poprosím o kontrolu logu

[plesoun111]

Dobrý den, nedávno jsem si donesl počítač z opravny a fungoval skvěle, ale jelikož nemám rád antiviry a hodně stahuju tak mám obavy jestly jsem nechytil virus, začíná se trošku sekat. Prosím o kontrolu. Mam jeste druhý pevný disk D ale ten mi to nechce zkontrolovat.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Vašek at 2012-08-05 22:04:07
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 60 GB (79%) free of 76 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:04:20, on 5.8.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\firefox.exe
C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\RSIT.exe
C:\Program Files\trend micro\Vašek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Daemon Lite\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAID Manager.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

--
End of file - 2822 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\rgenlk6t.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\plugins\
npnul32.dll

C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"Zástupce stránky vlastností sběrnice High Definition Audio"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"DAEMON Tools Lite"=C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Daemon Lite\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Bit torrent\BitTorrent.exe"="C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Bit torrent\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\Documents and Settings\Vašek\Plocha\hry\Sports Car Gt\Spcar.exe"="C:\Documents and Settings\Vašek\Plocha\hry\Sports Car Gt\Spcar.exe:*:Disabled:Sports Car GT"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-08-05 21:57:18 ----D---- C:\rsit
2012-08-05 21:57:18 ----D---- C:\Program Files\trend micro
2012-08-05 18:39:43 ----D---- C:\Program Files\AVAST Software
2012-08-05 18:39:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2012-08-04 22:16:27 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Help
2012-08-04 22:10:10 ----A---- C:\debugInstaller.txt
2012-08-04 00:15:40 ----D---- C:\Documents and Settings\Vašek\Data aplikací\WinRAR
2012-08-03 23:32:42 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2012-08-03 16:36:54 ----D---- C:\Documents and Settings\Vašek\Data aplikací\BitTorrent
2012-08-03 15:00:01 ----D---- C:\Documents and Settings\Vašek\Data aplikací\DAEMON Tools Lite
2012-08-03 15:00:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2012-08-03 14:24:45 ----D---- C:\WINDOWS\system32\appmgmt
2012-08-03 14:05:08 ----D---- C:\Program Files\Common Files\Adobe
2012-08-03 14:04:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-08-03 12:23:13 ----A---- C:\WINDOWS\nsreg.dat
2012-08-03 12:23:11 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Mozilla
2012-08-03 12:13:16 ----D---- C:\Documents and Settings\Vašek\Data aplikací\ATI
2012-08-03 12:13:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2012-08-03 12:11:30 ----D---- C:\WINDOWS\SxsCaPendDel
2012-08-03 10:01:26 ----RSD---- C:\WINDOWS\assembly
2012-08-03 10:00:48 ----D---- C:\WINDOWS\Microsoft.NET
2012-08-03 03:30:21 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Unity
2012-08-03 01:27:39 ----A---- C:\WINDOWS\winamp.ini
2012-08-02 20:11:47 ----A---- C:\WINDOWS\unvise32.exe
2012-08-02 19:48:58 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Macromedia
2012-08-02 19:48:58 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Adobe
2012-08-02 18:16:20 ----N---- C:\WINDOWS\remove.exe
2012-08-02 18:16:20 ----N---- C:\WINDOWS\install.exe
2012-08-02 18:16:20 ----A---- C:\WINDOWS\system32\drivers\iteraid.sys
2012-08-02 18:16:19 ----N---- C:\WINDOWS\system32\zntport.sys
2012-08-02 18:16:19 ----N---- C:\WINDOWS\system32\ntport.dll
2012-08-02 18:16:19 ----D---- C:\Program Files\ITE
2012-08-02 18:06:42 ----D---- C:\Documents and Settings\Vašek\Data aplikací\vlc
2012-08-02 18:05:39 ----SHD---- C:\RECYCLER
2012-08-02 17:50:11 ----D---- C:\WINDOWS\Drivers
2012-08-02 17:49:22 ----A---- C:\WINDOWS\system32\h323log.txt
2012-08-02 17:48:27 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2012-08-02 17:48:01 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2012-08-02 17:47:33 ----A---- C:\WINDOWS\system32\drivers\enum1394.sys
2012-08-02 17:47:14 ----A---- C:\WINDOWS\system32\drivers\intelide.sys
2012-08-02 17:47:07 ----A---- C:\WINDOWS\system32\usbui.dll
2012-08-02 17:46:00 ----SHD---- C:\WINDOWS\Installer
2012-08-02 17:46:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-02 17:45:59 ----D---- C:\Program Files\Common Files\ODBC
2012-08-02 17:45:59 ----A---- C:\WINDOWS\ODBCINST.INI
2012-08-02 17:45:55 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-08-02 17:45:54 ----RD---- C:\Program Files
2012-08-02 17:45:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-08-02 17:45:54 ----D---- C:\Program Files\Common Files
2012-08-02 17:45:50 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2012-08-02 17:45:50 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2012-08-02 17:45:50 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdur.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdru.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2012-08-02 17:45:44 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2012-08-02 17:45:44 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2012-08-02 17:45:44 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2012-08-02 17:45:44 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2012-08-02 17:45:44 ----RA---- C:\WINDOWS\system32\kbdest.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdycl.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdsl.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdro.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdpl.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdhu.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdcr.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2012-08-02 17:45:39 ----A---- C:\WINDOWS\system32\irclass.dll
2012-08-02 17:45:38 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-08-02 17:45:38 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2012-08-02 17:45:38 ----A---- C:\WINDOWS\system32\dgsetup.dll
2012-08-02 17:45:38 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2012-08-02 17:45:36 ----A---- C:\WINDOWS\TASKMAN.EXE
2012-08-02 17:45:35 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2012-08-02 17:45:35 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2012-08-02 17:45:35 ----A---- C:\WINDOWS\system32\batt.dll
2012-08-02 17:45:34 ----A---- C:\WINDOWS\NOTEPAD.EXE
2012-08-02 17:45:33 ----A---- C:\WINDOWS\system32\storprop.dll
2012-08-02 17:45:25 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2012-08-02 17:43:43 ----RA---- C:\WINDOWS\SET8.tmp
2012-08-02 17:43:40 ----RA---- C:\WINDOWS\SET4.tmp
2012-08-02 17:43:38 ----RA---- C:\WINDOWS\SET3.tmp
2012-08-02 17:43:33 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-02 17:43:33 ----D---- C:\WINDOWS\system32\CatRoot
2012-08-02 17:43:27 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-08-02 17:43:00 ----SHD---- C:\System Volume Information
2012-08-02 17:43:00 ----D---- C:\Documents and Settings
2012-08-02 17:42:59 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-08-02 17:42:09 ----SH---- C:\boot.ini
2012-08-02 17:36:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-02 17:36:03 ----RSD---- C:\WINDOWS\Fonts
2012-08-02 17:36:03 ----RD---- C:\WINDOWS\Web
2012-08-02 17:36:03 ----HD---- C:\WINDOWS\inf
2012-08-02 17:36:03 ----D---- C:\WINDOWS\WinSxS
2012-08-02 17:36:03 ----D---- C:\WINDOWS\twain_32
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Temp
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\wins
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\wbem
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\usmt
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\spool
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\ShellExt
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\Setup
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\ras
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\oobe
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\npp
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\mui
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\inetsrv
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\IME
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\icsxml
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\ias
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\export
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\drivers\etc
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\drivers\disdn
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\drivers
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\dhcp
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\config
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\3com_dmi
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\3076
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\2052
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1054
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1042
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1041
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1037
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1033
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1031
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1029
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1028
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1025
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system
2012-08-02 17:36:03 ----D---- C:\WINDOWS\security
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Resources
2012-08-02 17:36:03 ----D---- C:\WINDOWS\repair
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Provisioning
2012-08-02 17:36:03 ----D---- C:\WINDOWS\pchealth
2012-08-02 17:36:03 ----D---- C:\WINDOWS\PeerNet
2012-08-02 17:36:03 ----D---- C:\WINDOWS\mui
2012-08-02 17:36:03 ----D---- C:\WINDOWS\msapps
2012-08-02 17:36:03 ----D---- C:\WINDOWS\msagent
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Media
2012-08-02 17:36:03 ----D---- C:\WINDOWS\java
2012-08-02 17:36:03 ----D---- C:\WINDOWS\ime
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Help
2012-08-02 17:36:03 ----D---- C:\WINDOWS\ehome
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Driver Cache
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Debug
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Cursors
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Connection Wizard
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Config
2012-08-02 17:36:03 ----D---- C:\WINDOWS\AppPatch
2012-08-02 17:36:03 ----D---- C:\WINDOWS\addins
2012-08-02 17:36:03 ----D---- C:\WINDOWS
2012-08-02 17:36:03 ----ASH---- C:\pagefile.sys
2012-08-02 16:06:13 ----A---- C:\WINDOWS\system32\wpa.bak
2012-08-02 16:03:53 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2012-08-02 16:03:52 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2012-08-02 16:03:50 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2012-08-02 16:03:43 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2012-08-02 16:03:41 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2012-08-02 16:03:40 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2012-08-02 16:03:39 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2012-08-02 16:03:37 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2012-08-02 16:03:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-08-02 16:03:35 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012-08-02 16:03:34 ----A---- C:\WINDOWS\cmudax.ini
2012-08-02 16:03:33 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2012-08-02 16:03:31 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012-08-02 16:03:22 ----A---- C:\WINDOWS\system32\ksuser.dll
2012-08-02 16:03:22 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2012-08-02 16:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB835221WXP$
2012-08-02 16:02:18 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2012-08-02 16:01:41 ----A---- C:\WINDOWS\system32\udaprop.dll
2012-08-02 16:01:41 ----A---- C:\WINDOWS\system32\drivers\cmudax.sys
2012-08-02 16:01:41 ----A---- C:\WINDOWS\system32\cmudax.dll
2012-08-02 16:01:37 ----A---- C:\WINDOWS\system32\cmirmdrv.exe
2012-08-02 16:01:37 ----A---- C:\WINDOWS\system32\cmirmdrv.dll
2012-08-02 16:01:35 ----A---- C:\WINDOWS\system32\Audio3D.dll
2012-08-02 16:01:35 ----A---- C:\WINDOWS\system32\a3d.dll
2012-08-02 16:01:26 ----HD---- C:\Program Files\InstallShield Installation Information
2012-08-02 16:01:26 ----D---- C:\Program Files\ATI Technologies
2012-08-02 16:01:24 ----D---- C:\Program Files\Marvell
2012-08-02 16:01:08 ----D---- C:\Program Files\Common Files\InstallShield
2012-08-02 16:01:03 ----D---- C:\ATI
2012-08-02 16:00:26 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2012-08-02 15:59:37 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Identities
2012-08-02 15:59:35 ----HD---- C:\Program Files\Uninstall Information
2012-08-02 15:59:18 ----ASH---- C:\Documents and Settings\Vašek\Data aplikací\desktop.ini
2012-08-02 15:59:17 ----SD---- C:\Documents and Settings\Vašek\Data aplikací\Microsoft
2012-08-02 15:58:25 ----D---- C:\WINDOWS\SoftwareDistribution
2012-08-02 15:58:24 ----D---- C:\WINDOWS\Prefetch
2012-08-02 15:58:23 ----SD---- C:\WINDOWS\system32\Microsoft
2012-08-02 15:58:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-02 15:57:05 ----AS---- C:\WINDOWS\bootstat.dat
2012-08-02 15:55:10 ----D---- C:\WINDOWS\system32\xircom
2012-08-02 15:55:10 ----D---- C:\Program Files\xerox
2012-08-02 15:55:10 ----D---- C:\Program Files\microsoft frontpage
2012-08-02 15:54:46 ----RASH---- C:\MSDOS.SYS
2012-08-02 15:54:46 ----RASH---- C:\IO.SYS
2012-08-02 15:54:46 ----A---- C:\WINDOWS\control.ini
2012-08-02 15:54:46 ----A---- C:\CONFIG.SYS
2012-08-02 15:54:46 ----A---- C:\AUTOEXEC.BAT
2012-08-02 15:54:33 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-08-02 15:53:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-08-02 15:53:46 ----RD---- C:\WINDOWS\Offline Web Pages
2012-08-02 15:53:35 ----HD---- C:\Program Files\WindowsUpdate
2012-08-02 15:53:32 ----D---- C:\Program Files\Online Services
2012-08-02 15:53:16 ----D---- C:\WINDOWS\system32\DirectX
2012-08-02 15:52:53 ----A---- C:\WINDOWS\system32\atrace.dll
2012-08-02 15:52:49 ----A---- C:\WINDOWS\system32\desktop.ini
2012-08-02 15:52:49 ----A---- C:\WINDOWS\desktop.ini
2012-08-02 15:52:42 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2012-08-02 15:52:40 ----A---- C:\WINDOWS\system32\acctres.dll
2012-08-02 15:52:39 ----D---- C:\Program Files\Common Files\Services
2012-08-02 15:52:37 ----SD---- C:\WINDOWS\Tasks
2012-08-02 15:52:37 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2012-08-02 15:52:36 ----D---- C:\Program Files\Common Files\MSSoap
2012-08-02 15:52:30 ----D---- C:\WINDOWS\srchasst
2012-08-02 15:52:29 ----D---- C:\WINDOWS\system32\Macromed
2012-08-02 15:52:26 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wups.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wuauserv.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\qmgr.dll
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2012-08-02 15:52:18 ----D---- C:\Program Files\Movie Maker
2012-08-02 15:52:14 ----A---- C:\WINDOWS\system32\safrslv.dll
2012-08-02 15:52:14 ----A---- C:\WINDOWS\system32\safrdm.dll
2012-08-02 15:52:14 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2012-08-02 15:52:14 ----A---- C:\WINDOWS\system32\racpldlg.dll
2012-08-02 15:52:09 ----A---- C:\WINDOWS\system32\fltlib.dll
2012-08-02 15:52:08 ----D---- C:\WINDOWS\system32\Restore
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\srsvc.dll
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\srrstr.dll
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\srclient.dll
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\fltMc.exe
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2012-08-02 15:52:07 ----A---- C:\WINDOWS\system32\mnmdd.dll
2012-08-02 15:52:07 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2012-08-02 15:52:07 ----A---- C:\WINDOWS\system32\ils.dll
2012-08-02 15:52:07 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2012-08-02 15:52:06 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2012-08-02 15:52:06 ----A---- C:\WINDOWS\system32\msconf.dll
2012-08-02 15:52:06 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-08-02 15:52:03 ----D---- C:\Program Files\NetMeeting
2012-08-02 15:52:03 ----A---- C:\WINDOWS\system32\msoert2.dll
2012-08-02 15:52:03 ----A---- C:\WINDOWS\system32\msoeacct.dll
2012-08-02 15:52:01 ----A---- C:\WINDOWS\system32\inetres.dll
2012-08-02 15:52:01 ----A---- C:\WINDOWS\system32\inetcomm.dll
2012-08-02 15:51:58 ----D---- C:\Program Files\Outlook Express
2012-08-02 15:51:58 ----A---- C:\WINDOWS\system32\schedsvc.dll
2012-08-02 15:51:58 ----A---- C:\WINDOWS\system32\mstinit.exe
2012-08-02 15:51:58 ----A---- C:\WINDOWS\system32\mstask.dll
2012-08-02 15:51:57 ----A---- C:\WINDOWS\system32\isign32.dll
2012-08-02 15:51:57 ----A---- C:\WINDOWS\system32\inetcfg.dll
2012-08-02 15:51:57 ----A---- C:\WINDOWS\system32\icwphbk.dll
2012-08-02 15:51:57 ----A---- C:\WINDOWS\system32\icwdial.dll
2012-08-02 15:51:50 ----D---- C:\Program Files\Common Files\System
2012-08-02 15:51:49 ----D---- C:\Program Files\Internet Explorer
2012-08-02 15:51:26 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2012-08-02 15:51:18 ----D---- C:\Program Files\ComPlus Applications
2012-08-02 15:51:16 ----A---- C:\WINDOWS\vbaddin.ini
2012-08-02 15:51:16 ----A---- C:\WINDOWS\vb.ini
2012-08-02 15:51:12 ----D---- C:\WINDOWS\Registration
2012-08-02 15:51:06 ----D---- C:\Program Files\Windows Media Player
2012-08-02 15:51:00 ----D---- C:\Program Files\Messenger
2012-08-02 15:50:56 ----D---- C:\Program Files\MSN Gaming Zone
2012-08-02 15:50:56 ----A---- C:\WINDOWS\system32\write.exe
2012-08-02 15:50:47 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-08-02 15:50:47 ----A---- C:\WINDOWS\system32\hticons.dll
2012-08-02 15:50:46 ----A---- C:\WINDOWS\system32\winchat.exe
2012-08-02 15:50:46 ----A---- C:\WINDOWS\system32\avwav.dll
2012-08-02 15:50:46 ----A---- C:\WINDOWS\system32\avtapi.dll
2012-08-02 15:50:46 ----A---- C:\WINDOWS\system32\avmeter.dll
2012-08-02 15:50:39 ----A---- C:\WINDOWS\system32\charmap.exe
2012-08-02 15:50:39 ----A---- C:\WINDOWS\system32\getuname.dll
2012-08-02 15:50:38 ----A---- C:\WINDOWS\system32\winmine.exe
2012-08-02 15:50:38 ----A---- C:\WINDOWS\system32\sol.exe
2012-08-02 15:50:38 ----A---- C:\WINDOWS\system32\calc.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\tslabels.ini
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\tskill.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\tscon.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\reset.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\freecell.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\shadow.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\rwinsta.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\regini.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\qwinsta.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\qappsrv.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\msg.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\logoff.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\cdmodem.dll
2012-08-02 15:50:35 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2012-08-02 15:50:35 ----A---- C:\WINDOWS\system32\mtxex.dll
2012-08-02 15:50:35 ----A---- C:\WINDOWS\system32\mtxdm.dll
2012-08-02 15:50:35 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2012-08-02 15:50:34 ----A---- C:\WINDOWS\system32\stclient.dll
2012-08-02 15:50:34 ----A---- C:\WINDOWS\system32\comsnap.dll
2012-08-02 15:50:34 ----A---- C:\WINDOWS\system32\comrepl.dll
2012-08-02 15:50:34 ----A---- C:\WINDOWS\system32\comaddin.dll
2012-08-02 15:50:29 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2012-08-02 15:50:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-08-02 15:50:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-08-02 15:50:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2012-08-02 15:50:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2012-08-02 15:50:26 ----D---- C:\Program Files\Windows NT
2012-08-02 15:50:26 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-08-02 15:50:26 ----A---- C:\WINDOWS\system32\clipbrd.exe
2012-08-02 15:50:25 ----A---- C:\WINDOWS\system32\spider.exe
2012-08-02 15:50:25 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2012-08-02 15:50:25 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2012-08-02 15:50:25 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-08-02 15:50:24 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2012-08-02 15:50:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2012-08-02 15:50:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2012-08-02 15:50:24 ----A---- C:\WINDOWS\system32\mstscax.dll
2012-08-02 15:50:24 ----A---- C:\WINDOWS\system32\mstsc.exe
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\termsrv.dll
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\sessmgr.exe
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\rdshost.exe
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\rdpclip.exe
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\rdchost.dll
2012-08-02 15:50:22 ----D---- C:\WINDOWS\system32\MsDtc
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\qprocess.exe
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\mtxoci.dll
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\icaapi.dll
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2012-08-02 15:50:21 ----A---- C:\WINDOWS\system32\xolehlp.dll
2012-08-02 15:50:21 ----A---- C:\WINDOWS\system32\msdtctm.dll
2012-08-02 15:50:21 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2012-08-02 15:50:21 ----A---- C:\WINDOWS\system32\msdtclog.dll
2012-08-02 15:50:21 ----A---- C:\WINDOWS\system32\msdtc.exe
2012-08-02 15:50:20 ----D---- C:\WINDOWS\system32\Com
2012-08-02 15:50:20 ----A---- C:\WINDOWS\system32\colbact.dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\clbcatex.dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\catsrvut.dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\catsrvps.dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\catsrv.dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\comuid.dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\comsvcs.dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\clbcatq.dll
2012-08-02 15:50:10 ----A---- C:\WINDOWS\system32\servdeps.dll
2012-08-02 15:50:10 ----A---- C:\WINDOWS\system32\mmfutil.dll
2012-08-02 15:50:10 ----A---- C:\WINDOWS\system32\licwmi.dll
2012-08-02 15:50:10 ----A---- C:\WINDOWS\system32\cmprops.dll
2012-08-02 15:50:08 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2012-08-02 15:50:07 ----A---- C:\WINDOWS\system32\drivers\termdd.sys

======List of files/folders modified in the last 1 month======

2012-08-02 17:45:53 ----A---- C:\WINDOWS\system.ini
2012-08-02 15:54:46 ----A---- C:\WINDOWS\win.ini
2012-08-02 15:54:22 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iteraid;ITERAID_Service_Install; C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-06-01 24971]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-18 61056]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-08-03 242240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-07-28 1258432]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S3 HdAudAddService;Ovladač funkcí Microsoft UAA pro služby sběrnice High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------

[Roli]

Zdravím, to že jsi bez antiviru ani komentovat nebudu, ale doinstaluj Service Pack 3


Tohle fixni v HJT :

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\Vašek.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[plesoun111]

Ok provedu, ale mam problem mam v pocitaci naistalovany 2pevne disky a na tom druhem pokud to chapu spravne nesel udelat log z RSIT... Ten druhy disk je velmi stary a tak asi i pravdebodobne zavirovany. A s tim service pack je to myšleno tak že ho mám celý kompletně nainstalovat, že?

[plesoun111]

Tady je ten log

ComboFix 12-08-05.02 - Vašek 06.08.2012 17:53:09.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1569 [GMT 2:00]
Spuštěný z: c:\documents and settings\VaÜek\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\ctfmon(2).exe
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-06 do 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 13:45 . 2012-08-06 15:00 -------- d-----w- C:\RECYCLER(3)
2012-08-06 12:40 . 2012-08-06 15:06 -------- d-----w- C:\RECYCLER(2)
2012-08-05 19:57 . 2012-08-05 20:00 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2012-06-02 13:19 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2012-06-02 13:19 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\documents and settings\Vašek\Plocha\Plocha\Programy\Daemon Lite\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"Cmaudio"="cmicnfg.cpl" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
RAID Manager.lnk - c:\program files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2012-8-2 724992]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Documents and Settings\\Vašek\\Plocha\\Plocha\\Programy\\Bit torrent\\BitTorrent.exe"=
.
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2.8.2012 18:16 24971]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3.8.2012 23:32 242240]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2.8.2012 16:01 1258432]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.3.1
FF - ProfilePath - c:\documents and settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\rgenlk6t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\documents and settings\Vašek\Plocha\Plocha\Programy\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-06 17:56
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-08-06 17:57:34
ComboFix-quarantined-files.txt 2012-08-06 15:57
ComboFix2.txt 2012-08-06 12:24
.
Před spuštěním: Volných bajtů: 56 361 807 872
Po spuštění: Volných bajtů: 56 347 893 760
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 563B97E39521FACE7830C8516B8A4220

[Roli]

Oba disky pokud jsou připojeny k PC ComboFix zkontroluje.

Ano Service Pack 3 normálně celý nainstaluj.


Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Nakonec použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

[plesoun111]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.08.07.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Vašek :: DOMA [administrátor]

Ochrana: Povolena

7.8.2012 11:07:14
mbam-log-2012-08-07 (11-07-14).txt

Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 216254
Uplynulý čas: 25 minut, 33 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Roli]

Bezva, všude čisto, jaký je tedy stav PC ?

[plesoun111]

Stav PC je výborný, děkuji mnohokrát za pomoc.

[Roli]

Není zač.

[plesoun111]

Jo mam ještě dotaz , když stáhnu zavirovaný soubor a je ve formátu winrar a já ten soubor neextrahuji, pc se nenakazí že? a nebo pokud ho i extrahuji, ale žádnou složku neotevřu tak je to taky ok? Ja tyhle soubory samozřejmě nestahuju ale mám známého co využíva hacky u her a tam se to stává

[Roli]

No pokud to nerozbalíš nic se neděje, ale jakmile rozbalíš .........?

[plesoun111]

A já blbec to rozbalil , no šlo by udělat ještě jeden scan ?

Logfile of random's system information tool 1.09 (written by random/random)
Run by Vašek at 2012-08-19 11:32:31
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 60 GB (79%) free of 76 GB
Total RAM: 2047 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:32:37, on 19.8.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\firefox.exe
C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\plugin-container.exe
C:\Documents and Settings\Vašek\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Vašek.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\adobe reader\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Daemon Lite\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10ze_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAID Manager.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

--
End of file - 3165 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\xmdec4wu.default

prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\adobe reader\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"Zástupce stránky vlastností sběrnice High Definition Audio"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Daemon Lite\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10ze_Plugin.exe [2012-08-03 245408]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Bit torrent\BitTorrent.exe"="C:\Documents and Settings\Vašek\Plocha\Plocha\Programy\Bit torrent\BitTorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-08-19 11:32:31 ----D---- C:\rsit
2012-08-19 11:32:31 ----D---- C:\Program Files\trend micro
2012-08-09 10:48:33 ----A---- C:\WINDOWS\winampa.ini
2012-08-08 11:33:42 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Mozilla
2012-08-07 17:52:17 ----D---- C:\WINDOWS\Cache
2012-08-07 15:10:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2012-08-07 11:02:37 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Malwarebytes
2012-08-07 11:01:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2012-08-06 18:19:50 ----D---- C:\Program Files\CCleaner
2012-08-06 18:11:35 ----SHD---- C:\RECYCLER
2012-08-06 17:57:36 ----D---- C:\WINDOWS\temp
2012-08-06 17:52:16 ----RASHD---- C:\cmdcons
2012-08-06 12:10:20 ----D---- C:\WINDOWS\Prefetch
2012-08-06 01:55:59 ----DC---- C:\WINDOWS\$NtUninstallKB898461$
2012-08-06 01:55:59 ----D---- C:\WINDOWS\$hf_mig$
2012-08-05 23:33:31 ----A---- C:\WINDOWS\system32\drivers\usbehci.sys
2012-08-05 23:33:31 ----A---- C:\WINDOWS\system32\drivers\tunmp.sys
2012-08-05 23:33:31 ----A---- C:\WINDOWS\system32\drivers\sffp_sd.sys
2012-08-05 23:33:31 ----A---- C:\WINDOWS\system32\drivers\sffdisk.sys
2012-08-05 23:33:31 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2012-08-05 23:33:31 ----A---- C:\WINDOWS\system32\drivers\mssmbios.sys
2012-08-05 23:33:31 ----A---- C:\WINDOWS\system32\drivers\intelppm.sys
2012-08-05 23:33:31 ----A---- C:\WINDOWS\system32\drivers\http.sys
2012-08-05 23:33:31 ----A---- C:\WINDOWS\system32\drivers\Hdaudbus.sys
2012-08-05 23:33:31 ----A---- C:\WINDOWS\system32\drivers\amdk7.sys
2012-08-05 23:33:28 ----A---- C:\WINDOWS\system32\drivers\ip6fw.sys
2012-08-05 23:33:27 ----A---- C:\WINDOWS\system32\qmgr.dll
2012-08-05 23:33:27 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\rasapi32.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\printui.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\perfctrs.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\olecnv32.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\oleaut32.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\nwprovau.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\ntvdm.exe
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\ntprint.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\ntdll.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\nslookup.exe
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\msv1_0.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\msgsvc.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\lsasrv.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\locator.exe
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\localspl.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\kernel32.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\imagehlp.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\ftp.exe
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\format.com
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\csrsrv.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\comdlg32.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\comctl32.dll
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\cmd.exe
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\cacls.exe
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\autochk.exe
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\autoconv.exe
2012-08-05 23:33:01 ----A---- C:\WINDOWS\system32\advapi32.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\wkssvc.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\win32spl.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\win32k.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\userinit.exe
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\untfs.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\ulib.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\syssetup.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\srvsvc.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\smss.exe
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\schannel.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\setupapi.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\sessmgr.exe
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\services.exe
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\scardsvr.exe
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\savedump.exe
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\samsrv.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\samlib.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\rshx32.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\rastapi.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\rasman.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\rasdlg.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\rasauto.dll
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\hidclass.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\flpydisk.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\fips.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\fdc.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\fastfat.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\dxg.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\dmio.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\dmboot.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\diskdump.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\disk.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\crusoe.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\classpnp.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\cdrom.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\cdfs.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\bridge.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\atmlane.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\atmarpc.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\atapi.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\asyncmac.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\arp1394.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\amdk6.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\acpi.sys
2012-08-05 23:33:00 ----A---- C:\WINDOWS\system32\drivers\1394bus.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\pcmcia.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\pciidex.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\partmgr.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\parport.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\p3.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ohci1394.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\nwlnkipx.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\npfs.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\nmnt.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\nic1394.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\netbt.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\netbios.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ndproxy.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ndisuio.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ndistapi.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\mup.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\msgpc.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\msfs.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\mrxdav.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\mountmgr.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\mouclass.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\modem.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\mf.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ksecdd.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ks.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\kbdclass.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\isapnp.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ipsec.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ipnat.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\ipinip.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\intelide.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\imapi.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\i8042prt.sys
2012-08-05 23:32:59 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\hal.dll
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\wanarp.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\volsnap.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\videoprt.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\vga.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\usbuhci.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\usbport.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\usbintel.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\usbhub.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\usbcamd2.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\usbcamd.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\usb8023.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\update.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\udfs.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\tdi.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\tcpip6.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\tape.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\swenum.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\stream.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\srv.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\sonydcam.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\sfloppy.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\serial.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\serenum.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\secdrv.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\scsiport.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\rndismp.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\RMCast.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\raspptp.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\raspppoe.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\rasl2tp.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\psched.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\processr.sys
2012-08-05 23:32:58 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2012-08-04 22:16:27 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Help
2012-08-04 22:10:10 ----A---- C:\debugInstaller.txt
2012-08-04 00:15:40 ----D---- C:\Documents and Settings\Vašek\Data aplikací\WinRAR
2012-08-03 23:32:42 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2012-08-03 16:36:54 ----D---- C:\Documents and Settings\Vašek\Data aplikací\BitTorrent
2012-08-03 15:00:01 ----D---- C:\Documents and Settings\Vašek\Data aplikací\DAEMON Tools Lite
2012-08-03 15:00:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2012-08-03 14:24:45 ----D---- C:\WINDOWS\system32\appmgmt
2012-08-03 14:05:08 ----D---- C:\Program Files\Common Files\Adobe
2012-08-03 14:04:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-08-03 12:23:13 ----A---- C:\WINDOWS\nsreg.dat
2012-08-03 12:13:16 ----D---- C:\Documents and Settings\Vašek\Data aplikací\ATI
2012-08-03 12:13:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2012-08-03 12:11:30 ----D---- C:\WINDOWS\SxsCaPendDel
2012-08-03 10:01:26 ----RSD---- C:\WINDOWS\assembly
2012-08-03 10:00:48 ----D---- C:\WINDOWS\Microsoft.NET
2012-08-03 03:30:21 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Unity
2012-08-03 01:27:39 ----A---- C:\WINDOWS\winamp.ini
2012-08-02 20:11:47 ----A---- C:\WINDOWS\unvise32.exe
2012-08-02 19:48:58 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Macromedia
2012-08-02 19:48:58 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Adobe
2012-08-02 18:16:20 ----N---- C:\WINDOWS\remove.exe
2012-08-02 18:16:20 ----N---- C:\WINDOWS\install.exe
2012-08-02 18:16:20 ----A---- C:\WINDOWS\system32\drivers\iteraid.sys
2012-08-02 18:16:19 ----N---- C:\WINDOWS\system32\zntport.sys
2012-08-02 18:16:19 ----N---- C:\WINDOWS\system32\ntport.dll
2012-08-02 18:16:19 ----D---- C:\Program Files\ITE
2012-08-02 18:06:42 ----D---- C:\Documents and Settings\Vašek\Data aplikací\vlc
2012-08-02 17:50:11 ----D---- C:\WINDOWS\Drivers
2012-08-02 17:49:22 ----A---- C:\WINDOWS\system32\h323log.txt
2012-08-02 17:48:27 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2012-08-02 17:47:33 ----A---- C:\WINDOWS\system32\drivers\enum1394.sys
2012-08-02 17:47:07 ----A---- C:\WINDOWS\system32\usbui.dll
2012-08-02 17:46:00 ----SHD---- C:\WINDOWS\Installer
2012-08-02 17:46:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-02 17:45:59 ----D---- C:\Program Files\Common Files\ODBC
2012-08-02 17:45:59 ----A---- C:\WINDOWS\ODBCINST.INI
2012-08-02 17:45:55 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-08-02 17:45:54 ----RD---- C:\Program Files
2012-08-02 17:45:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-08-02 17:45:54 ----D---- C:\Program Files\Common Files
2012-08-02 17:45:50 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2012-08-02 17:45:50 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2012-08-02 17:45:50 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdur.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdru.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2012-08-02 17:45:48 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2012-08-02 17:45:46 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2012-08-02 17:45:44 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2012-08-02 17:45:44 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2012-08-02 17:45:44 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2012-08-02 17:45:44 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2012-08-02 17:45:44 ----RA---- C:\WINDOWS\system32\kbdest.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdycl.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdsl.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdro.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdpl.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdhu.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\kbdcr.dll
2012-08-02 17:45:40 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2012-08-02 17:45:39 ----A---- C:\WINDOWS\system32\irclass.dll
2012-08-02 17:45:38 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-08-02 17:45:38 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2012-08-02 17:45:38 ----A---- C:\WINDOWS\system32\dgsetup.dll
2012-08-02 17:45:38 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2012-08-02 17:45:36 ----A---- C:\WINDOWS\TASKMAN.EXE
2012-08-02 17:45:35 ----A---- C:\WINDOWS\system32\batt.dll
2012-08-02 17:45:34 ----A---- C:\WINDOWS\NOTEPAD.EXE
2012-08-02 17:45:33 ----A---- C:\WINDOWS\system32\storprop.dll
2012-08-02 17:45:25 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2012-08-02 17:43:33 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-02 17:43:33 ----D---- C:\WINDOWS\system32\CatRoot
2012-08-02 17:43:27 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-08-02 17:43:00 ----SHD---- C:\System Volume Information
2012-08-02 17:43:00 ----D---- C:\Documents and Settings
2012-08-02 17:42:59 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-08-02 17:42:09 ----RASH---- C:\boot.ini
2012-08-02 17:36:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-02 17:36:03 ----RSD---- C:\WINDOWS\Fonts
2012-08-02 17:36:03 ----RD---- C:\WINDOWS\Web
2012-08-02 17:36:03 ----HD---- C:\WINDOWS\inf
2012-08-02 17:36:03 ----D---- C:\WINDOWS\WinSxS
2012-08-02 17:36:03 ----D---- C:\WINDOWS\twain_32
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\wins
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\wbem
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\usmt
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\spool
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\ShellExt
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\Setup
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\ras
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\oobe
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\npp
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\mui
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\inetsrv
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\IME
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\icsxml
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\ias
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\export
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\drivers\etc
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\drivers\disdn
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\drivers
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\dhcp
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\config
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\3com_dmi
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\3076
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\2052
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1054
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1042
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1041
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1037
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1033
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1031
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1029
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1028
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32\1025
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system32
2012-08-02 17:36:03 ----D---- C:\WINDOWS\system
2012-08-02 17:36:03 ----D---- C:\WINDOWS\security
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Resources
2012-08-02 17:36:03 ----D---- C:\WINDOWS\repair
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Provisioning
2012-08-02 17:36:03 ----D---- C:\WINDOWS\pchealth
2012-08-02 17:36:03 ----D---- C:\WINDOWS\PeerNet
2012-08-02 17:36:03 ----D---- C:\WINDOWS\mui
2012-08-02 17:36:03 ----D---- C:\WINDOWS\msapps
2012-08-02 17:36:03 ----D---- C:\WINDOWS\msagent
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Media
2012-08-02 17:36:03 ----D---- C:\WINDOWS\java
2012-08-02 17:36:03 ----D---- C:\WINDOWS\ime
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Help
2012-08-02 17:36:03 ----D---- C:\WINDOWS\ehome
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Driver Cache
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Debug
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Cursors
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Connection Wizard
2012-08-02 17:36:03 ----D---- C:\WINDOWS\Config
2012-08-02 17:36:03 ----D---- C:\WINDOWS\AppPatch
2012-08-02 17:36:03 ----D---- C:\WINDOWS\addins
2012-08-02 17:36:03 ----D---- C:\WINDOWS
2012-08-02 17:36:03 ----ASH---- C:\pagefile.sys
2012-08-02 16:06:13 ----A---- C:\WINDOWS\system32\wpa.bak
2012-08-02 16:03:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-08-02 16:03:34 ----A---- C:\WINDOWS\cmudax.ini
2012-08-02 16:03:22 ----A---- C:\WINDOWS\system32\ksuser.dll
2012-08-02 16:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB835221WXP$
2012-08-02 16:02:18 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2012-08-02 16:01:41 ----A---- C:\WINDOWS\system32\udaprop.dll
2012-08-02 16:01:41 ----A---- C:\WINDOWS\system32\drivers\cmudax.sys
2012-08-02 16:01:41 ----A---- C:\WINDOWS\system32\cmudax.dll
2012-08-02 16:01:37 ----A---- C:\WINDOWS\system32\cmirmdrv.exe
2012-08-02 16:01:37 ----A---- C:\WINDOWS\system32\cmirmdrv.dll
2012-08-02 16:01:35 ----A---- C:\WINDOWS\system32\Audio3D.dll
2012-08-02 16:01:35 ----A---- C:\WINDOWS\system32\a3d.dll
2012-08-02 16:01:26 ----HD---- C:\Program Files\InstallShield Installation Information
2012-08-02 16:01:26 ----D---- C:\Program Files\ATI Technologies
2012-08-02 16:01:24 ----D---- C:\Program Files\Marvell
2012-08-02 16:01:08 ----D---- C:\Program Files\Common Files\InstallShield
2012-08-02 16:01:03 ----D---- C:\ATI
2012-08-02 15:59:37 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Identities
2012-08-02 15:59:35 ----HD---- C:\Program Files\Uninstall Information
2012-08-02 15:59:18 ----ASH---- C:\Documents and Settings\Vašek\Data aplikací\desktop.ini
2012-08-02 15:59:17 ----SD---- C:\Documents and Settings\Vašek\Data aplikací\Microsoft
2012-08-02 15:58:25 ----D---- C:\WINDOWS\SoftwareDistribution
2012-08-02 15:58:23 ----SD---- C:\WINDOWS\system32\Microsoft
2012-08-02 15:58:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-02 15:57:05 ----AS---- C:\WINDOWS\bootstat.dat
2012-08-02 15:55:10 ----D---- C:\WINDOWS\system32\xircom
2012-08-02 15:55:10 ----D---- C:\Program Files\xerox
2012-08-02 15:55:10 ----D---- C:\Program Files\microsoft frontpage
2012-08-02 15:54:46 ----RASH---- C:\MSDOS.SYS
2012-08-02 15:54:46 ----RASH---- C:\IO.SYS
2012-08-02 15:54:46 ----A---- C:\WINDOWS\control.ini
2012-08-02 15:54:46 ----A---- C:\CONFIG.SYS
2012-08-02 15:54:33 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-08-02 15:53:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-08-02 15:53:46 ----RD---- C:\WINDOWS\Offline Web Pages
2012-08-02 15:53:35 ----HD---- C:\Program Files\WindowsUpdate
2012-08-02 15:53:32 ----D---- C:\Program Files\Online Services
2012-08-02 15:53:16 ----D---- C:\WINDOWS\system32\DirectX
2012-08-02 15:52:53 ----A---- C:\WINDOWS\system32\atrace.dll
2012-08-02 15:52:49 ----A---- C:\WINDOWS\system32\desktop.ini
2012-08-02 15:52:49 ----A---- C:\WINDOWS\desktop.ini
2012-08-02 15:52:42 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2012-08-02 15:52:40 ----A---- C:\WINDOWS\system32\acctres.dll
2012-08-02 15:52:39 ----D---- C:\Program Files\Common Files\Services
2012-08-02 15:52:37 ----SD---- C:\WINDOWS\Tasks
2012-08-02 15:52:37 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2012-08-02 15:52:36 ----D---- C:\Program Files\Common Files\MSSoap
2012-08-02 15:52:30 ----D---- C:\WINDOWS\srchasst
2012-08-02 15:52:29 ----D---- C:\WINDOWS\system32\Macromed
2012-08-02 15:52:26 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wups.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wups(2)(2)(2).dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wucltui(2).dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wuauserv.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wuauserv(4)(2).dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wuauserv(3).dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wuauserv(2).dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-08-02 15:52:25 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\wuauclt(2).exe
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\wuapi(3)(3).dll
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\wuapi(2).dll
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2012-08-02 15:52:24 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2012-08-02 15:52:18 ----D---- C:\Program Files\Movie Maker
2012-08-02 15:52:14 ----A---- C:\WINDOWS\system32\safrslv.dll
2012-08-02 15:52:14 ----A---- C:\WINDOWS\system32\safrdm.dll
2012-08-02 15:52:14 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2012-08-02 15:52:14 ----A---- C:\WINDOWS\system32\racpldlg.dll
2012-08-02 15:52:09 ----A---- C:\WINDOWS\system32\fltlib.dll
2012-08-02 15:52:08 ----D---- C:\WINDOWS\system32\Restore
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\srsvc.dll
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\srsvc(4)(2).dll
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\srsvc(3).dll
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\srsvc(2).dll
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\srrstr.dll
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\srrstr(2)(3).dll
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\srclient.dll
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\srclient(2)(3).dll
2012-08-02 15:52:08 ----A---- C:\WINDOWS\system32\fltMc.exe
2012-08-02 15:52:07 ----A---- C:\WINDOWS\system32\mnmdd.dll
2012-08-02 15:52:07 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2012-08-02 15:52:07 ----A---- C:\WINDOWS\system32\ils.dll
2012-08-02 15:52:06 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2012-08-02 15:52:06 ----A---- C:\WINDOWS\system32\msconf.dll
2012-08-02 15:52:06 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-08-02 15:52:03 ----D---- C:\Program Files\NetMeeting
2012-08-02 15:52:03 ----A---- C:\WINDOWS\system32\msoert2.dll
2012-08-02 15:52:03 ----A---- C:\WINDOWS\system32\msoeacct.dll
2012-08-02 15:52:01 ----A---- C:\WINDOWS\system32\inetres.dll
2012-08-02 15:52:01 ----A---- C:\WINDOWS\system32\inetcomm.dll
2012-08-02 15:51:58 ----D---- C:\Program Files\Outlook Express
2012-08-02 15:51:58 ----A---- C:\WINDOWS\system32\schedsvc.dll
2012-08-02 15:51:58 ----A---- C:\WINDOWS\system32\schedsvc(4)(2).dll
2012-08-02 15:51:58 ----A---- C:\WINDOWS\system32\schedsvc(3).dll
2012-08-02 15:51:58 ----A---- C:\WINDOWS\system32\schedsvc(2).dll
2012-08-02 15:51:58 ----A---- C:\WINDOWS\system32\mstinit.exe
2012-08-02 15:51:58 ----A---- C:\WINDOWS\system32\mstask.dll
2012-08-02 15:51:58 ----A---- C:\WINDOWS\system32\mstask(2).dll
2012-08-02 15:51:57 ----A---- C:\WINDOWS\system32\isign32.dll
2012-08-02 15:51:57 ----A---- C:\WINDOWS\system32\inetcfg.dll
2012-08-02 15:51:57 ----A---- C:\WINDOWS\system32\icwphbk.dll
2012-08-02 15:51:57 ----A---- C:\WINDOWS\system32\icwdial.dll
2012-08-02 15:51:50 ----D---- C:\Program Files\Common Files\System
2012-08-02 15:51:49 ----D---- C:\Program Files\Internet Explorer
2012-08-02 15:51:26 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2012-08-02 15:51:18 ----D---- C:\Program Files\ComPlus Applications
2012-08-02 15:51:16 ----A---- C:\WINDOWS\vbaddin.ini
2012-08-02 15:51:16 ----A---- C:\WINDOWS\vb.ini
2012-08-02 15:51:12 ----D---- C:\WINDOWS\Registration
2012-08-02 15:51:06 ----D---- C:\Program Files\Windows Media Player
2012-08-02 15:51:00 ----D---- C:\Program Files\Messenger
2012-08-02 15:50:56 ----D---- C:\Program Files\MSN Gaming Zone
2012-08-02 15:50:56 ----A---- C:\WINDOWS\system32\write.exe
2012-08-02 15:50:47 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-08-02 15:50:47 ----A---- C:\WINDOWS\system32\hticons.dll
2012-08-02 15:50:46 ----A---- C:\WINDOWS\system32\winchat.exe
2012-08-02 15:50:46 ----A---- C:\WINDOWS\system32\avwav.dll
2012-08-02 15:50:46 ----A---- C:\WINDOWS\system32\avtapi.dll
2012-08-02 15:50:46 ----A---- C:\WINDOWS\system32\avmeter.dll
2012-08-02 15:50:39 ----A---- C:\WINDOWS\system32\charmap.exe
2012-08-02 15:50:39 ----A---- C:\WINDOWS\system32\getuname.dll
2012-08-02 15:50:38 ----A---- C:\WINDOWS\system32\winmine.exe
2012-08-02 15:50:38 ----A---- C:\WINDOWS\system32\sol.exe
2012-08-02 15:50:38 ----A---- C:\WINDOWS\system32\calc.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\tslabels.ini
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\tskill.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\tscon.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\reset.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-08-02 15:50:37 ----A---- C:\WINDOWS\system32\freecell.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\shadow.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\rwinsta.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\regini.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\qwinsta.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\qappsrv.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\msg.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\logoff.exe
2012-08-02 15:50:36 ----A---- C:\WINDOWS\system32\cdmodem.dll
2012-08-02 15:50:35 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2012-08-02 15:50:35 ----A---- C:\WINDOWS\system32\mtxex.dll
2012-08-02 15:50:35 ----A---- C:\WINDOWS\system32\mtxdm.dll
2012-08-02 15:50:35 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2012-08-02 15:50:34 ----A---- C:\WINDOWS\system32\stclient.dll
2012-08-02 15:50:34 ----A---- C:\WINDOWS\system32\comsnap.dll
2012-08-02 15:50:34 ----A---- C:\WINDOWS\system32\comrepl.dll
2012-08-02 15:50:34 ----A---- C:\WINDOWS\system32\comaddin.dll
2012-08-02 15:50:29 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2012-08-02 15:50:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-08-02 15:50:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-08-02 15:50:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2012-08-02 15:50:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2012-08-02 15:50:26 ----D---- C:\Program Files\Windows NT
2012-08-02 15:50:26 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-08-02 15:50:26 ----A---- C:\WINDOWS\system32\clipbrd.exe
2012-08-02 15:50:25 ----A---- C:\WINDOWS\system32\spider.exe
2012-08-02 15:50:24 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2012-08-02 15:50:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2012-08-02 15:50:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2012-08-02 15:50:24 ----A---- C:\WINDOWS\system32\mstscax.dll
2012-08-02 15:50:24 ----A---- C:\WINDOWS\system32\mstsc.exe
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\termsrv.dll
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\termsrv(4)(2).dll
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\termsrv(3).dll
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\termsrv(2).dll
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\rdshost.exe
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\rdpclip.exe
2012-08-02 15:50:23 ----A---- C:\WINDOWS\system32\rdchost.dll
2012-08-02 15:50:22 ----D---- C:\WINDOWS\system32\MsDtc
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\qprocess.exe
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\mtxoci.dll
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\icaapi.dll
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\icaapi(4)(2).dll
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\icaapi(3).dll
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\icaapi(2).dll
2012-08-02 15:50:22 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2012-08-02 15:50:21 ----A---- C:\WINDOWS\system32\xolehlp.dll
2012-08-02 15:50:21 ----A---- C:\WINDOWS\system32\msdtctm.dll
2012-08-02 15:50:21 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2012-08-02 15:50:21 ----A---- C:\WINDOWS\system32\msdtclog.dll
2012-08-02 15:50:21 ----A---- C:\WINDOWS\system32\msdtc.exe
2012-08-02 15:50:20 ----D---- C:\WINDOWS\system32\Com
2012-08-02 15:50:20 ----A---- C:\WINDOWS\system32\colbact.dll
2012-08-02 15:50:20 ----A---- C:\WINDOWS\system32\colbact(4)(2).dll
2012-08-02 15:50:20 ----A---- C:\WINDOWS\system32\colbact(3).dll
2012-08-02 15:50:20 ----A---- C:\WINDOWS\system32\colbact(2).dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\clbcatex.dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\catsrvut.dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\catsrvut(3)(2).dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\catsrvut(2).dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\catsrvps.dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\catsrv.dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\catsrv(3)(2).dll
2012-08-02 15:50:19 ----A---- C:\WINDOWS\system32\catsrv(2).dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\comuid.dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\comsvcs.dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\comsvcs(4)(2).dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\comsvcs(3).dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\comsvcs(2).dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\clbcatq.dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\clbcatq(4)(2).dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\clbcatq(3).dll
2012-08-02 15:50:18 ----A---- C:\WINDOWS\system32\clbcatq(2).dll
2012-08-02 15:50:10 ----A---- C:\WINDOWS\system32\servdeps.dll
2012-08-02 15:50:10 ----A---- C:\WINDOWS\system32\mmfutil.dll
2012-08-02 15:50:10 ----A---- C:\WINDOWS\system32\licwmi.dll
2012-08-02 15:50:10 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 month======

2012-08-06 17:56:23 ----A---- C:\WINDOWS\system.ini
2012-08-02 15:54:46 ----A---- C:\WINDOWS\win.ini
2012-08-02 15:54:22 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iteraid;ITERAID_Service_Install; C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-06-01 24971]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-18 61056]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-08-03 242240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-07-28 1258432]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S3 catchme;catchme; \??\C:\DOCUME~1\VAEK~1\LOCALS~1\Temp\catchme.sys []
S3 HdAudAddService;Ovladač funkcí Microsoft UAA pro služby sběrnice High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------

[Roli]

A já blbec to rozbalil , no šlo by udělat ještě jeden scan ?

No tak se na to mrknem.

Tohle fixni v HJT :

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10ze_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\Vašek.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[plesoun111]

Zde je ten Log, zajimavé je, že vždycky když použiji kombofix tak mi zmizne jedna utilita na startovní ploše z panelu nástrojů a to 3D utility cofiguration, ale po odinstalování combofixu se tam opět objeví...
A trend micro mi nenašel tuto hodnotu
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10ze_Plugin.exe -update plugin
Předem děkuji za odpověd.


ComboFix 12-08-20.01 - Vašek 20.08.2012 17:35:39.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1632 [GMT 2:00]
Spuštěný z: c:\documents and settings\VaÜek\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-20 do 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-19 09:32 . 2012-08-19 09:32 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2012-06-02 13:19 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2012-06-02 13:19 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\documents and settings\Vašek\Plocha\Plocha\Programy\Daemon Lite\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
RAID Manager.lnk - c:\program files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2012-8-2 724992]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Documents and Settings\\Vašek\\Plocha\\Plocha\\Programy\\Bit torrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\Vašek\\Plocha\\hry\\Vietcong\\Vietcong\\vietcong.exe"=
.
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2.8.2012 18:16 24971]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3.8.2012 23:32 242240]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2.8.2012 16:01 1258432]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.3.1
FF - ProfilePath - c:\documents and settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\xmdec4wu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\documents and settings\Vašek\Plocha\Plocha\Programy\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-20 17:38
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-08-20 17:40:01
ComboFix-quarantined-files.txt 2012-08-20 15:39
.
Před spuštěním: Volných bajtů: 61 913 317 376
Po spuštění: Volných bajtů: 61 873 676 288
.
- - End Of File - - 92848BF524FE255ACA5EC1237EB3F6BD

[Roli]

Zde je ten Log, zajimavé je, že vždycky když použiji kombofix tak mi zmizne jedna utilita na startovní ploše z panelu nástrojů a to 3D utility cofiguration, ale po odinstalování combofixu se tam opět objeví...

Zřejmě se mu nelíbí tak jí schová

A trend micro mi nenašel tuto hodnotu
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10ze_Plugin.exe -update plugin

Nevadí.

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.