINDOWS\System32\igfxvtk2.exe
[2010.03.22 20:32:57 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.03.22 20:32:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.03.22 20:32:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.03.22 20:32:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.03.22 20:32:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.03.19 20:49:32 | 000,013,482 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3N4Om
[2010.03.19 20:49:31 | 000,013,482 | -HS- | C] () -- C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\3N4Om
[2010.01.09 15:29:23 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008.12.27 16:27:24 | 000,516,096 | R--- | C] () -- C:\WINDOWS\6000RMT.exe
[2008.12.27 16:25:31 | 000,230,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\TridVid.sys
[2008.12.22 20:11:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2008.09.04 00:47:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.08.01 13:41:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008.01.19 19:34:54 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008.01.19 19:34:54 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2008.01.19 19:34:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008.01.19 19:34:54 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007.06.14 13:43:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fppent2a.dll
[2007.02.28 03:55:53 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007.02.20 17:05:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006.12.20 05:35:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.12.19 04:24:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006.12.17 01:46:47 | 000,000,085 | ---- | C] () -- C:\WINDOWS\SLEX99.INI
[2006.11.22 18:44:41 | 000,000,826 | ---- | C] () -- C:\WINDOWS\webtran4.INI
[2006.11.19 20:10:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcgvs.dll
[2006.11.19 20:10:00 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcgutil.dll
[2006.11.19 20:09:54 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcgjswr.dll
[2006.11.19 20:09:53 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcginsb.dll
[2006.11.19 20:09:53 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcgins.dll
[2006.11.19 20:09:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcginsr.dll
[2006.11.19 20:09:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcgcub.dll
[2006.11.19 20:09:51 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcgcu.dll
[2006.11.19 20:09:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcgcur.dll
[2006.11.19 20:09:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcgcfg.dll
[2006.10.11 18:38:54 | 000,004,631 | ---- | C] () -- C:\WINDOWS\wtran32.INI
[2006.10.11 18:33:56 | 000,006,399 | ---- | C] () -- C:\WINDOWS\wdict32.INI
[2006.09.26 21:17:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\wklnhst.dat
[2006.09.11 03:56:26 | 000,003,818 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006.09.11 03:53:05 | 000,214,528 | ---- | C] () -- C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.09.09 04:00:57 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\fusioncache.dat
[2006.08.31 09:54:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.08.31 09:46:25 | 000,000,732 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.08.31 09:36:11 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006.08.31 09:34:27 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006.08.31 09:31:40 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.08.31 09:30:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006.08.31 08:55:04 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006.08.31 08:54:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006.08.31 08:54:45 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006.08.31 08:53:07 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006.05.24 17:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 11:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.08.31 18:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2005.08.16 10:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.08.16 10:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.08.16 10:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.08.16 10:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.08.16 10:27:59 | 000,281,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.08.16 10:18:35 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005.08.16 10:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005.08.16 10:18:33 | 000,415,146 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.08.16 10:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005.08.16 10:18:33 | 000,068,256 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.08.16 10:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005.08.16 10:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005.08.16 10:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.08.16 10:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.08.16 10:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005.08.16 10:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005.08.16 10:18:19 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005.08.16 10:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005.08.16 10:18:08 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005.08.05 20:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003.04.09 21:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008.09.09 10:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ADInstruments
[2008.01.20 23:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2006.11.19 20:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008.01.19 19:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2008.10.13 11:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatSoft
[2011.11.20 23:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011.10.30 11:49:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010.01.09 12:03:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2008.09.09 10:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\ADInstruments
[2009.11.01 15:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Foxit
[2008.09.08 03:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\ICQ Toolbar
[2006.10.18 22:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\ICQLite
[2006.09.26 22:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Leadertech
[2007.10.06 18:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\MapInfo
[2007.04.03 09:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\MSNInstaller
[2009.04.21 11:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\OriginLab
[2008.01.19 19:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Simply Super Software
[2010.05.01 08:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\SWI-Prolog
[2008.08.01 13:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Teleca
[2006.09.26 21:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Template
[2011.10.30 11:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\TuneUp Software
[2011.11.21 00:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\uTorrent
[2010.05.01 09:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\xpce
[2011.11.20 17:23:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011.11.20 17:23:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011.11.20 23:16:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011.11.20 17:23:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011.11.20 17:23:16 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.10 11:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)

< >


< MD5 for: AGP440.SYS >
[2004.08.10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004.08.10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.04 05:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004.08.04 05:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004.08.04 05:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004.08.10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004.08.10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004.08.04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2004.08.10 11:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\i386\autochk.exe
[2004.08.10 11:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\system32\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2004.08.10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.10 11:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\i386\cdrom.sys
[2004.08.10 11:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.10 11:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\i386\cryptsvc.dll
[2004.08.10 11:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004.08.10 11:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.10 11:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2004.08.10 11:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\i386\csrss.exe
[2004.08.10 11:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\csrss.exe
[2004.08.10 11:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EVENTLOG.DLL >
[2004.08.10 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004.08.10 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.10 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.10 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004.08.10 11:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004.08.10 11:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004.08.10 11:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: FASTFAT.SYS >
[2004.08.10 11:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3117F595E9615E04F05A54FC15A03B20 -- C:\i386\fastfat.sys
[2004.08.10 11:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3117F595E9615E04F05A54FC15A03B20 -- C:\WINDOWS\system32\dllcache\fastfat.sys
[2004.08.10 11:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3117F595E9615E04F05A54FC15A03B20 -- C:\WINDOWS\system32\drivers\fastfat.sys

< MD5 for: HAL.DLL >
[2004.08.10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:hal.dll
[2004.08.10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2005.06.23 01:05:52 | 000,134,272 | ---- | M] (Microsoft Corporation) MD5=4A8F90497503FD24BD284156B75822F6 -- C:\i386\HAL.DLL
[2005.06.23 01:05:52 | 000,134,272 | ---- | M] (Microsoft Corporation) MD5=4A8F90497503FD24BD284156B75822F6 -- C:\WINDOWS\system32\HAL.DLL
[2004.11.16 02:37:04 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=BE7A7927F3BE8068C81577771D33762F -- C:\WINDOWS\Driver Cache\i386\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys
[2004.08.10 11:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2001.08.17 19:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\i386\isapnp.sys
[2001.08.17 19:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2001.08.17 19:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.10 11:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\i386\lsass.exe
[2004.08.10 11:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.10 11:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.10 11:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2004.08.10 11:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004.08.10 11:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.10 11:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.10 11:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.10 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004.08.10 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.10 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.10 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2004.08.10 11:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\i386\ntfs.sys
[2004.08.10 11:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2004.08.10 11:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2004.08.10 11:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\system32\drivers\ntfs.sys

< MD5 for: SCECLI.DLL >
[2004.08.10 11:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004.08.10 11:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.10 11:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.10 11:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2004.08.10 11:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
[2004.08.10 11:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\ERDNT\cache\services.exe
[2004.08.10 11:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\dllcache\services.exe
[2004.08.10 11:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\services.exe

< MD5 for: SMSS.EXE >
[2004.08.10 11:00:00 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=9A98937A980831729D21343754FF9D59 -- C:\i386\SYSTEM32\SMSS.EXE
[2004.08.10 11:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\i386\smss.exe
[2004.08.10 11:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.10 11:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SPOOLSV.EXE >
[2005.06.11 01:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2005.06.11 00:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\i386\spoolsv.exe
[2005.06.11 00:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2005.06.11 00:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2005.06.11 00:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2004.08.10 11:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004.08.10 11:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.10 11:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.10 11:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
[2004.08.10 11:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\i386\tcpip.sys
[2004.08.10 11:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2004.08.10 11:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.04.20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2qfe\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.10 11:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004.08.10 11:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.10 11:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.10 11:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.10 11:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004.08.10 11:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.10 11:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.10 11:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.10 11:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\i386\ws2_32.dll
[2004.08.10 11:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.10 11:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.10 11:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2005.11.22 13:50:12 | 000,073,728 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcgPP5C.DLL
[2003.06.19 07:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2006.08.31 08:54:16 | 000,007,043 | ---- | M] () -- C:\WINDOWS\system32\drivers\1028_Dell_INS_I6400.mrk
[2006.05.23 12:19:40 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2006.02.08 07:44:06 | 001,114,674 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.cpa
[2006.02.08 07:44:06 | 000,000,929 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.vp
[2005.10.14 01:10:12 | 000,058,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativckxx.vp
[2006.05.23 13:24:46 | 000,028,976 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativvpxx.vp
[2005.08.09 03:10:06 | 000,133,972 | ---- | M] () -- C:\WINDOWS\system32\drivers\del1028.cty
[2004.08.10 11:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2004.08.10 11:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011.11.21 19:21:12 | 000,281,336 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2011.11.21 00:17:45 | 000,068,256 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2011.11.21 00:17:45 | 000,415,146 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2011.11.21 00:17:45 | 000,473,928 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2011.11.20 12:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >
[2005.08.16 10:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.08.16 10:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.08.16 10:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[1 C:\WINDOWS\CSC\*.tmp files -> C:\WINDOWS\CSC\*.tmp -> ]
[1 C:\WINDOWS\ehome\*.tmp files -> C:\WINDOWS\ehome\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5d3faaabc6b78b1590eecedbd23dec14\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5d3faaabc6b78b1590eecedbd23dec14\*.tmp -> ]
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[4 C:\WINDOWS\system32\dllcache\*.tmp files -> C:\WINDOWS\system32\dllcache\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2008.09.09 10:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\ADInstruments
[2009.09.04 19:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Adobe
[2007.03.05 10:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\AdobeUM
[2006.12.25 03:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Ahead
[2006.08.31 09:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\ATI
[2006.09.14 16:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Corel Photo Album
[2007.05.05 18:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\CyberLink
[2009.09.12 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Digsby
[2009.06.22 05:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\dvdcss
[2009.11.01 15:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Foxit
[2006.11.21 13:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Google
[2007.10.17 21:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Help
[2008.03.02 15:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Hewlett-Packard
[2008.09.08 03:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\ICQ Toolbar
[2006.10.18 22:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\ICQLite
[2005.08.16 10:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Identities
[2006.08.31 09:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Intel
[2006.09.26 22:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Leadertech
[2006.09.11 03:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Macromedia
[2007.10.06 18:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\MapInfo
[2007.01.13 18:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\McAfee.com Personal Firewall
[2010.12.26 20:13:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Microsoft
[2008.09.08 03:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla
[2009.12.25 18:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\MozillaControl
[2007.04.03 09:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\MSNInstaller
[2010.11.21 14:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\OpenOffice.org2
[2009.04.21 11:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\OriginLab
[2008.01.19 19:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Simply Super Software
[2011.09.03 21:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Skype
[2006.09.26 22:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Sonic
[2008.08.01 13:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Sony Ericsson
[2006.09.28 13:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Sun
[2010.05.01 08:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\SWI-Prolog
[2006.08.31 09:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Symantec
[2008.08.01 13:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Teleca
[2006.09.26 21:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Template
[2011.10.30 11:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\TuneUp Software
[2008.12.10 18:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\U3
[2011.11.21 00:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\uTorrent
[2007.12.10 19:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Winamp
[2010.05.01 09:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\xpce

< %APPDATA%\*.* >
[2005.08.16 10:33:26 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\desktop.ini
[2007.01.12 03:21:08 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006.09.26 21:17:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\wklnhst.dat

< %APPDATA%\*.exe /s >
[2009.06.02 17:19:57 | 001,878,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2007.04.03 09:21:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\MSNInstaller\msnauins.exe
[2007.11.23 02:38:26 | 000,963,136 | ---- | M] (Simply Super Software) -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Simply Super Software\Trjinst\RmvTrjan.exe
[2007.02.19 00:12:28 | 000,035,440 | ---- | M] (Simply Super Software) -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Simply Super Software\Trjinst\Sschk.exe
[2008.01.03 23:11:02 | 000,737,872 | ---- | M] (Simply Super Software) -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Simply Super Software\Trjinst\Trjscan.exe
[2006.12.26 21:38:34 | 000,185,432 | ---- | M] (Simply Super Software) -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Simply Super Software\Trjinst\trunins.exe
[2007.08.31 21:00:52 | 000,439,888 | ---- | M] (Simply Super Software) -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Simply Super Software\Trjinst\trupd.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\U3\temp\cleanup.exe
[2007.10.23 09:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Zuzana Kazmerova\Application Data\U3\temp\Launchpad Removal.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 0

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0lsdelete\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.11.21 19:38:44 | 000,000,512 | ---- | M] () MD5=3B20F1ACF85FFD476E2106FA6305516F -- C:\PhysicalMBR.bin

< End of report >

[emi]

nezmestilo sa to do jednej odpovede


OTL Extras logfile created on: 21. 11. 2011 19:35:39 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Zuzana Kazmerova\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

1022,37 Mb Total Physical Memory | 577,02 Mb Available Physical Memory | 56,44% Memory free
2,40 Gb Paging File | 1,98 Gb Available in Paging File | 82,76% Paging File free
Paging file location(s): C:\pagefile.sys 2 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79,17 Gb Total Space | 4,32 Gb Free Space | 5,46% Space Free | Partition Type: NTFS
Drive D: | 26,23 Gb Total Space | 3,10 Gb Free Space | 11,80% Space Free | Partition Type: NTFS

Computer Name: SMOLKO | User Name: Zuzana Kazmerova | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-774951086-2105948453-1577513566-1006\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\igfxvtk2.exe" = C:\WINDOWS\system32\igfxvtk2.exe:*:Enabled:bLAN -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\igfxvtk2.exe" = C:\WINDOWS\system32\igfxvtk2.exe:*:Enabled:bLAN -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5ED69AF4-C38E-11D3-B10A-00500406C16C}" = STATISTICA 6
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FBBF1E5-C2C2-42FE-83CA-E10E1647DDF0}" = OpenOffice.org 2.2
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{B1A8A5D7-0613-4373-BB0C-2AA428C935BD}" = NWZ-B160 WALKMAN Guide
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ECE12161-B445-48FA-9056-FD54D8A72459}" = OriginPro 7.5
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSPlayer1" = BSPlayer
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Dell AIO 810" = Dell AIO 810
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"Chart5 for Windows" = Chart5 for Windows
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"pdfFactory Pro" = pdfFactory Pro
"ProInst" = Intel(R) PROSet/Wireless Software
"Skype_is1" = Skype (BETA)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-774951086-2105948453-1577513566-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27. 8. 2011 13:11:51 | Computer Name = SMOLKO | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 13. 9. 2011 15:40:57 | Computer Name = SMOLKO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.

Error - 13. 9. 2011 15:41:33 | Computer Name = SMOLKO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.

Error - 13. 9. 2011 16:05:52 | Computer Name = SMOLKO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.

Error - 13. 9. 2011 16:29:01 | Computer Name = SMOLKO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.

Error - 21. 10. 2011 12:02:56 | Computer Name = SMOLKO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/m ... ootseq.txt>
with error: The server name or address could not be resolved

Error - 30. 10. 2011 6:33:51 | Computer Name = SMOLKO | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.4127, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30. 10. 2011 6:33:54 | Computer Name = SMOLKO | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.4127, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30. 10. 2011 6:51:48 | Computer Name = SMOLKO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/m ... ootstl.cab>
with error: The data is invalid.

Error - 30. 10. 2011 7:24:59 | Computer Name = SMOLKO | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 15.0.874.106, faulting module
kernel32.dll, version 5.1.2600.2180, fault address 0x0001eb33.

[ System Events ]
Error - 20. 11. 2011 19:48:02 | Computer Name = SMOLKO | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 20. 11. 2011 19:48:02 | Computer Name = SMOLKO | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 20. 11. 2011 19:48:02 | Computer Name = SMOLKO | Source = Service Control Manager | ID = 7001
Description = The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol
Driver service which failed to start because of the following error: %%31

Error - 20. 11. 2011 19:48:02 | Computer Name = SMOLKO | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 20. 11. 2011 19:48:02 | Computer Name = SMOLKO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avgio avipbb Fips intelppm IPSec MPFIREWL MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
Tcpip6

Error - 20. 11. 2011 19:49:04 | Computer Name = SMOLKO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21. 11. 2011 14:15:45 | Computer Name = SMOLKO | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 21. 11. 2011 14:17:23 | Computer Name = SMOLKO | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 21. 11. 2011 14:22:06 | Computer Name = SMOLKO | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 21. 11. 2011 14:22:37 | Computer Name = SMOLKO | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.


< End of report >

[motji]

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[emi]

ComboFix 11-11-21.01 - Zuzana Kazmerova . 11. 2011 22:54:47.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.513 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Zuzana Kazmerova\userdiff.sav
c:\documents and settings\Zuzana Kazmerova\WINDOWS
c:\windows\CSC\d6
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\igfxvtk2.exe
c:\windows\system32\userdiff.sav
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 18:38 . 2011-11-21 18:38 512 ----a-w- C:\PhysicalMBR.bin
2011-11-20 23:47 . 2011-11-20 23:47 -------- d-----w- c:\program files\CONEXANT
2011-11-20 23:28 . 2011-11-20 23:28 -------- d-----w- C:\spoolerlogs
2011-10-30 10:50 . 2011-10-30 10:50 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\TuneUp Software
2011-10-30 10:50 . 2011-11-20 22:34 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-10-30 10:49 . 2011-11-20 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-10-30 10:49 . 2011-10-30 10:49 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.09.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-18 20:51 . 2006-05-24 16:00 66488 c:\windows\system32\ReinstallBackups\0000\DriverFiles\btwusb.sys
+ 2005-08-16 09:18 . 2011-11-20 23:17 68256 c:\windows\system32\perfc009.dat
- 2010-01-09 14:29 . 2009-12-02 13:19 15880 c:\windows\system32\lsdelete.exe
+ 2010-01-09 14:29 . 2011-04-24 09:17 15880 c:\windows\system32\lsdelete.exe
+ 2010-03-14 08:18 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-04-24 09:17 . 2011-04-16 15:17 93360 c:\windows\system32\drivers\SBREDrv.sys
+ 2006-05-24 23:00 . 2006-05-24 16:00 66488 c:\windows\system32\drivers\btwusb.sys
- 2006-05-24 23:00 . 2006-05-24 23:00 66488 c:\windows\system32\drivers\btwusb.sys
+ 2006-05-24 23:01 . 2006-05-24 16:01 30285 c:\windows\system32\drivers\btwmodem.sys
- 2006-05-24 23:01 . 2006-05-24 23:01 30285 c:\windows\system32\drivers\btwmodem.sys
- 2006-05-24 22:57 . 2006-05-24 22:57 45683 c:\windows\system32\drivers\btwhid.sys
+ 2006-05-24 22:57 . 2006-05-24 15:57 45683 c:\windows\system32\drivers\btwhid.sys
- 2006-05-24 23:05 . 2006-05-24 23:05 23271 c:\windows\system32\drivers\btserial.sys
+ 2006-05-24 16:05 . 2006-05-24 16:05 23271 c:\windows\system32\drivers\btserial.sys
+ 2006-05-24 16:01 . 2006-05-24 16:01 30427 c:\windows\system32\drivers\btport.sys
- 2006-05-24 23:01 . 2006-05-24 23:01 30427 c:\windows\system32\drivers\btport.sys
+ 2010-03-14 08:18 . 2009-03-30 08:33 96104 c:\windows\system32\drivers\avipbb.sys
+ 2010-03-14 08:18 . 2009-02-13 10:29 22360 c:\windows\system32\drivers\avgntmgr.sys
+ 2010-03-14 08:18 . 2009-07-28 14:33 55656 c:\windows\system32\drivers\avgntflt.sys
+ 2010-03-14 08:18 . 2009-02-13 10:17 45416 c:\windows\system32\drivers\avgntdd.sys
- 2005-08-10 15:16 . 2005-08-10 15:16 50176 c:\windows\system32\CSH.DLL
+ 2005-08-10 08:16 . 2005-08-10 08:16 50176 c:\windows\system32\CSH.DLL
+ 2006-09-09 02:34 . 2011-11-20 16:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-09-09 02:34 . 2011-11-20 16:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-25 22:17 . 2011-11-20 16:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-05-24 23:12 . 2006-05-24 23:12 24576 c:\windows\system32\BtXpShell.dll
+ 2006-05-24 16:12 . 2006-05-24 16:12 24576 c:\windows\system32\BtXpShell.dll
+ 2006-05-24 16:14 . 2006-05-24 16:14 45056 c:\windows\system32\btwpimif.dll
- 2006-05-24 23:14 . 2006-05-24 23:14 45056 c:\windows\system32\btwpimif.dll
- 2006-05-24 23:31 . 2006-05-24 23:31 90112 c:\windows\system32\BtWiaExt.dll
+ 2006-05-24 16:31 . 2006-05-24 16:31 90112 c:\windows\system32\BtWiaExt.dll
- 2006-05-24 23:19 . 2006-05-24 23:19 73728 c:\windows\system32\btsendto_wab.dll
+ 2006-05-24 16:19 . 2006-05-24 16:19 73728 c:\windows\system32\btsendto_wab.dll
+ 2006-05-24 16:18 . 2006-05-24 16:18 49152 c:\windows\system32\btsendto_notes.dll
- 2006-05-24 23:18 . 2006-05-24 23:18 49152 c:\windows\system32\btsendto_notes.dll
+ 2006-05-24 16:20 . 2006-05-24 16:20 73728 c:\windows\system32\btsendto_ie.dll
- 2006-05-24 23:20 . 2006-05-24 23:20 73728 c:\windows\system32\btsendto_ie.dll
+ 2006-05-24 16:04 . 2006-05-24 16:04 94208 c:\windows\system32\btrezxp.dll
- 2006-05-24 23:04 . 2006-05-24 23:04 94208 c:\windows\system32\btrezxp.dll
+ 2006-05-24 16:16 . 2006-05-24 16:16 90112 c:\windows\system32\btprn2k.dll
- 2006-05-24 23:16 . 2006-05-24 23:16 90112 c:\windows\system32\btprn2k.dll
- 2006-05-24 23:04 . 2006-05-24 23:04 65536 c:\windows\system32\BTNCopy.dll
+ 2006-05-24 16:04 . 2006-05-24 16:04 65536 c:\windows\system32\BTNCopy.dll
+ 2006-05-24 16:06 . 2006-05-24 16:06 36864 c:\windows\system32\btdev.dll
- 2006-05-24 23:06 . 2006-05-24 23:06 36864 c:\windows\system32\btdev.dll
+ 2006-05-24 16:11 . 2006-05-24 16:11 73728 c:\windows\system32\BtAudioHelper.dll
- 2006-05-24 23:11 . 2006-05-24 23:11 73728 c:\windows\system32\BtAudioHelper.dll
+ 2011-08-25 16:17 . 2011-08-25 16:17 86016 c:\windows\Installer\{B1A8A5D7-0613-4373-BB0C-2AA428C935BD}\NewShortcut2_14F023817E774962BA726289F216A4C8.exe
+ 2011-08-25 16:17 . 2011-08-25 16:17 86016 c:\windows\Installer\{B1A8A5D7-0613-4373-BB0C-2AA428C935BD}\NewShortcut1_14F023817E774962BA726289F216A4C8.exe
+ 2011-08-25 16:17 . 2011-08-25 16:17 86016 c:\windows\Installer\{B1A8A5D7-0613-4373-BB0C-2AA428C935BD}\ARPPRODUCTICON.exe
- 2006-08-31 08:22 . 2006-08-31 08:22 33982 c:\windows\Installer\{3F4EC965-28EF-45C3-B063-04B25D4E9679}\ARPPRODUCTICON.exe
+ 2006-08-31 08:22 . 2011-09-18 20:50 33982 c:\windows\Installer\{3F4EC965-28EF-45C3-B063-04B25D4E9679}\ARPPRODUCTICON.exe
+ 2005-08-17 02:00 . 2005-08-17 02:00 7680 c:\windows\assembly\temp\0BJS08GPX6\Accessibility.dll
- 2006-05-24 22:59 . 2006-05-24 22:59 577536 c:\windows\system32\WidcommSdk.dll
+ 2006-05-24 15:59 . 2006-05-24 15:59 577536 c:\windows\system32\WidcommSdk.dll
- 2006-05-24 23:01 . 2006-05-24 23:01 589885 c:\windows\system32\wbtapi.dll
+ 2006-05-24 16:01 . 2006-05-24 16:01 589885 c:\windows\system32\wbtapi.dll
+ 2005-08-16 09:18 . 2011-11-20 23:17 415146 c:\windows\system32\perfh009.dat
+ 2010-11-06 12:22 . 2010-11-06 12:22 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
- 2005-08-16 09:27 . 2009-12-25 21:46 281336 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 09:27 . 2011-11-21 18:21 281336 c:\windows\system32\FNTCACHE.DAT
+ 2006-05-24 15:58 . 2006-05-24 15:58 148900 c:\windows\system32\drivers\btwdndis.sys
- 2006-05-24 22:58 . 2006-05-24 22:58 148900 c:\windows\system32\drivers\btwdndis.sys
- 2006-05-24 23:05 . 2006-05-24 23:05 222876 c:\windows\system32\drivers\btslbcsp.sys
+ 2006-05-24 16:05 . 2006-05-24 16:05 222876 c:\windows\system32\drivers\btslbcsp.sys
+ 2006-05-24 23:04 . 2006-05-24 16:04 851434 c:\windows\system32\drivers\btkrnl.sys
- 2006-05-24 23:04 . 2006-05-24 23:04 851434 c:\windows\system32\drivers\btkrnl.sys
+ 2006-05-24 16:07 . 2006-05-24 16:07 328237 c:\windows\system32\drivers\btaudio.sys
- 2006-05-24 23:07 . 2006-05-24 23:07 328237 c:\windows\system32\drivers\btaudio.sys
- 2002-11-15 17:15 . 2002-11-15 17:15 148794 c:\windows\system32\drivers\bcbthub.sys
+ 2002-11-15 10:15 . 2002-11-15 10:15 148794 c:\windows\system32\drivers\bcbthub.sys
- 2006-05-24 23:12 . 2006-05-24 23:12 106496 c:\windows\system32\BTXPPanel.dll
+ 2006-05-24 16:12 . 2006-05-24 16:12 106496 c:\windows\system32\BTXPPanel.dll
- 2006-05-24 23:25 . 2006-05-24 23:25 946241 c:\windows\system32\BtWizard.dll
+ 2006-05-24 16:25 . 2006-05-24 16:25 946241 c:\windows\system32\BtWizard.dll
- 2006-05-24 23:26 . 2006-05-24 23:26 311343 c:\windows\system32\btwhidcs.dll
+ 2006-05-24 16:26 . 2006-05-24 16:26 311343 c:\windows\system32\btwhidcs.dll
- 2006-05-24 23:20 . 2006-05-24 23:20 172032 c:\windows\system32\btsendto_office.dll
+ 2006-05-24 16:20 . 2006-05-24 16:20 172032 c:\windows\system32\btsendto_office.dll
- 2006-05-24 23:14 . 2006-05-24 23:14 208896 c:\windows\system32\btsendto.dll
+ 2006-05-24 16:14 . 2006-05-24 16:14 208896 c:\windows\system32\btsendto.dll
- 2006-05-24 23:22 . 2006-05-24 23:22 200704 c:\windows\system32\btsec.dll
+ 2006-05-24 16:22 . 2006-05-24 16:22 200704 c:\windows\system32\btsec.dll
- 2006-05-24 23:17 . 2006-05-24 23:17 139264 c:\windows\system32\btosif_olx.dll
+ 2006-05-24 16:17 . 2006-05-24 16:17 139264 c:\windows\system32\btosif_olx.dll
+ 2006-05-24 16:17 . 2006-05-24 16:17 200704 c:\windows\system32\btosif_ol.dll
- 2006-05-24 23:17 . 2006-05-24 23:17 200704 c:\windows\system32\btosif_ol.dll
- 2006-05-24 23:17 . 2006-05-24 23:17 159744 c:\windows\system32\btosif_notes.dll
+ 2006-05-24 16:17 . 2006-05-24 16:17 159744 c:\windows\system32\btosif_notes.dll
+ 2006-05-24 16:13 . 2006-05-24 16:13 122880 c:\windows\system32\btosif.dll
- 2006-05-24 23:13 . 2006-05-24 23:13 122880 c:\windows\system32\btosif.dll
- 2006-05-24 23:06 . 2006-05-24 23:06 479232 c:\windows\system32\btins.dll
+ 2006-05-24 16:06 . 2006-05-24 16:06 479232 c:\windows\system32\btins.dll
- 2006-05-24 23:14 . 2006-05-24 23:14 610304 c:\windows\system32\BTChooser.dll
+ 2006-05-24 16:14 . 2006-05-24 16:14 610304 c:\windows\system32\BTChooser.dll
- 2006-05-24 23:16 . 2006-05-24 23:16 126976 c:\windows\system32\bthcrpui.dll
+ 2006-05-24 16:16 . 2006-05-24 16:16 126976 c:\windows\system32\bthcrpui.dll
- 2006-05-24 23:15 . 2006-05-24 23:15 114688 c:\windows\system32\bthcrp.dll
+ 2006-05-24 16:15 . 2006-05-24 16:15 114688 c:\windows\system32\bthcrp.dll
+ 2006-05-24 16:22 . 2006-05-24 16:22 413755 c:\windows\system32\btcss.dll
- 2006-05-24 23:22 . 2006-05-24 23:22 413755 c:\windows\system32\btcss.dll
+ 2006-05-24 15:59 . 2006-05-24 15:59 159744 c:\windows\system32\btbip.dll
- 2006-05-24 22:59 . 2006-05-24 22:59 159744 c:\windows\system32\btbip.dll
+ 2006-05-24 16:12 . 2006-05-24 16:12 135168 c:\windows\system32\btbigbmp.dll
- 2006-05-24 23:12 . 2006-05-24 23:12 135168 c:\windows\system32\btbigbmp.dll
- 2006-05-24 23:07 . 2006-05-24 23:07 135233 c:\windows\system32\bt2k_ins.dll
+ 2006-05-24 16:07 . 2006-05-24 16:07 135233 c:\windows\system32\bt2k_ins.dll
+ 2005-08-17 02:02 . 2005-08-17 02:02 466944 c:\windows\assembly\temp\IS09HPX5DL\System.Drawing.dll
+ 2005-08-17 02:02 . 2005-08-17 02:02 323584 c:\windows\assembly\temp\BNV3BJRZ7F\System.Runtime.Remoting.dll
+ 2005-08-17 02:02 . 2005-08-17 02:02 372736 c:\windows\assembly\temp\8JQZ7FNV3B\System.Management.dll
+ 2010-01-27 01:07 . 2010-11-06 12:22 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2001-11-14 11:56 . 2001-11-14 11:56 1802240 c:\windows\system32\lcppn21.dll
- 2001-11-14 18:56 . 2001-11-14 18:56 1802240 c:\windows\system32\lcppn21.dll
- 2006-05-24 23:05 . 2006-05-24 23:05 3129344 c:\windows\system32\btrez.dll
+ 2006-05-24 16:05 . 2006-05-24 16:05 3129344 c:\windows\system32\btrez.dll
- 2006-05-24 23:24 . 2006-05-24 23:24 1065037 c:\windows\system32\BTNeighborhood.dll
+ 2006-05-24 16:24 . 2006-05-24 16:24 1065037 c:\windows\system32\BTNeighborhood.dll
+ 2011-08-25 16:17 . 2011-08-25 16:17 5754880 c:\windows\Installer\9cc91.msi
+ 2011-09-18 20:50 . 2011-09-18 20:50 2507776 c:\windows\Installer\131643.msi
+ 2002-01-05 22:02 . 2002-01-05 22:02 3405472 c:\windows\Downloaded Program Files\MgAxCtrl.dll
+ 2005-08-17 02:02 . 2005-08-17 02:02 1224704 c:\windows\assembly\temp\BJRZ7FNV3B\System.dll
+ 2005-08-17 02:02 . 2005-08-17 02:02 1339392 c:\windows\assembly\temp\7IQY6EMT19\System.XML.dll
+ 2005-08-17 02:02 . 2005-08-17 02:02 2052096 c:\windows\assembly\temp\5GOW4CKS08\System.Windows.Forms.dll
+ 2005-08-17 02:02 . 2005-08-17 02:02 1257472 c:\windows\assembly\temp\2FPZ8HR09J\System.Web.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-30 10:28 136176 ----atw- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 09:17]
.
2011-11-20 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 09:17]
.
2011-11-20 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 09:17]
.
2011-11-20 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 09:17]
.
2011-11-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 09:17]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006Core.job
- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 10:28]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006UA.job
- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 10:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - Ext: RDown - Rapidshare Downloader: dave2x@download - %profile%\extensions\dave2x@download
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe
HKLM-Run-Intel Service Monitor - c:\windows\system32\igfxvtk2.exe
MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-21 22:59
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
c:\qoobox\Quarantine\C\WINDOWS\system32\igfxvtk2.exe.vir [3696] 0x86B495D0
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-11-21 23:01:58
ComboFix-quarantined-files.txt 2011-11-21 22:01
ComboFix2.txt 2010-03-22 19:43
ComboFix3.txt 2010-03-22 17:48
ComboFix4.txt 2010-03-21 14:16
ComboFix5.txt 2011-11-21 21:51
.
Pre-Run: 4 968 947 712 bytes free
Post-Run: 4 964 573 184 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5165A827931CF6B7EFA84AD38D2A8134

[motji]

Co počítač?

[emi]

vyzera byt sviznejsi a prestal robit blbosti

[motji]

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?



Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[emi]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Zuzana Kazmerova at 2011-11-23 21:51:10
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (9%) free of 81 GB
Total RAM: 1022 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:51:21, on 23. 11. 2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zuzana Kazmerova\Desktop\RSIT.exe
C:\Program Files\trend micro\Zuzana Kazmerova.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4032048046
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8312 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "dave2x@download:0.5.9, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npFoxitReaderPlugin.dll
npnul32.dll
NPOFFICE.DLL
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\extensions\
dave2x@download

C:\Documents and Settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\searchplugins\
icqplugin-12.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}]
McAfee AntiPhishing Filter

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} -
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-05-01 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 602182]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"pdfFactory Pro Dispatcher v2"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2004-11-19 442368]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe [2007-11-13 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2
"MSSQLServerADHelper"=3
"MSSQL$MICROSOFTSMLBIZ"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\igfxvtk2.exe"="C:\WINDOWS\system32\igfxvtk2.exe:*:Enabled:bLAN"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"vidc.tscc"=tsccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-11-23 21:51:10 ----D---- C:\rsit
2011-11-23 21:42:33 ----SHD---- C:\RECYCLER
2011-11-23 21:41:35 ----D---- C:\Program Files\CCleaner
2011-11-21 23:02:00 ----D---- C:\WINDOWS\temp
2011-11-21 22:53:01 ----A---- C:\Boot.bak
2011-11-21 22:52:56 ----RASHD---- C:\cmdcons
2011-11-21 19:15:01 ----ASH---- C:\hiberfil.sys
2011-11-21 00:47:24 ----D---- C:\Program Files\CONEXANT
2011-11-21 00:28:39 ----D---- C:\spoolerlogs
2011-11-20 23:59:02 ----D---- C:\Config.Msi
2011-10-30 11:50:29 ----D---- C:\Documents and Settings\Zuzana Kazmerova\Application Data\TuneUp Software
2011-10-30 11:50:07 ----D---- C:\Program Files\TuneUp Utilities 2011
2011-10-30 11:49:29 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2011-10-30 11:49:03 ----SHD---- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

======List of files/folders modified in the last 1 month======

2011-11-23 21:51:21 ----D---- C:\Program Files\trend micro
2011-11-23 21:49:23 ----D---- C:\Program Files\Mozilla Firefox
2011-11-23 21:48:55 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-23 21:48:34 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2011-11-23 21:47:55 ----D---- C:\WINDOWS
2011-11-23 21:46:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-23 21:42:53 ----D---- C:\Documents and Settings\Zuzana Kazmerova\Application Data\Winamp
2011-11-23 21:42:34 ----D---- C:\WINDOWS\Minidump
2011-11-23 21:42:34 ----D---- C:\WINDOWS\Debug
2011-11-23 21:41:35 ----D---- C:\Program Files
2011-11-23 21:38:48 ----D---- C:\WINDOWS\Prefetch
2011-11-23 21:36:20 ----SHD---- C:\System Volume Information
2011-11-23 21:35:05 ----D---- C:\WINDOWS\system32\drivers
2011-11-22 19:41:54 ----SHD---- C:\WINDOWS\CSC
2011-11-21 23:23:17 ----SD---- C:\WINDOWS\Tasks
2011-11-21 22:59:35 ----A---- C:\WINDOWS\system.ini
2011-11-21 22:59:25 ----D---- C:\WINDOWS\system32\drivers\etc
2011-11-21 22:58:57 ----SHD---- C:\WINDOWS\system32
2011-11-21 22:57:33 ----D---- C:\WINDOWS\AppPatch
2011-11-21 22:57:24 ----D---- C:\Program Files\Common Files
2011-11-21 22:53:01 ----RASH---- C:\boot.ini
2011-11-21 19:51:31 ----D---- C:\WINDOWS\pss
2011-11-21 19:19:31 ----RSD---- C:\WINDOWS\Fonts
2011-11-21 00:47:21 ----HD---- C:\WINDOWS\inf
2011-11-21 00:46:08 ----D---- C:\Program Files\Dell
2011-11-21 00:37:46 ----D---- C:\Documents and Settings\Zuzana Kazmerova\Application Data\uTorrent
2011-11-21 00:37:31 ----SHD---- C:\WINDOWS\Installer
2011-11-21 00:36:40 ----D---- C:\Program Files\Adobe
2011-11-21 00:35:36 ----D---- C:\Program Files\Common Files\Adobe
2011-11-21 00:32:06 ----D---- C:\Documents and Settings\All Users\Application Data\GTek
2011-11-21 00:28:10 ----HD---- C:\Program Files\InstallShield Installation Information
2011-11-21 00:18:08 ----RSD---- C:\WINDOWS\assembly
2011-11-21 00:18:05 ----D---- C:\WINDOWS\Registration
2011-11-21 00:17:56 ----D---- C:\WINDOWS\system32\URTTemp
2011-11-21 00:17:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-21 00:09:50 ----D---- C:\Program Files\Sonic
2011-11-21 00:09:06 ----D---- C:\Program Files\Common Files\Sonic Shared
2011-11-21 00:05:37 ----D---- C:\Program Files\Common Files\Real
2011-11-21 00:04:46 ----D---- C:\Program Files\CyberLink
2011-11-20 23:59:49 ----D---- C:\Program Files\Common Files\Ahead
2011-11-20 23:57:15 ----D---- C:\WINDOWS\WinSxS
2011-11-20 23:57:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-11-20 23:56:23 ----D---- C:\Program Files\Microsoft Works
2011-11-20 23:56:22 ----D---- C:\Program Files\Microsoft Office
2011-11-20 23:50:55 ----D---- C:\WINDOWS\occache
2011-11-20 23:46:18 ----D---- C:\Program Files\Graboid
2011-11-20 23:44:09 ----D---- C:\Program Files\Google
2011-11-20 23:36:18 ----D---- C:\Program Files\WildTangent
2011-11-20 17:15:28 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2011-11-20 17:15:28 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2011-11-20 17:15:24 ----A---- C:\WINDOWS\ModemLog_Bluetooth Null Modem.txt
2011-11-13 23:53:18 ----A---- C:\WINDOWS\win.ini
2011-10-30 11:51:05 ----D---- C:\WINDOWS\system32\config
2011-10-30 11:48:35 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-04 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-10 223616]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-31 21275]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-10 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-10 163584]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-10 12416]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-26 1429632]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys [2008-01-15 257024]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cglptnt;cglptnt; \??\C:\Program Files\totalcmd\cglptnt.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-10 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-10 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TridVid;TM6000 TV Service; C:\WINDOWS\system32\DRIVERS\TridVid.sys [2007-12-24 230528]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 dlcg_device;dlcg_device; C:\WINDOWS\system32\dlcgcoms.exe [2005-10-28 491520]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-04-24 1181328]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]

-----------------EOF-----------------

[emi]

mbam spustim zajtra, dnes som to nestihol
pocitac sa zatial tvari v poriadku

[motji]

OK

[emi]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 8226

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

27. 11. 2011 13:20:02
mbam-log-2011-11-27 (13-19-55).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 257990
Time elapsed: 42 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\LEO0WTUNO7 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

[motji]

V mbamu vše smažte.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[emi]

ComboFix 11-12-02.02 - Zuzana Kazmerova . 12. 2011 22:52:24.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.445 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-11-27 20:25 . 2011-11-27 20:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 20:53 . 2011-11-23 20:53 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\Malwarebytes
2011-11-23 20:53 . 2011-11-23 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-23 20:53 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 20:53 . 2011-12-02 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-23 20:51 . 2011-11-23 20:51 -------- d-----w- C:\rsit
2011-11-23 20:41 . 2011-11-23 20:41 -------- d-----w- c:\program files\CCleaner
2011-11-20 23:47 . 2011-11-20 23:47 -------- d-----w- c:\program files\CONEXANT
2011-11-20 23:28 . 2011-11-20 23:28 -------- d-----w- C:\spoolerlogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 21:00 . 2010-03-14 08:18 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-30 10:28 136176 ----atw- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23. 11. 2011 21:53 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23. 11. 2011 21:53 22216]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-02 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 09:17]
.
2011-12-02 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 09:17]
.
2011-12-02 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 09:17]
.
2011-12-02 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 09:17]
.
2011-12-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 09:17]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006Core.job
- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 10:28]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-774951086-2105948453-1577513566-1006UA.job
- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 10:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - Ext: RDown - Rapidshare Downloader: dave2x@download - %profile%\extensions\dave2x@download
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-02 22:58
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1764)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-02 23:01:39
ComboFix-quarantined-files.txt 2011-12-02 22:01
.
Pre-Run: 7 349 653 504 bytes free
Post-Run: 7 307 845 632 bytes free
.
- - End Of File - - 04FD84F1A120063820C3B170F61E7B25