Prosim o kontrolu

[moldow]

Aj ked myslim ze by malo byt vsetko v poriadku, niekto skusenejsi vzdy nieco najde. Dakujem.


Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal at 2012-11-30 21:19:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (50%) free of 31 GB
Total RAM: 1919 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:19:10, on 30. 11. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\volumouse\volumouse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mw_miranda_pack\miranda32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\OperaMW\opera.exe
C:\Documents and Settings\Michal\Desktop\RSIT.exe
C:\Program Files\trend micro\Michal.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Synaptic] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\volumouse\volumouse.exe" /nodlg
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Michal\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2311032546
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe

--
End of file - 6440 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{48D5945E-66E3-47D0-89A9-65ED2B75824A}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Michal\Application Data\Mozilla\Firefox\Profiles\87l41o3c.default

prefs.js - "browser.search.useDBForOrder" - true

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Michal\Application Data\Mozilla\Firefox\Profiles\87l41o3c.default\searchplugins\
grooveshark.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-28 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-28 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synaptic"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-21 761945]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-11-28 384800]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-02-23 106496]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-03-08 344064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"=C:\Program Files\volumouse\volumouse.exe [2007-11-01 30208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-05-04 16206848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\MSI\STARKE~1\BTTray.exe [2005-05-31 577597]

C:\Documents and Settings\Michal\Start Menu\Programs\Startup
Dropbox.lnk - C:\Documents and Settings\Michal\Application Data\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\mw_miranda_pack\miranda32.exe"="C:\Program Files\mw_miranda_pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Documents and Settings\Michal\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Michal\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\OperaMW\opera.exe"="C:\Program Files\OperaMW\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 month======

2012-11-30 21:19:04 ----D---- C:\Program Files\trend micro
2012-11-30 21:19:03 ----D---- C:\rsit
2012-11-30 21:16:08 ----A---- C:\ComboFix.txt
2012-11-30 21:07:21 ----A---- C:\Boot.bak
2012-11-30 21:07:13 ----RASHD---- C:\cmdcons
2012-11-30 21:05:49 ----A---- C:\WINDOWS\zip.exe
2012-11-30 21:05:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-11-30 21:05:49 ----A---- C:\WINDOWS\SWSC.exe
2012-11-30 21:05:49 ----A---- C:\WINDOWS\SWREG.exe
2012-11-30 21:05:49 ----A---- C:\WINDOWS\sed.exe
2012-11-30 21:05:49 ----A---- C:\WINDOWS\PEV.exe
2012-11-30 21:05:49 ----A---- C:\WINDOWS\NIRCMD.exe
2012-11-30 21:05:49 ----A---- C:\WINDOWS\MBR.exe
2012-11-30 21:05:49 ----A---- C:\WINDOWS\grep.exe
2012-11-30 21:05:18 ----D---- C:\Qoobox
2012-11-30 21:05:02 ----D---- C:\WINDOWS\erdnt
2012-11-30 20:56:40 ----D---- C:\Program Files\Glary Utilities
2012-11-30 20:56:40 ----D---- C:\Documents and Settings\Michal\Application Data\GlarySoft
2012-11-29 19:26:10 ----D---- C:\Documents and Settings\Michal\Application Data\Google
2012-11-28 18:08:11 ----D---- C:\WINDOWS\Sun
2012-11-28 18:08:06 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2012-11-28 18:08:05 ----D---- C:\Program Files\Common Files\Java
2012-11-28 18:07:53 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-11-28 18:07:52 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2012-11-28 18:07:52 ----A---- C:\WINDOWS\system32\javaws.exe
2012-11-28 18:07:30 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2012-11-28 18:07:30 ----A---- C:\WINDOWS\system32\javaw.exe
2012-11-28 18:07:30 ----A---- C:\WINDOWS\system32\java.exe
2012-11-28 18:07:03 ----D---- C:\Program Files\Java
2012-11-28 18:05:50 ----D---- C:\Documents and Settings\Michal\Application Data\Sun
2012-11-16 19:04:45 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-11-15 20:26:21 ----D---- C:\Program Files\wamp
2012-11-14 19:07:46 ----D---- C:\Program Files\Winamp Detect
2012-11-14 19:07:28 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2012-11-14 19:07:28 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2012-11-14 19:07:28 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2012-11-14 19:07:28 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2012-11-14 19:07:28 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2012-11-14 19:07:28 ----N---- C:\WINDOWS\system32\pxafs.dll
2012-11-14 19:07:28 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2012-11-14 19:07:28 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2012-11-14 19:07:28 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2012-11-14 19:07:27 ----N---- C:\WINDOWS\system32\vxblock.dll
2012-11-14 19:07:27 ----N---- C:\WINDOWS\system32\pxwma.dll
2012-11-14 19:07:27 ----N---- C:\WINDOWS\system32\pxwave.dll
2012-11-14 19:07:27 ----N---- C:\WINDOWS\system32\pxsfs.dll
2012-11-14 19:07:27 ----N---- C:\WINDOWS\system32\pxmas.dll
2012-11-14 19:07:27 ----N---- C:\WINDOWS\system32\pxdrv.dll
2012-11-14 19:07:27 ----N---- C:\WINDOWS\system32\px.dll
2012-11-14 18:26:21 ----A---- C:\WINDOWS\system32\RemSvc.exe
2012-11-14 18:26:20 ----A---- C:\WINDOWS\system32\ASWLSVC.exe
2012-11-14 18:26:17 ----A---- C:\WINDOWS\system32\ASWL2K.exe
2012-11-14 18:26:15 ----D---- C:\Program Files\ASUS
2012-11-13 21:30:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2012-11-13 21:20:09 ----D---- C:\Program Files\MSECache
2012-11-13 21:12:11 ----A---- C:\WINDOWS\ODBC.INI
2012-11-13 21:11:56 ----A---- C:\WINDOWS\system32\mdimon.dll
2012-11-13 21:06:12 ----D---- C:\Program Files\Common Files\DESIGNER
2012-11-13 21:05:15 ----D---- C:\Program Files\Microsoft Works
2012-11-13 21:04:05 ----D---- C:\Program Files\Microsoft Visual Studio
2012-11-13 21:02:13 ----D---- C:\WINDOWS\SHELLNEW
2012-11-13 21:01:49 ----D---- C:\Program Files\Microsoft.NET
2012-11-13 21:01:49 ----D---- C:\Program Files\Microsoft Office
2012-11-13 20:38:11 ----D---- C:\Program Files\OperaMW
2012-11-13 20:35:06 ----D---- C:\Program Files\Opera
2012-11-13 20:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2012-11-13 19:59:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2761226$
2012-11-13 19:38:56 ----R---- C:\WINDOWS\system32\RtlCPAPI.dll
2012-11-13 19:37:50 ----R---- C:\WINDOWS\Alcmtr.exe
2012-11-11 16:26:23 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2012-11-11 13:09:05 ----D---- C:\Program Files\Dropbox
2012-11-11 13:08:02 ----D---- C:\Documents and Settings\Michal\Application Data\Dropbox
2012-11-10 20:13:21 ----SHD---- C:\WINDOWS\CSC
2012-11-10 20:00:25 ----A---- C:\WINDOWS\OEWABLog.txt
2012-11-10 18:43:01 ----D---- C:\Documents and Settings\Michal\Application Data\PSpad
2012-11-10 18:42:42 ----D---- C:\Program Files\PSPad editor
2012-11-10 18:39:30 ----D---- C:\Documents and Settings\Michal\Application Data\vlc
2012-11-10 18:37:23 ----D---- C:\Program Files\VideoLAN
2012-11-08 22:05:17 ----D---- C:\Program Files\Microsoft Silverlight
2012-11-08 21:49:01 ----D---- C:\Documents and Settings\Michal\Application Data\Help
2012-11-08 21:25:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2012-11-08 21:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2012-11-08 21:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2012-11-08 21:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2012-11-08 21:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2012-11-08 21:07:09 ----A---- C:\WINDOWS\imsins.BAK
2012-11-08 21:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2012-11-08 20:52:14 ----D---- C:\Documents and Settings\Michal\Application Data\Mozilla
2012-11-08 20:51:58 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-11-08 20:51:58 ----D---- C:\Documents and Settings\All Users\Application Data\Mozilla
2012-11-08 20:51:54 ----D---- C:\Program Files\Mozilla Firefox
2012-11-08 20:48:03 ----A---- C:\WINDOWS\system32\unrar.dll
2012-11-08 20:47:56 ----D---- C:\Program Files\K-Lite Codec Pack
2012-11-08 20:38:48 ----D---- C:\Program Files\Common Files\ATI Technologies
2012-11-08 20:27:32 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-11-08 20:25:53 ----D---- C:\Documents and Settings\Michal\Application Data\Opera
2012-11-08 19:54:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-11-08 19:31:41 ----D---- C:\Documents and Settings\Michal\Application Data\Adobe
2012-11-08 19:26:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2012-11-08 19:25:59 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2012-11-08 19:07:56 ----D---- C:\Program Files\Common Files\Adobe
2012-11-08 19:07:56 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-11-08 19:07:45 ----D---- C:\Program Files\Adobe
2012-11-08 19:04:44 ----D---- C:\Documents and Settings\Michal\Application Data\Malwarebytes
2012-11-08 19:04:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-11-08 19:04:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-11-08 19:04:10 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-11-08 18:52:38 ----D---- C:\WINDOWS\pss
2012-11-08 18:49:04 ----D---- C:\Program Files\CCleaner
2012-11-08 18:23:41 ----D---- C:\Program Files\uTorrent
2012-11-08 18:22:15 ----D---- C:\Documents and Settings\Michal\Application Data\uTorrent
2012-11-08 18:21:01 ----D---- C:\Documents and Settings\Michal\Application Data\FastStone
2012-11-08 18:20:45 ----D---- C:\Program Files\FastStone Image Viewer
2012-11-08 17:33:37 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2012-11-08 17:31:13 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2012-11-07 22:50:58 ----ASH---- C:\hiberfil.sys
2012-11-07 22:35:54 ----D---- C:\WINDOWS\system32\XPSViewer
2012-11-07 22:35:49 ----D---- C:\Program Files\MSBuild
2012-11-07 22:35:36 ----D---- C:\Program Files\Reference Assemblies
2012-11-07 22:35:05 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2012-11-07 22:35:05 ----N---- C:\WINDOWS\system32\prntvpt.dll
2012-11-07 22:35:04 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2012-11-07 22:35:03 ----D---- C:\55c0877ff795c10515fa07128aef
2012-11-07 22:29:36 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2012-11-07 22:28:53 ----D---- C:\Program Files\Windows Desktop Search
2012-11-07 22:28:52 ----HD---- C:\WINDOWS\system32\GroupPolicy
2012-11-07 22:28:31 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2012-11-07 22:27:59 ----N---- C:\WINDOWS\system32\spmsg.dll
2012-11-07 22:27:58 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2012-11-07 22:27:32 ----D---- C:\Program Files\Windows Media Connect 2
2012-11-07 22:27:08 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2012-11-07 22:26:02 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2012-11-07 22:25:27 ----D---- C:\WINDOWS\system32\drivers\UMDF
2012-11-07 22:25:21 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2012-11-07 22:22:40 ----RSD---- C:\WINDOWS\assembly
2012-11-07 22:22:40 ----D---- C:\WINDOWS\Microsoft.NET
2012-11-07 21:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2731847-v2$
2012-11-07 21:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2756822$
2012-11-07 21:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219-v2$
2012-11-07 21:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135-v2$
2012-11-07 21:59:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$
2012-11-07 21:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2012-11-07 21:58:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2012-11-07 21:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2744842$
2012-11-07 21:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
2012-11-07 21:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2012-11-07 21:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2012-11-07 21:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-11-07 21:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-11-07 21:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-11-07 21:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2012-11-07 21:57:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2012-11-07 21:57:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2012-11-07 21:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-11-07 21:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-11-07 21:56:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2012-11-07 21:56:07 ----D---- C:\WINDOWS\ie8updates
2012-11-07 21:55:36 ----D---- C:\WINDOWS\WBEM
2012-11-07 21:53:58 ----HDC---- C:\WINDOWS\ie8
2012-11-07 21:50:22 ----A---- C:\WINDOWS\system32\MRT.exe
2012-11-07 21:26:27 ----D---- C:\Documents and Settings\Michal\Application Data\Avira
2012-11-07 21:16:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-11-07 21:16:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-11-07 21:16:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-11-07 21:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-11-07 21:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-11-07 21:16:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-11-07 21:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2012-11-07 21:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2012-11-07 21:15:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2012-11-07 21:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2012-11-07 21:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2012-11-07 21:15:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2012-11-07 21:15:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2012-11-07 21:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2012-11-07 21:15:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2012-11-07 21:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2012-11-07 21:15:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2012-11-07 21:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2544521$
2012-11-07 21:14:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2012-11-07 21:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2012-11-07 21:14:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2012-11-07 21:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2012-11-07 21:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2012-11-07 21:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2012-11-07 21:14:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2012-11-07 21:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2012-11-07 21:14:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2012-11-07 21:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2012-11-07 21:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2012-11-07 21:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2012-11-07 21:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2012-11-07 21:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2012-11-07 21:13:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2012-11-07 21:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2012-11-07 21:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2012-11-07 21:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2012-11-07 21:12:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2012-11-07 21:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2012-11-07 21:12:34 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2012-11-07 21:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2012-11-07 21:12:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2012-11-07 21:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2012-11-07 21:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2012-11-07 21:12:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2012-11-07 21:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2012-11-07 21:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2012-11-07 21:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2012-11-07 21:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2012-11-07 21:11:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2012-11-07 21:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2012-11-07 21:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2012-11-07 21:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2012-11-07 21:11:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2012-11-07 21:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2012-11-07 21:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2012-11-07 21:10:54 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2012-11-07 21:10:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2012-11-07 21:10:42 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2012-11-07 21:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2012-11-07 21:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2012-11-07 21:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2012-11-07 21:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2012-11-07 21:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2012-11-07 21:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2012-11-07 21:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2012-11-07 21:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2012-11-07 21:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2012-11-07 21:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2012-11-07 21:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2012-11-07 21:09:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2012-11-07 21:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2012-11-07 21:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2012-11-07 21:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2012-11-07 21:09:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2012-11-07 21:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2012-11-07 21:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2012-11-07 21:08:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2012-11-07 21:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2012-11-07 21:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2012-11-07 21:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2012-11-07 21:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2012-11-07 21:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2012-11-07 21:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2012-11-07 21:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2012-11-07 21:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2012-11-07 21:07:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2012-11-07 21:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2012-11-07 21:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2012-11-07 21:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2012-11-07 21:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2012-11-07 21:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2012-11-07 21:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2012-11-07 21:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2012-11-07 21:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2012-11-07 20:58:59 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-11-07 20:44:17 ----N---- C:\WINDOWS\system32\browserchoice.exe
2012-11-07 20:38:28 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2012-11-07 20:34:56 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2012-11-07 20:34:34 ----D---- C:\WINDOWS\system32\PreInstall
2012-11-07 20:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2012-11-07 20:34:32 ----HD---- C:\WINDOWS\$hf_mig$
2012-11-07 20:26:58 ----A---- C:\WINDOWS\system32\wups2.dll
2012-11-07 20:26:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2012-11-07 20:20:38 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2012-11-07 20:20:36 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2012-11-07 20:20:36 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2012-11-07 20:20:36 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2012-11-07 20:20:35 ----D---- C:\Program Files\Avira
2012-11-07 20:20:35 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2012-11-07 20:16:02 ----D---- C:\WINDOWS\Prefetch
2012-11-07 20:08:51 ----N---- C:\WINDOWS\system32\msxml6r.dll
2012-11-07 20:08:51 ----A---- C:\WINDOWS\system32\msxml6.dll
2012-11-07 20:08:41 ----N---- C:\WINDOWS\system32\smtpapi.dll
2012-11-07 20:08:41 ----N---- C:\WINDOWS\system32\rwnh.dll
2012-11-07 20:08:41 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2012-11-07 20:08:41 ----N---- C:\WINDOWS\system32\comsdupd.exe
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\dot3ui.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\dot3svc.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\dot3msm.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\dot3api.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\dimsroam.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\credssp.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\azroles.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2012-11-07 20:08:38 ----N---- C:\WINDOWS\system32\aaclient.dll
2012-11-07 20:08:37 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2012-11-07 20:08:37 ----N---- C:\WINDOWS\system32\eapsvc.dll
2012-11-07 20:08:37 ----N---- C:\WINDOWS\system32\eapqec.dll
2012-11-07 20:08:37 ----N---- C:\WINDOWS\system32\eappprxy.dll
2012-11-07 20:08:37 ----N---- C:\WINDOWS\system32\eapphost.dll
2012-11-07 20:08:37 ----N---- C:\WINDOWS\system32\eappgnui.dll
2012-11-07 20:08:37 ----N---- C:\WINDOWS\system32\eappcfg.dll
2012-11-07 20:08:37 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2012-11-07 20:08:37 ----N---- C:\WINDOWS\system32\eapolqec.dll
2012-11-07 20:08:36 ----N---- C:\WINDOWS\system32\mmcperf.exe
2012-11-07 20:08:36 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2012-11-07 20:08:36 ----N---- C:\WINDOWS\system32\mmcex.dll
2012-11-07 20:08:36 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2012-11-07 20:08:36 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2012-11-07 20:08:36 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2012-11-07 20:08:36 ----N---- C:\WINDOWS\system32\kmsvc.dll
2012-11-07 20:08:36 ----N---- C:\WINDOWS\system32\kbdpash.dll
2012-11-07 20:08:36 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2012-11-07 20:08:36 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2012-11-07 20:08:36 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2012-11-07 20:08:35 ----N---- C:\WINDOWS\system32\qagent.dll
2012-11-07 20:08:35 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2012-11-07 20:08:35 ----N---- C:\WINDOWS\system32\onex.dll
2012-11-07 20:08:35 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2012-11-07 20:08:35 ----N---- C:\WINDOWS\system32\napstat.exe
2012-11-07 20:08:35 ----N---- C:\WINDOWS\system32\napmontr.dll
2012-11-07 20:08:35 ----N---- C:\WINDOWS\system32\napipsec.dll
2012-11-07 20:08:35 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2012-11-07 20:08:35 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2012-11-07 20:08:35 ----N---- C:\WINDOWS\system32\mssha.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\verclsid.exe
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\tzchange.exe
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\tspkg.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\tsgqec.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\slserv.exe
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\slrundll.exe
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\slgen.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\slextspk.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\slcoinst.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\setupn.exe
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\s3gnb.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\rasqec.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\qutil.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\qcliprov.dll
2012-11-07 20:08:34 ----N---- C:\WINDOWS\system32\qagentrt.dll
2012-11-07 20:08:33 ----N---- C:\WINDOWS\system32\wmphoto.dll
2012-11-07 20:08:33 ----N---- C:\WINDOWS\system32\wlanapi.dll
2012-11-07 20:08:32 ----A---- C:\WINDOWS\system32\xmllite.dll
2012-11-07 20:08:31 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2012-11-07 20:08:31 ----N---- C:\WINDOWS\slrundll.exe
2012-11-07 20:08:31 ----D---- C:\WINDOWS\system32\scripting
2012-11-07 20:08:31 ----D---- C:\WINDOWS\system32\en-us
2012-11-07 20:08:31 ----D---- C:\WINDOWS\l2schemas
2012-11-07 20:08:30 ----D---- C:\WINDOWS\system32\en
2012-11-07 20:08:30 ----D---- C:\WINDOWS\system32\bits
2012-11-07 20:06:46 ----D---- C:\WINDOWS\ServicePackFiles
2012-11-07 20:04:54 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2012-11-07 20:04:54 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2012-11-07 20:04:54 ----D---- C:\WINDOWS\network diagnostic
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2012-11-07 20:04:53 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2012-11-07 20:04:52 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2012-11-07 20:04:52 ----A---- C:\WINDOWS\system32\drivers\BTHUSB.SYS
2012-11-07 20:04:52 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2012-11-07 20:04:51 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2012-11-07 20:04:51 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2012-11-07 20:04:51 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2012-11-07 20:04:51 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2012-11-07 20:04:51 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2012-11-07 20:04:51 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2012-11-07 20:04:51 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2012-11-07 20:04:51 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2012-11-07 20:04:50 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2012-11-07 20:04:50 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2012-11-07 20:04:50 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2012-11-07 20:04:50 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2012-11-07 20:04:50 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2012-11-07 20:04:50 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2012-11-07 20:04:50 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2012-11-07 20:04:50 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2012-11-07 20:04:50 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2012-11-07 20:04:50 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2012-11-07 20:04:50 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2012-11-07 20:04:49 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2012-11-07 20:03:21 ----A---- C:\WINDOWS\002863_.tmp
2012-11-07 20:01:11 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2012-11-07 19:39:53 ----A---- C:\WINDOWS\system32\msvcr71.dll
2012-11-07 19:39:53 ----A---- C:\WINDOWS\system32\MSVCP71.DLL
2012-11-07 19:34:18 ----D---- C:\Program Files\mw_miranda_pack
2012-11-07 19:20:02 ----D---- C:\WINDOWS\system32\LogFiles
2012-11-07 18:58:32 ----D---- C:\Download
2012-11-07 18:37:55 ----D---- C:\Program Files\TC PowerPack
2012-11-07 18:36:32 ----D---- C:\Documents and Settings\Michal\Application Data\Macromedia
2012-11-07 18:36:08 ----D---- C:\Program Files\Kerio
2012-11-07 18:35:02 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2012-11-07 18:34:46 ----D---- C:\Program Files\Macromedia
2012-11-07 18:34:46 ----D---- C:\Program Files\Common Files\Macromedia
2012-11-07 18:34:15 ----D---- C:\WINDOWS\Downloaded Installations
2012-11-07 18:30:12 ----D---- C:\WINDOWS\RegisteredPackages
2012-11-07 18:27:24 ----D---- C:\Program Files\volumouse
2012-11-07 18:25:27 ----D---- C:\Program Files\Winamp
2012-11-07 18:25:27 ----D---- C:\Documents and Settings\Michal\Application Data\Winamp
2012-11-07 18:22:40 ----D---- C:\Documents and Settings\Michal\Application Data\WinRAR
2012-11-07 18:22:38 ----D---- C:\Program Files\WinRAR
2012-11-07 18:14:35 ----D---- C:\Program Files\MSI
2012-11-07 18:12:06 ----D---- C:\Program Files\Google
2012-11-06 23:25:04 ----A---- C:\WINDOWS\system32\h323log.txt
2012-11-06 23:21:27 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2012-11-06 23:20:55 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2012-11-06 23:20:46 ----A---- C:\WINDOWS\system32\irmon.dll
2012-11-06 23:20:46 ----A---- C:\WINDOWS\system32\irftp.exe
2012-11-06 23:20:46 ----A---- C:\WINDOWS\system32\drivers\rasirda.sys
2012-11-06 23:20:46 ----A---- C:\WINDOWS\system32\drivers\irda.sys
2012-11-06 23:20:45 ----A---- C:\WINDOWS\system32\wshirda.dll
2012-11-06 23:20:44 ----A---- C:\WINDOWS\system32\drivers\irsir.sys
2012-11-06 23:20:17 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2012-11-06 23:20:10 ----A---- C:\WINDOWS\system32\usbui.dll
2012-11-06 23:20:02 ----A---- C:\WINDOWS\system32\drivers\compbatt.sys
2012-11-06 23:20:02 ----A---- C:\WINDOWS\system32\drivers\battc.sys
2012-11-06 23:20:01 ----A---- C:\WINDOWS\system32\drivers\cmbatt.sys
2012-11-06 23:18:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-11-06 23:18:54 ----SHD---- C:\WINDOWS\Installer
2012-11-06 23:18:54 ----D---- C:\Program Files\Common Files\ODBC
2012-11-06 23:18:54 ----A---- C:\WINDOWS\ODBCINST.INI
2012-11-06 23:18:49 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-11-06 23:18:48 ----RD---- C:\Program Files
2012-11-06 23:18:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-11-06 23:18:48 ----D---- C:\Program Files\Common Files
2012-11-06 23:18:45 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2012-11-06 23:18:45 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2012-11-06 23:18:45 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbdur.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbdru.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2012-11-06 23:18:43 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2012-11-06 23:18:41 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2012-11-06 23:18:41 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2012-11-06 23:18:41 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2012-11-06 23:18:41 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2012-11-06 23:18:41 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2012-11-06 23:18:41 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2012-11-06 23:18:41 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2012-11-06 23:18:39 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2012-11-06 23:18:39 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2012-11-06 23:18:39 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2012-11-06 23:18:39 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2012-11-06 23:18:39 ----RA---- C:\WINDOWS\system32\kbdest.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdro.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2012-11-06 23:18:37 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2012-11-06 23:18:35 ----A---- C:\WINDOWS\system32\irclass.dll
2012-11-06 23:18:34 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-11-06 23:18:34 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2012-11-06 23:18:34 ----A---- C:\WINDOWS\system32\dgsetup.dll
2012-11-06 23:18:34 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2012-11-06 23:18:32 ----A---- C:\WINDOWS\TASKMAN.EXE
2012-11-06 23:18:31 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2012-11-06 23:18:31 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2012-11-06 23:18:31 ----A---- C:\WINDOWS\system32\batt.dll
2012-11-06 23:18:30 ----A---- C:\WINDOWS\notepad.exe
2012-11-06 23:18:28 ----A---- C:\WINDOWS\system32\storprop.dll
2012-11-06 23:18:18 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2012-11-06 23:18:01 ----D---- C:\WINDOWS\system32\CatRoot2
2012-11-06 23:18:01 ----D---- C:\WINDOWS\system32\CatRoot
2012-11-06 23:17:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-11-06 23:17:25 ----D---- C:\Documents and Settings
2012-11-06 23:17:24 ----SHD---- C:\System Volume Information
2012-11-06 23:17:24 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-11-06 23:16:51 ----RASH---- C:\boot.ini
2012-11-06 23:09:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-11-06 23:09:52 ----RSD---- C:\WINDOWS\Fonts
2012-11-06 23:09:52 ----RD---- C:\WINDOWS\Web
2012-11-06 23:09:52 ----HD---- C:\WINDOWS\inf
2012-11-06 23:09:52 ----D---- C:\WINDOWS\WinSxS
2012-11-06 23:09:52 ----D---- C:\WINDOWS\twain_32
2012-11-06 23:09:52 ----D---- C:\WINDOWS\Temp
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\wins
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\wbem
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\usmt
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\spool
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\ShellExt
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\Setup
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\ras
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\oobe
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\npp
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\mui
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\inetsrv
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\IME
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\icsxml
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\ias
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\export
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\drivers\etc
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\drivers\disdn
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\drivers
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\dhcp
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\config
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\3com_dmi
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\3076
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\2052
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\1054
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\1042
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\1041
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\1037
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\1033
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\1031
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\1028
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32\1025
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system32
2012-11-06 23:09:52 ----D---- C:\WINDOWS\system
2012-11-06 23:09:52 ----D---- C:\WINDOWS\security
2012-11-06 23:09:52 ----D---- C:\WINDOWS\Resources
2012-11-06 23:09:52 ----D---- C:\WINDOWS\repair
2012-11-06 23:09:52 ----D---- C:\WINDOWS\Provisioning
2012-11-06 23:09:52 ----D---- C:\WINDOWS\pchealth
2012-11-06 23:09:52 ----D---- C:\WINDOWS\PeerNet
2012-11-06 23:09:52 ----D---- C:\WINDOWS\mui
2012-11-06 23:09:52 ----D---- C:\WINDOWS\msapps
2012-11-06 23:09:52 ----D---- C:\WINDOWS\msagent
2012-11-06 23:09:52 ----D---- C:\WINDOWS\Media
2012-11-06 23:09:52 ----D---- C:\WINDOWS\java
2012-11-06 23:09:52 ----D---- C:\WINDOWS\ime
2012-11-06 23:09:52 ----D---- C:\WINDOWS\Help
2012-11-06 23:09:52 ----D---- C:\WINDOWS\ehome
2012-11-06 23:09:52 ----D---- C:\WINDOWS\Driver Cache
2012-11-06 23:09:52 ----D---- C:\WINDOWS\Debug
2012-11-06 23:09:52 ----D---- C:\WINDOWS\Cursors
2012-11-06 23:09:52 ----D---- C:\WINDOWS\Connection Wizard
2012-11-06 23:09:52 ----D---- C:\WINDOWS\Config
2012-11-06 23:09:52 ----D---- C:\WINDOWS\AppPatch
2012-11-06 23:09:52 ----D---- C:\WINDOWS\addins
2012-11-06 23:09:52 ----D---- C:\WINDOWS
2012-11-06 23:09:52 ----ASH---- C:\pagefile.sys
2012-11-06 23:02:48 ----A---- C:\WINDOWS\system32\drivers\mstee.sys
2012-11-06 23:02:46 ----A---- C:\WINDOWS\system32\drivers\ndisip.sys
2012-11-06 23:02:44 ----A---- C:\WINDOWS\system32\drivers\streamip.sys
2012-11-06 23:02:42 ----A---- C:\WINDOWS\system32\drivers\slip.sys
2012-11-06 23:02:39 ----A---- C:\WINDOWS\system32\drivers\wstcodec.sys
2012-11-06 23:02:37 ----A---- C:\WINDOWS\system32\drivers\nabtsfec.sys
2012-11-06 23:02:35 ----A---- C:\WINDOWS\system32\drivers\ccdecode.sys
2012-11-06 23:02:24 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2012-11-06 23:02:21 ----A---- C:\ASWL2K.ini
2012-11-06 23:01:20 ----A---- C:\WINDOWS\system32\drivers\mdc8021x.sys
2012-11-06 23:01:02 ----A---- C:\WINDOWS\system32\drivers\BCMWL5.SYS
2012-11-06 23:01:02 ----A---- C:\WINDOWS\system32\ASUSW32N50.dll
2012-11-06 23:01:02 ----A---- C:\WINDOWS\system32\ASNDIS5.sys
2012-11-06 22:59:36 ----A---- C:\WINDOWS\system32\SynVFW.dll
2012-11-06 22:59:36 ----A---- C:\WINDOWS\system32\SynUSD.dll
2012-11-06 22:59:36 ----A---- C:\WINDOWS\system32\SynSvc_.exe
2012-11-06 22:59:36 ----A---- C:\WINDOWS\system32\drivers\SynScan.sys
2012-11-06 22:59:36 ----A---- C:\WINDOWS\system32\drivers\SynSam.sys
2012-11-06 22:59:36 ----A---- C:\WINDOWS\system32\drivers\SynPipe.sys
2012-11-06 22:59:36 ----A---- C:\WINDOWS\system32\drivers\SynMini.sys
2012-11-06 22:59:36 ----A---- C:\WINDOWS\system32\drivers\SynCamd.sys
2012-11-06 22:59:36 ----A---- C:\WINDOWS\Syn112X.exe
2012-11-06 22:59:35 ----A---- C:\WINDOWS\system32\drivers\SynPin.sys
2012-11-06 22:59:31 ----D---- C:\WINDOWS\STK1125-A3
2012-11-06 22:57:35 ----A---- C:\WINDOWS\system32\drivers\risdptsk.sys
2012-11-06 22:57:34 ----A---- C:\WINDOWS\system32\snymsico.dll
2012-11-06 22:57:34 ----A---- C:\WINDOWS\system32\drivers\rimsptsk.sys
2012-11-06 22:57:04 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2012-11-06 22:57:01 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2012-11-06 22:57:01 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2012-11-06 22:57:01 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2012-11-06 22:57:01 ----A---- C:\WINDOWS\system32\SynCOM.dll
2012-11-06 22:57:01 ----A---- C:\WINDOWS\system32\drivers\SynTP.sys
2012-11-06 22:56:58 ----D---- C:\Program Files\Synaptics
2012-11-06 22:56:24 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2012-11-06 22:56:21 ----A---- C:\WINDOWS\system32\drivers\Rtnicxp.sys
2012-11-06 22:56:11 ----D---- C:\WINDOWS\OPTIONS
2012-11-06 22:53:41 ----D---- C:\WINDOWS\system32\Lang
2012-11-06 22:49:07 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2012-11-06 22:49:05 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2012-11-06 22:49:04 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2012-11-06 22:49:02 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2012-11-06 22:49:01 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2012-11-06 22:49:00 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2012-11-06 22:48:59 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2012-11-06 22:48:58 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2012-11-06 22:48:56 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2012-11-06 22:48:55 ----A---- C:\WINDOWS\system32\drivers\mspqm.sys
2012-11-06 22:48:54 ----A---- C:\WINDOWS\system32\drivers\mspclock.sys
2012-11-06 22:48:35 ----A---- C:\WINDOWS\system32\sm56co.dll
2012-11-06 22:48:34 ----RA---- C:\WINDOWS\system32\drivers\smserial.sys
2012-11-06 22:48:34 ----D---- C:\WINDOWS\Motorola
2012-11-06 22:48:34 ----A---- C:\WINDOWS\sm56spn.dll
2012-11-06 22:48:34 ----A---- C:\WINDOWS\sm56jpn.dll
2012-11-06 22:48:33 ----A---- C:\WINDOWS\sm56itl.dll
2012-11-06 22:48:33 ----A---- C:\WINDOWS\sm56cht.dll
2012-11-06 22:48:33 ----A---- C:\WINDOWS\sm56chs.dll
2012-11-06 22:48:33 ----A---- C:\WINDOWS\sm56hlpr.exe
2012-11-06 22:48:33 ----A---- C:\WINDOWS\sm56ger.dll
2012-11-06 22:48:33 ----A---- C:\WINDOWS\sm56fra.dll
2012-11-06 22:48:33 ----A---- C:\WINDOWS\sm56eng.dll
2012-11-06 22:48:33 ----A---- C:\WINDOWS\sm56brz.dll
2012-11-06 22:48:12 ----R---- C:\WINDOWS\system32\ChCfg.exe
2012-11-06 22:47:44 ----R---- C:\WINDOWS\RtlUpd.exe
2012-11-06 22:47:44 ----R---- C:\WINDOWS\alcwzrd.exe
2012-11-06 22:47:44 ----D---- C:\WINDOWS\system32\RTCOM
2012-11-06 22:47:43 ----R---- C:\WINDOWS\SoundMan.exe
2012-11-06 22:47:43 ----R---- C:\WINDOWS\RTLCPL.exe
2012-11-06 22:47:42 ----R---- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2012-11-06 22:47:42 ----R---- C:\WINDOWS\RTHDCPL.exe
2012-11-06 22:47:42 ----R---- C:\WINDOWS\MicCal.exe
2012-11-06 22:47:41 ----A---- C:\WINDOWS\system32\ksuser.dll
2012-11-06 22:47:41 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2012-11-06 22:47:11 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2012-11-06 22:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2012-11-06 22:46:48 ----D---- C:\Program Files\Realtek
2012-11-06 22:46:41 ----R---- C:\WINDOWS\RtlExUpd.dll
2012-11-06 22:46:24 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2012-11-06 22:46:19 ----RA---- C:\WINDOWS\system32\atiicdxx.dat
2012-11-06 22:46:05 ----D---- C:\Program Files\ATI Technologies
2012-11-06 22:45:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-11-06 22:40:20 ----RA---- C:\WINDOWS\system32\drivers\ATKACPI.sys
2012-11-06 22:40:20 ----D---- C:\WINDOWS\ATK0100
2012-11-06 22:39:50 ----HD---- C:\Program Files\InstallShield Installation Information
2012-11-06 22:39:41 ----D---- C:\Program Files\Common Files\InstallShield
2012-11-06 22:39:24 ----RA---- C:\WINDOWS\system32\drivers\MMIOPORT.SYS
2012-11-06 22:37:50 ----D---- C:\Documents and Settings\Michal\Application Data\Identities
2012-11-06 22:37:48 ----HD---- C:\Program Files\Uninstall Information
2012-11-06 22:37:42 ----SD---- C:\Documents and Settings\Michal\Application Data\Microsoft
2012-11-06 22:37:42 ----ASH---- C:\Documents and Settings\Michal\Application Data\desktop.ini
2012-11-06 22:36:25 ----D---- C:\WINDOWS\SoftwareDistribution
2012-11-06 22:36:23 ----SD---- C:\WINDOWS\system32\Microsoft
2012-11-06 22:35:16 ----AS---- C:\WINDOWS\bootstat.dat
2012-11-06 22:32:47 ----D---- C:\WINDOWS\system32\xircom
2012-11-06 22:32:47 ----D---- C:\Program Files\xerox
2012-11-06 22:32:47 ----D---- C:\Program Files\microsoft frontpage
2012-11-06 22:32:25 ----RASH---- C:\MSDOS.SYS
2012-11-06 22:32:25 ----RASH---- C:\IO.SYS
2012-11-06 22:32:25 ----A---- C:\WINDOWS\control.ini
2012-11-06 22:32:25 ----A---- C:\CONFIG.SYS
2012-11-06 22:32:25 ----A---- C:\AUTOEXEC.BAT
2012-11-06 22:32:05 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-11-06 22:31:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-11-06 22:31:08 ----RD---- C:\WINDOWS\Offline Web Pages
2012-11-06 22:30:56 ----HD---- C:\Program Files\WindowsUpdate
2012-11-06 22:30:32 ----D---- C:\WINDOWS\system32\DirectX
2012-11-06 22:30:07 ----A---- C:\WINDOWS\system32\atrace.dll
2012-11-06 22:30:04 ----A---- C:\WINDOWS\system32\desktop.ini
2012-11-06 22:30:04 ----A---- C:\WINDOWS\desktop.ini
2012-11-06 22:29:57 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2012-11-06 22:29:55 ----D---- C:\Program Files\Common Files\Services
2012-11-06 22:29:55 ----A---- C:\WINDOWS\system32\acctres.dll
2012-11-06 22:29:52 ----SD---- C:\WINDOWS\Tasks
2012-11-06 22:29:52 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2012-11-06 22:29:51 ----D---- C:\Program Files\Common Files\MSSoap
2012-11-06 22:29:45 ----D---- C:\WINDOWS\srchasst
2012-11-06 22:29:44 ----D---- C:\WINDOWS\system32\Macromed
2012-11-06 22:29:41 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-11-06 22:29:41 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-11-06 22:29:41 ----A---- C:\WINDOWS\system32\wuauserv.dll
2012-11-06 22:29:40 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2012-11-06 22:29:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-11-06 22:29:39 ----A---- C:\WINDOWS\system32\wups.dll
2012-11-06 22:29:39 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-11-06 22:29:39 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-11-06 22:29:39 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-11-06 22:29:39 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2012-11-06 22:29:39 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2012-11-06 22:29:39 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2012-11-06 22:29:38 ----A---- C:\WINDOWS\system32\qmgr.dll
2012-11-06 22:29:33 ----D---- C:\Program Files\Movie Maker
2012-11-06 22:29:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2012-11-06 22:29:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2012-11-06 22:29:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2012-11-06 22:29:28 ----A---- C:\WINDOWS\system32\racpldlg.dll
2012-11-06 22:29:23 ----A---- C:\WINDOWS\system32\fltmc.exe
2012-11-06 22:29:23 ----A---- C:\WINDOWS\system32\fltlib.dll
2012-11-06 22:29:22 ----D---- C:\WINDOWS\system32\Restore
2012-11-06 22:29:22 ----A---- C:\WINDOWS\system32\srsvc.dll
2012-11-06 22:29:22 ----A---- C:\WINDOWS\system32\srrstr.dll
2012-11-06 22:29:22 ----A---- C:\WINDOWS\system32\srclient.dll
2012-11-06 22:29:22 ----A---- C:\WINDOWS\system32\drivers\fltmgr.sys
2012-11-06 22:29:21 ----A---- C:\WINDOWS\system32\mnmdd.dll
2012-11-06 22:29:21 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2012-11-06 22:29:21 ----A---- C:\WINDOWS\system32\ils.dll
2012-11-06 22:29:21 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2012-11-06 22:29:20 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2012-11-06 22:29:20 ----A---- C:\WINDOWS\system32\msconf.dll
2012-11-06 22:29:20 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-11-06 22:29:17 ----D---- C:\Program Files\NetMeeting
2012-11-06 22:29:17 ----A---- C:\WINDOWS\system32\msoert2.dll
2012-11-06 22:29:17 ----A---- C:\WINDOWS\system32\msoeacct.dll
2012-11-06 22:29:15 ----A---- C:\WINDOWS\system32\inetres.dll
2012-11-06 22:29:15 ----A---- C:\WINDOWS\system32\inetcomm.dll
2012-11-06 22:29:12 ----D---- C:\Program Files\Outlook Express
2012-11-06 22:29:12 ----A---- C:\WINDOWS\system32\schedsvc.dll
2012-11-06 22:29:12 ----A---- C:\WINDOWS\system32\mstinit.exe
2012-11-06 22:29:12 ----A---- C:\WINDOWS\system32\mstask.dll
2012-11-06 22:29:11 ----A---- C:\WINDOWS\system32\isign32.dll
2012-11-06 22:29:11 ----A---- C:\WINDOWS\system32\inetcfg.dll
2012-11-06 22:29:11 ----A---- C:\WINDOWS\system32\icwphbk.dll
2012-11-06 22:29:11 ----A---- C:\WINDOWS\system32\icwdial.dll
2012-11-06 22:29:04 ----D---- C:\Program Files\Common Files\System
2012-11-06 22:28:58 ----D---- C:\Program Files\Internet Explorer
2012-11-06 22:28:33 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2012-11-06 22:28:21 ----D---- C:\Program Files\ComPlus Applications
2012-11-06 22:28:18 ----A---- C:\WINDOWS\vbaddin.ini
2012-11-06 22:28:18 ----A---- C:\WINDOWS\vb.ini
2012-11-06 22:28:13 ----D---- C:\WINDOWS\Registration
2012-11-06 22:28:04 ----D---- C:\Program Files\Windows Media Player
2012-11-06 22:28:04 ----D---- C:\Program Files\Online Services
2012-11-06 22:27:55 ----D---- C:\Program Files\Messenger
2012-11-06 22:27:50 ----D---- C:\Program Files\MSN Gaming Zone
2012-11-06 22:27:50 ----A---- C:\WINDOWS\system32\write.exe
2012-11-06 22:27:41 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-11-06 22:27:41 ----A---- C:\WINDOWS\system32\hticons.dll
2012-11-06 22:27:40 ----A---- C:\WINDOWS\system32\winchat.exe
2012-11-06 22:27:40 ----A---- C:\WINDOWS\system32\avwav.dll
2012-11-06 22:27:40 ----A---- C:\WINDOWS\system32\avtapi.dll
2012-11-06 22:27:40 ----A---- C:\WINDOWS\system32\avmeter.dll
2012-11-06 22:27:33 ----A---- C:\WINDOWS\system32\getuname.dll
2012-11-06 22:27:32 ----A---- C:\WINDOWS\system32\winmine.exe
2012-11-06 22:27:32 ----A---- C:\WINDOWS\system32\sol.exe
2012-11-06 22:27:32 ----A---- C:\WINDOWS\system32\charmap.exe
2012-11-06 22:27:32 ----A---- C:\WINDOWS\system32\calc.exe
2012-11-06 22:27:31 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2012-11-06 22:27:31 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2012-11-06 22:27:31 ----A---- C:\WINDOWS\system32\tslabels.ini
2012-11-06 22:27:31 ----A---- C:\WINDOWS\system32\tskill.exe
2012-11-06 22:27:31 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2012-11-06 22:27:31 ----A---- C:\WINDOWS\system32\reset.exe
2012-11-06 22:27:31 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-11-06 22:27:31 ----A---- C:\WINDOWS\system32\freecell.exe
2012-11-06 22:27:30 ----A---- C:\WINDOWS\system32\tscon.exe
2012-11-06 22:27:30 ----A---- C:\WINDOWS\system32\shadow.exe
2012-11-06 22:27:30 ----A---- C:\WINDOWS\system32\rwinsta.exe
2012-11-06 22:27:30 ----A---- C:\WINDOWS\system32\regini.exe
2012-11-06 22:27:30 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2012-11-06 22:27:30 ----A---- C:\WINDOWS\system32\qwinsta.exe
2012-11-06 22:27:30 ----A---- C:\WINDOWS\system32\qappsrv.exe
2012-11-06 22:27:30 ----A---- C:\WINDOWS\system32\msg.exe
2012-11-06 22:27:30 ----A---- C:\WINDOWS\system32\logoff.exe
2012-11-06 22:27:30 ----A---- C:\WINDOWS\system32\cdmodem.dll
2012-11-06 22:27:29 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2012-11-06 22:27:29 ----A---- C:\WINDOWS\system32\mtxex.dll
2012-11-06 22:27:29 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2012-11-06 22:27:29 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2012-11-06 22:27:28 ----A---- C:\WINDOWS\system32\stclient.dll
2012-11-06 22:27:28 ----A---- C:\WINDOWS\system32\mtxdm.dll
2012-11-06 22:27:28 ----A---- C:\WINDOWS\system32\comsnap.dll
2012-11-06 22:27:28 ----A---- C:\WINDOWS\system32\comrepl.dll
2012-11-06 22:27:28 ----A---- C:\WINDOWS\system32\comaddin.dll
2012-11-06 22:27:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2012-11-06 22:27:02 ----D---- C:\Program Files\MSN
2012-11-06 22:27:00 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-11-06 22:27:00 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-11-06 22:27:00 ----A---- C:\WINDOWS\system32\hypertrm.dll
2012-11-06 22:27:00 ----A---- C:\WINDOWS\system32\accwiz.exe
2012-11-06 22:26:59 ----D---- C:\Program Files\Windows NT
2012-11-06 22:26:59 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-11-06 22:26:59 ----A---- C:\WINDOWS\system32\clipbrd.exe
2012-11-06 22:26:58 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2012-11-06 22:26:58 ----A---- C:\WINDOWS\system32\spider.exe
2012-11-06 22:26:58 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2012-11-06 22:26:58 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2012-11-06 22:26:58 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-11-06 22:26:57 ----A---- C:\WINDOWS\system32\sessmgr.exe
2012-11-06 22:26:57 ----A---- C:\WINDOWS\system32\remotepg.dll
2012-11-06 22:26:57 ----A---- C:\WINDOWS\system32\rdshost.exe
2012-11-06 22:26:57 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2012-11-06 22:26:57 ----A---- C:\WINDOWS\system32\mstscax.dll
2012-11-06 22:26:57 ----A---- C:\WINDOWS\system32\mstsc.exe
2012-11-06 22:26:56 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2012-11-06 22:26:56 ----A---- C:\WINDOWS\system32\termsrv.dll
2012-11-06 22:26:56 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2012-11-06 22:26:56 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2012-11-06 22:26:56 ----A---- C:\WINDOWS\system32\rdpclip.exe
2012-11-06 22:26:56 ----A---- C:\WINDOWS\system32\rdchost.dll
2012-11-06 22:26:56 ----A---- C:\WINDOWS\system32\qprocess.exe
2012-11-06 22:26:55 ----D---- C:\WINDOWS\system32\MsDtc
2012-11-06 22:26:55 ----A---- C:\WINDOWS\system32\mtxoci.dll
2012-11-06 22:26:55 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2012-11-06 22:26:55 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2012-11-06 22:26:55 ----A---- C:\WINDOWS\system32\icaapi.dll
2012-11-06 22:26:55 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2012-11-06 22:26:54 ----A---- C:\WINDOWS\system32\xolehlp.dll
2012-11-06 22:26:54 ----A---- C:\WINDOWS\system32\msdtctm.dll
2012-11-06 22:26:54 ----A---- C:\WINDOWS\system32\msdtclog.dll
2012-11-06 22:26:54 ----A---- C:\WINDOWS\system32\msdtc.exe
2012-11-06 22:26:53 ----D---- C:\WINDOWS\system32\Com
2012-11-06 22:26:53 ----A---- C:\WINDOWS\system32\colbact.dll
2012-11-06 22:26:53 ----A---- C:\WINDOWS\system32\clbcatex.dll
2012-11-06 22:26:53 ----A---- C:\WINDOWS\system32\catsrvps.dll
2012-11-06 22:26:52 ----A---- C:\WINDOWS\system32\catsrvut.dll
2012-11-06 22:26:52 ----A---- C:\WINDOWS\system32\catsrv.dll
2012-11-06 22:26:51 ----A---- C:\WINDOWS\system32\comuid.dll
2012-11-06 22:26:51 ----A---- C:\WINDOWS\system32\comsvcs.dll
2012-11-06 22:26:51 ----A---- C:\WINDOWS\system32\clbcatq.dll
2012-11-06 22:26:43 ----A---- C:\WINDOWS\system32\servdeps.dll
2012-11-06 22:26:43 ----A---- C:\WINDOWS\system32\mmfutil.dll
2012-11-06 22:26:43 ----A---- C:\WINDOWS\system32\licwmi.dll
2012-11-06 22:26:40 ----A---- C:\WINDOWS\system32\cmprops.dll
2012-11-06 22:26:36 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2012-11-06 22:26:36 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 month======

2012-11-30 21:14:09 ----A---- C:\WINDOWS\system.ini
2012-11-30 20:48:12 ----A---- C:\WINDOWS\win.ini
2012-11-06 22:31:53 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 risdptsk;risdptsk; C:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-11-13 133824]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-11-13 36552]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-03-21 270336]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2012-08-27 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-11-13 83432]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2012-11-06 15781]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-08 1506816]
R3 BCM43XX;ASUS 802.11 ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-05-31 1341466]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-04 4271616]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-01-20 862340]
R3 SynMini;USB2.0 1.3M Web Cam; C:\WINDOWS\System32\Drivers\SynMini.sys [2005-10-03 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2005-10-03 8278]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
S1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
S2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
S2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-05-31 401152]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-05-31 30363]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-05-31 148040]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2005-05-31 44163]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-05-31 56648]
S3 catchme;catchme; \??\C:\DOCUME~1\Michal\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-12-02 118656]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-11-28 109344]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-11-28 85280]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-08 405504]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe [2005-05-31 258103]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-11-28 161768]
R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-03-23 1941504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-13 116648]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2012-11-08 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 250808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-13 116648]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-24 115168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.2.17\bin\httpd.exe [2010-12-31 20549]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [2010-12-31 8133120]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Proč spouštíte ComboFix, utilitu určenou odborníkům? Hodláte si zbořit systém? Pokud jste četl pravidla, CF se laikům nedoporučuje, navíc smaže všechny stopy, po případné nákaze, takže log RSIT je pak k ničemu. Dejte tedy log ComboFix. Najdete ho v c:\combofix.txt.

[moldow]

Nevedel som. Tu je log z CF:


ComboFix 12-11-30.02 - Michal . 11. 2012 21:08:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1919.1406 [GMT 1:00]
Running from: c:\documents and settings\Michal\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Kerio Personal Firewall *Enabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))
.
.
2012-11-07 21:35 . 2012-11-07 21:35 -------- d-----w- C:\55c0877ff795c10515fa07128aef
2012-11-07 17:58 . 2012-11-13 18:24 -------- d-----w- C:\Download
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2004-08-03 21:17 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-03 22:56 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-24 17:50 . 2012-11-08 19:51 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\Michal\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\Michal\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\Michal\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\Michal\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"="c:\program files\volumouse\volumouse.exe" [2007-11-01 30208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synaptic"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-28 384800]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-23 106496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 344064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Michal\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Michal\Application Data\Dropbox\bin\Dropbox.exe [2012-11-6 26619512]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 04:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-04 07:59 16206848 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\mw_miranda_pack\\miranda32.exe"=
"c:\\Documents and Settings\\Michal\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\OperaMW\\opera.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7. 11. 2012 20:20 36552]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [21. 3. 2005 15:39 270336]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7. 11. 2012 20:20 85280]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [6. 11. 2012 22:59 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [6. 11. 2012 22:59 8278]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 19:27]
.
2012-11-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-11-30 12:10]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-13 19:42]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-13 19:42]
.
2012-11-30 c:\windows\Tasks\User_Feed_Synchronization-{48D5945E-66E3-47D0-89A9-65ED2B75824A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michal\Application Data\Mozilla\Firefox\Profiles\87l41o3c.default\
FF - ExtSQL: 2012-11-07 22:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2012-11-29 18:27; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\Michal\Application Data\Mozilla\Firefox\Profiles\87l41o3c.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-xp-AntiSpy Profile Check - c:\program files\xp-AntiSpy\xp-AntiSpy.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-30 21:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-11-30 21:16:07
ComboFix-quarantined-files.txt 2012-11-30 20:16
.
Pre-Run: 15 635 582 976 bytes free
Post-Run: 16 450 117 632 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6B75880297C0FE4E79F229FC2CEF470A

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

Regnull::
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[moldow]

ComboFix 12-11-30.02 - Michal . 11. 2012 23:08:46.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1919.1171 [GMT 1:00]
Running from: c:\documents and settings\Michal\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michal\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Kerio Personal Firewall *Enabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))
.
.
2012-11-30 20:19 . 2012-11-30 20:19 -------- d-----w- C:\rsit
2012-11-07 21:35 . 2012-11-07 21:35 -------- d-----w- C:\55c0877ff795c10515fa07128aef
2012-11-07 17:58 . 2012-11-13 18:24 -------- d-----w- C:\Download
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2004-08-03 21:17 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-03 22:56 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-24 17:50 . 2012-11-08 19:51 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\Michal\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\Michal\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\Michal\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\Michal\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"="c:\program files\volumouse\volumouse.exe" [2007-11-01 30208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synaptic"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-28 384800]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-23 106496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 344064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Michal\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Michal\Application Data\Dropbox\bin\Dropbox.exe [2012-11-6 26619512]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 04:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-04 07:59 16206848 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\mw_miranda_pack\\miranda32.exe"=
"c:\\Documents and Settings\\Michal\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\OperaMW\\opera.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7. 11. 2012 20:20 36552]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [21. 3. 2005 15:39 270336]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7. 11. 2012 20:20 85280]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [6. 11. 2012 22:59 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [6. 11. 2012 22:59 8278]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 19:27]
.
2012-11-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-11-30 12:10]
.
2012-11-30 c:\windows\Tasks\User_Feed_Synchronization-{48D5945E-66E3-47D0-89A9-65ED2B75824A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michal\Application Data\Mozilla\Firefox\Profiles\87l41o3c.default\
FF - ExtSQL: 2012-11-07 22:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2012-11-29 18:27; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\Michal\Application Data\Mozilla\Firefox\Profiles\87l41o3c.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-30 23:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'explorer.exe'(2696)
c:\windows\system32\WININET.dll
c:\documents and settings\Michal\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\volumouse\vlmshlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\windows\system32\wscntfy.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Completion time: 2012-11-30 23:20:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-30 22:20
ComboFix2.txt 2012-11-30 20:16
.
Pre-Run: 16 461 389 824 bytes free
Post-Run: 16 448 843 776 bytes free
.
- - End Of File - - A5516973D85393C629E1D26A08891309

[Rudy]

Log již vypadá OK.

[moldow]

Este raz dakujem. Posledna otazka: Subory na C:\ vygenerovane CF a RSITom ako zmazem? Z nudzoveho rezimu alebo je na to nejaky postup?

30. 11. 2012 23:20 <DIR> Qoobox
30. 11. 2012 21:19 <DIR> rsit

[Rudy]

Použijte T-Cleaner: http://www.uloz.to/xGq1Wbe/t-cleaner-exe .

[moldow]

Podarilo sa. Dakujem, tema sa moze zavriet.

[Rudy]

Nemáte zač!