VIRY.CZ

Fajn už to scanujem na notebooku. Mam nechať notebook v absolutnom kľude alebo popri scane môžem behať po prehliadači, atd.

Status: Deleted (events: 4)
12. 1. 2012 17:57:11 Deleted Trojan program Trojan.Win32.Jorik.Lethic.du C:\Documents and Settings\Michal\Application Data\321.exe High
12. 1. 2012 17:57:10 Deleted Trojan program Trojan.Win32.Jorik.Lethic.du C:\Documents and Settings\Michal\Application Data\C9.exe High
12. 1. 2012 17:57:11 Deleted Trojan program Trojan.Win32.Jorik.Lethic.du C:\Documents and Settings\Michal\Application Data\184.exe High
12. 1. 2012 17:57:12 Deleted Trojan program Trojan.Win32.Jorik.Lethic.du C:\Documents and Settings\Michal\Application Data\regsrv33.exe High

takže za hodku to bolo nakoniec a nie 12 hodin

Ono zalezi kolika soubory se musi probrat

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%SystemDrive%\PhysicalMBR.bin /md5

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

nech sa páči...

OTL logfile created on: 12. 1. 2012 21:25:53 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michal\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

447,20 Mb Total Physical Memory | 124,15 Mb Available Physical Memory | 27,76% Memory free
1,03 Gb Paging File | 0,66 Gb Available in Paging File | 63,71% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 53,25 Gb Free Space | 71,45% Space Free | Partition Type: NTFS

Computer Name: ALLA | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.01.12 21:23:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michal\My Documents\Downloads\OTL.exe
PRC - [2011.11.16 00:41:32 | 008,391,152 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
PRC - [2011.10.20 20:45:48 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008.04.13 19:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.03 17:42:56 | 000,376,921 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2007.05.03 17:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe

========== Modules (No Company Name) ==========

MOD - [2011.11.16 00:41:32 | 000,229,360 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
MOD - [2011.11.16 00:41:28 | 007,859,200 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtGui4.dll
MOD - [2011.11.16 00:41:28 | 002,210,816 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtCore4.dll
MOD - [2011.11.16 00:41:28 | 000,814,080 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtNetwork4.dll
MOD - [2011.11.16 00:41:28 | 000,421,360 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
MOD - [2011.11.16 00:41:28 | 000,195,584 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg4.dll
MOD - [2011.11.16 00:41:28 | 000,158,704 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
MOD - [2011.11.16 00:41:28 | 000,025,600 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\imageformats\qgif4.dll
MOD - [2011.10.20 20:45:46 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\ppgooglenaclpluginchrome.dll
MOD - [2011.10.20 20:45:45 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\pdf.dll
MOD - [2011.10.20 20:44:09 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\avutil-51.dll
MOD - [2011.10.20 20:44:08 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\avformat-53.dll
MOD - [2011.10.20 20:44:07 | 001,745,992 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\avcodec-53.dll
MOD - [2011.10.20 17:45:13 | 008,587,936 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\gcswf32.dll
MOD - [2011.06.16 00:14:48 | 000,331,776 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2011.05.28 22:04:58 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.01.09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2007.07.05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012.01.09 23:28:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.25 22:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\Beruska.com\pev.3XE -- (PEVSystemStart)
SRV - [2010.01.21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2007.05.03 17:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService)

========== Driver Services (SafeList) ==========

DRV - [2012.01.12 17:57:11 | 000,000,536 | -HS- | M] () [File_System | Unknown | Running] -- C:\WINDOWS\0696139drv.spi -- (0696139drv)
DRV - [2012.01.12 16:38:51 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\34845690.sys -- (34845690)
DRV - [2008.04.13 14:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007.08.24 11:46:48 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.07.04 22:55:40 | 002,304,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.05.02 19:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.03.28 19:52:18 | 000,057,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006.12.14 16:44:06 | 000,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.03 09:32:00 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.07.14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005.07.12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012.01.11 17:50:30 | 000,000,726 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&oslať do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55D5C386-D030-43D0-A347-01FBA96655DF}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: Windows Task Services - C:\Documents and Settings\Michal\Application Data\33.exe - No CLSID value found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.03 09:24:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell - "" = AutoRun
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\1b37f31f.exe
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\explore\command - "" = E:\RECYCLER\1b37f31f.exe
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\open\command - "" = E:\RECYCLER\1b37f31f.exe
O33 - MountPoints2\{4f4b96b0-3677-11e1-8efc-0015af57abac}\Shell - "" = AutoRun
O33 - MountPoints2\{4f4b96b0-3677-11e1-8efc-0015af57abac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f4b96b0-3677-11e1-8efc-0015af57abac}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Error creating restore point.

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.01.12 18:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\My Documents\VIDEO_TS
[2012.01.12 17:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.01.12 17:32:20 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\34845690.sys
[2012.01.12 17:28:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michal\Recent
[2012.01.12 15:33:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012.01.12 14:22:42 | 000,000,000 | --SD | C] -- C:\Beruska.com
[2012.01.12 14:21:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.01.11 22:46:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.01.11 22:44:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.01.11 22:44:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.01.11 22:44:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.01.11 22:44:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.01.11 22:44:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.01.11 22:44:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.11 22:44:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michal\Start Menu\Programs\Administrative Tools
[2012.01.11 22:31:39 | 004,377,322 | R--- | C] (Swearware) -- C:\Documents and Settings\Michal\Desktop\Beruska.com.exe
[2012.01.11 18:06:27 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michal\Desktop\tdsskiller.exe
[2012.01.10 20:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Start Menu\Programs\WinRAR
[2012.01.10 20:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012.01.09 23:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2012.01.09 23:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Local Settings\Application Data\Adobe
[2012.01.09 23:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012.01.09 23:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.01.09 23:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.01.09 23:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.01.09 23:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.01.09 23:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2012.01.09 23:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012.01.09 23:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.01.09 23:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012.01.09 23:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.01.09 23:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012.01.09 22:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012.01.09 22:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.01.09 22:57:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012.01.09 22:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Local Settings\Application Data\Microsoft Help
[2012.01.09 22:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.01.09 22:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012.01.09 22:56:41 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.01.09 12:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Desktop\Songy
[2012.01.09 12:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Application Data\AVG
[2012.01.09 12:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.01.09 12:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2012.01.09 12:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.01.09 11:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.01.09 11:53:16 | 000,000,000 | ---D | C] -- C:\rsit
[2012.01.09 11:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Application Data\Malwarebytes
[2012.01.09 11:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.09 11:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.09 11:28:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.09 11:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.06 13:56:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michal\My Documents\My Movies
[2012.01.06 01:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2012.01.06 01:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Elaborate Bytes
[2012.01.06 01:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2012.01.06 01:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2012.01.06 01:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2012.01.06 00:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Application Data\WinRAR
[2012.01.06 00:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.01.12 21:27:29 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.01.12 21:20:32 | 000,156,371 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo copy.jpg
[2012.01.12 21:20:20 | 004,605,679 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo.psd
[2012.01.12 21:04:37 | 001,320,979 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\beautiful-tree-wallpapers_28076_2560x1600.jpg
[2012.01.12 20:59:57 | 000,170,375 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.psd
[2012.01.12 20:59:33 | 000,054,503 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.png
[2012.01.12 20:47:32 | 000,193,502 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko copy.png
[2012.01.12 20:39:29 | 001,757,094 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko.psd
[2012.01.12 19:53:17 | 000,071,671 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\310816_211036362285068_100001361168147_512496_5434136_n.jpg
[2012.01.12 19:50:28 | 000,034,467 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\bean3.jpg
[2012.01.12 19:29:01 | 000,052,574 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\Bane_The_Dark_Knight_Rises.jpg
[2012.01.12 17:57:11 | 000,000,536 | -HS- | M] () -- C:\WINDOWS\0696139drv.spi
[2012.01.12 17:31:53 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Michal Logon.job
[2012.01.12 17:30:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.12 17:26:44 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\room_v3.dat
[2012.01.12 16:38:51 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\34845690.sys
[2012.01.12 16:21:22 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\keyset.dat
[2012.01.12 15:02:12 | 113,005,472 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\setup_11.0.0.1245.x01_2012_01_12_16_38.exe
[2012.01.11 22:46:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.01.11 22:32:06 | 004,377,322 | R--- | M] (Swearware) -- C:\Documents and Settings\Michal\Desktop\Beruska.com.exe
[2012.01.11 18:06:32 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michal\Desktop\tdsskiller.exe
[2012.01.11 17:50:38 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012.01.11 17:44:15 | 000,782,336 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\RogueKiller.exe
[2012.01.11 17:43:58 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\CKScanner.exe
[2012.01.11 16:27:24 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012.01.11 15:14:42 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\DVD Shrink 3.2.lnk
[2012.01.11 14:19:01 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.10 23:16:04 | 000,043,388 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\untitled.JPG
[2012.01.10 00:11:30 | 001,565,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.09 23:42:23 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\Photoshop.lnk
[2012.01.09 23:40:10 | 000,034,308 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2012.01.09 12:09:12 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\AVG PC Tuneup 2011.lnk
[2012.01.09 11:28:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.06 15:28:38 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012.01.06 01:13:22 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneDVD2.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.12 21:27:29 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.01.12 21:20:27 | 000,156,371 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo copy.jpg
[2012.01.12 21:20:18 | 004,605,679 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo.psd
[2012.01.12 21:04:43 | 001,320,979 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\beautiful-tree-wallpapers_28076_2560x1600.jpg
[2012.01.12 20:59:56 | 000,170,375 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.psd
[2012.01.12 20:59:29 | 000,054,503 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.png
[2012.01.12 20:47:20 | 000,193,502 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko copy.png
[2012.01.12 20:39:22 | 001,757,094 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko.psd
[2012.01.12 19:53:19 | 000,071,671 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\310816_211036362285068_100001361168147_512496_5434136_n.jpg
[2012.01.12 19:50:35 | 000,034,467 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\bean3.jpg
[2012.01.12 19:31:26 | 000,052,574 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\Bane_The_Dark_Knight_Rises.jpg
[2012.01.12 17:57:09 | 000,000,536 | -HS- | C] () -- C:\WINDOWS\0696139drv.spi
[2012.01.12 14:53:25 | 113,005,472 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\setup_11.0.0.1245.x01_2012_01_12_16_38.exe
[2012.01.11 22:46:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.01.11 22:46:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.01.11 22:44:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.11 22:44:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.11 22:44:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.11 22:44:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.11 22:44:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.11 17:49:29 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012.01.11 17:44:14 | 000,782,336 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\RogueKiller.exe
[2012.01.11 17:43:57 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\CKScanner.exe
[2012.01.10 23:16:03 | 000,043,388 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\untitled.JPG
[2012.01.09 23:42:23 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\Photoshop.lnk
[2012.01.09 23:40:10 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2012.01.09 23:39:04 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012.01.09 23:36:03 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012.01.09 23:33:42 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012.01.09 23:33:02 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012.01.09 23:29:52 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012.01.09 23:05:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2012.01.09 21:23:38 | 000,610,547 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\norway-fishing-holiday-1920x1080.jpg
[2012.01.09 12:09:18 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Michal Logon.job
[2012.01.09 12:09:12 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\AVG PC Tuneup 2011.lnk
[2012.01.09 11:28:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.06 15:28:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012.01.06 01:13:57 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012.01.06 01:13:22 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneDVD2.lnk
[2012.01.06 01:08:04 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\DVD Shrink 3.2.lnk
[2012.01.04 23:49:29 | 000,012,906 | ---- | C] () -- C:\Documents and Settings\Michal\Application Data\113.exe
[2012.01.04 23:49:27 | 000,012,906 | ---- | C] () -- C:\Documents and Settings\Michal\Application Data\111.exe
[2012.01.04 23:49:24 | 000,012,887 | ---- | C] () -- C:\Documents and Settings\Michal\Application Data\10F.exe
[2012.01.04 14:55:10 | 000,012,906 | ---- | C] () -- C:\Documents and Settings\Michal\Application Data\7.exe
[2012.01.03 22:50:54 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\Michal\Application Data\room_v3.dat
[2012.01.03 18:26:43 | 000,078,816 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2012.01.03 17:54:21 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.03 09:42:08 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe
[2012.01.03 09:42:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2012.01.03 09:27:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.01.03 09:20:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.01.03 01:06:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.01.03 01:04:57 | 001,565,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.03 00:44:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.04.13 19:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007.08.24 11:46:48 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007.07.04 22:28:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.07.04 22:28:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007.07.04 22:28:08 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.06.05 13:40:44 | 000,149,278 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006.12.30 21:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.08.18 03:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.18 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.18 03:00:00 | 000,455,710 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.18 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.18 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.18 03:00:00 | 000,075,684 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.18 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.18 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.18 03:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.18 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012.01.12 14:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2012.01.12 17:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.01.09 22:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\AVG
[2012.01.12 15:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\GarenaPlus
[2012.01.12 18:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\TS3Client
[2012.01.12 17:31:53 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Michal Logon.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: AGP440.SYS >
[2008.04.13 19:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.13 19:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 16:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.13 19:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008.04.13 19:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008.04.13 19:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.13 19:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.13 14:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.13 19:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.13 19:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.13 19:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.13 19:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.13 19:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.13 19:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.13 19:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.13 14:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.13 19:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: IASTOR.SYS >
[2008.12.14 08:42:56 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\004\iastor.sys

< MD5 for: ISAPNP.SYS >
[2008.04.13 19:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.13 14:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.13 19:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.13 19:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 14:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.13 14:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.13 19:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.13 19:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2008.12.14 08:42:53 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\NLDRV\003\nvatabus.sys
[2008.12.14 08:42:50 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=DC1F9954B5EDDD147AF7E5C420BE7B93 -- C:\WINDOWS\NLDRV\002\nvatabus.sys

< MD5 for: NVGTS.SYS >
[2008.12.14 08:43:08 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=37954CD1D0AFC11BECD149F7C3EC88C2 -- C:\WINDOWS\NLDRV\005\nvgts.sys
[2008.12.14 08:43:19 | 000,132,096 | ---- | M] (NVIDIA Corporation) MD5=A117466B0ACB13288DEEE4F2E936E67F -- C:\WINDOWS\NLDRV\007\nvgts.sys
[2008.12.14 08:43:13 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\WINDOWS\NLDRV\006\nvgts.sys

< MD5 for: NVRAID.SYS >
[2008.12.14 08:42:51 | 000,089,216 | ---- | M] (NVIDIA Corporation) MD5=9DCD6FDD6A84C4C466BAA88AB7FCE163 -- C:\WINDOWS\NLDRV\002\nvraid.sys
[2008.12.14 08:42:53 | 000,068,224 | ---- | M] (NVIDIA Corporation) MD5=A5C77D944410FADEE380FB20B432760D -- C:\WINDOWS\NLDRV\003\nvraid.sys

< MD5 for: NVRD32.SYS >
[2008.12.14 08:43:11 | 000,133,152 | ---- | M] (NVIDIA Corporation) MD5=BEF704AA9E17D176A46DDF77C6A52194 -- C:\WINDOWS\NLDRV\005\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2008.04.13 19:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.13 19:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.13 19:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.13 19:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.13 19:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.13 19:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.13 14:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.04.13 14:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.13 19:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.13 19:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2008.12.14 08:42:49 | 000,114,944 | ---- | M] (VIA Technologies inc,.ltd) MD5=1B7B0954AF54E716F697C511D68C150E -- C:\WINDOWS\NLDRV\001\viamraid.sys

< MD5 for: WINLOGON.EXE >
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.13 19:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.13 19:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.13 19:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.13 19:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2012.01.09 23:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012.01.03 09:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2012.01.11 15:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2012.01.09 23:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2012.01.12 14:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2012.01.09 11:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.09 23:00:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012.01.09 23:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012.01.12 17:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.01.12 20:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\Adobe
[2012.01.09 22:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\AVG
[2012.01.12 15:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\GarenaPlus
[2012.01.03 09:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\Identities
[2012.01.03 09:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\InstallShield
[2012.01.03 09:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\Macromedia
[2012.01.09 11:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\Malwarebytes
[2012.01.10 21:24:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Michal\Application Data\Microsoft
[2012.01.12 18:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\TS3Client
[2012.01.03 20:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\U3
[2012.01.04 14:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\vlc
[2012.01.06 00:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2012.01.04 23:49:24 | 000,012,887 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\10F.exe
[2012.01.04 23:49:27 | 000,012,906 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\111.exe
[2012.01.04 23:49:29 | 000,012,906 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\113.exe
[2012.01.04 14:55:10 | 000,012,906 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\7.exe
[2012.01.03 00:51:36 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{0AD37499-3D5D-12F0-EBEA-46EE9AD02DBF}\ARPPRODUCTICON.exe
[2012.01.03 00:51:57 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{174D7CC5-1117-29D3-8422-2E54ADF7DB5D}\ARPPRODUCTICON.exe
[2012.01.03 00:52:43 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{23894154-0961-CD0A-BAC0-67E6E96165C3}\ARPPRODUCTICON.exe
[2012.01.03 00:52:30 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{24DFAAD6-E1ED-F588-2AD5-2EA4FE9113AE}\ARPPRODUCTICON.exe
[2012.01.03 00:52:26 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{26886987-D038-7438-8DF2-ED3B1888E052}\ARPPRODUCTICON.exe
[2012.01.03 00:51:40 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{2C6D0ACD-DD2B-BFE5-A005-53AFD4AA3175}\ARPPRODUCTICON.exe
[2012.01.03 00:51:46 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{2D50DC1F-FCEC-D970-1DFB-E73CF2404451}\ARPPRODUCTICON.exe
[2012.01.03 00:52:42 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{306682DE-BB8E-CD56-9F6B-DE209469418A}\ARPPRODUCTICON.exe
[2012.01.03 00:52:39 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{310477AD-884B-736D-B2C8-7BE9433B243D}\ARPPRODUCTICON.exe
[2012.01.03 00:52:19 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{31814F2E-FA58-AFE8-DC97-3BD97F7191C2}\ARPPRODUCTICON.exe
[2012.01.03 00:52:18 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{354F7470-D8E3-95D0-3488-B9E32D5E9636}\ARPPRODUCTICON.exe
[2012.01.03 00:51:48 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{380FAC97-C47F-C5A9-2A51-DFF8DE144B37}\ARPPRODUCTICON.exe
[2012.01.03 00:52:35 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{407A5080-4B1C-A43D-9EED-A3B5EDBCF593}\ARPPRODUCTICON.exe
[2012.01.03 00:52:05 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{46FE06BF-2A08-9D00-ABFD-7F967817E275}\ARPPRODUCTICON.exe
[2012.01.03 00:51:18 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{4B50D80D-A482-DECD-B584-EB054EBA878A}\ARPPRODUCTICON.exe
[2012.01.03 00:51:54 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{5ABA84ED-D61B-257F-809F-A8C883865854}\ARPPRODUCTICON.exe
[2012.01.03 00:51:42 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{5B464CAC-76BD-BDBB-8066-318D05D171DF}\ARPPRODUCTICON.exe
[2012.01.03 00:51:59 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{5C7332EA-BFB9-24A0-BDD9-254F4B113E41}\ARPPRODUCTICON.exe
[2012.01.03 00:52:10 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{66B5F542-952C-F50D-BFF3-BCA582B65860}\ARPPRODUCTICON.exe
[2012.01.03 00:52:28 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{67213BA8-70C6-458D-9B64-4B93FB35E84B}\ARPPRODUCTICON.exe
[2012.01.03 00:52:33 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{6AA66ACB-E93C-C7CD-F303-D473AEC8A43E}\ARPPRODUCTICON.exe
[2012.01.03 00:51:50 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{6D5DC54D-B06E-32A8-A5D9-4978D7A75FA1}\ARPPRODUCTICON.exe
[2012.01.03 00:52:22 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{782BC438-2C73-77F4-F5B6-7ADC87F611BB}\ARPPRODUCTICON.exe
[2012.01.03 00:52:32 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{7BBA76B4-CC34-0AAB-6D48-BE0181E20832}\ARPPRODUCTICON.exe
[2012.01.03 00:52:03 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{7F311276-1CD6-1661-8BAE-DD9016FE9B8D}\ARPPRODUCTICON.exe
[2012.01.03 00:51:38 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{84C89CF4-F64E-6820-375C-24963DDF99C9}\ARPPRODUCTICON.exe
[2012.01.03 00:52:29 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{8C0D145D-EB41-E1DB-6250-0146B02CBA3A}\ARPPRODUCTICON.exe
[2012.01.03 00:52:25 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{8F5D6849-1A7E-B0B2-F1DE-C0FF21F9E78C}\ARPPRODUCTICON.exe
[2012.01.03 00:52:01 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{944DA8EF-FD4E-1FD9-D88A-B22D78913BE6}\ARPPRODUCTICON.exe
[2012.01.03 00:51:44 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{97F5E039-D2F5-18C0-F0C9-6981F73514CC}\ARPPRODUCTICON.exe
[2012.01.03 00:52:21 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{A35D49A6-F3CF-87AA-6FF1-777D8A06BAB1}\ARPPRODUCTICON.exe
[2012.01.03 00:52:14 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{B2CEACB9-7690-30B5-D80A-B138DB4F0E37}\ARPPRODUCTICON.exe
[2012.01.03 00:52:37 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{D26970AA-C66F-142F-7C66-A73FC3546F57}\ARPPRODUCTICON.exe
[2012.01.03 00:52:07 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{D88DB576-0989-879A-38B1-7ED6224B2F52}\ARPPRODUCTICON.exe
[2012.01.03 00:52:17 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{D8B87EBC-12C2-D4FC-F085-A062D4906216}\ARPPRODUCTICON.exe
[2012.01.03 00:52:24 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{E2A05D36-56EF-84FC-E7D7-090D6E5F09BC}\ARPPRODUCTICON.exe
[2012.01.03 00:51:52 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{E4DA4D2C-F57F-782E-752E-9286E5713297}\ARPPRODUCTICON.exe
[2012.01.03 00:52:36 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{E4E118EF-5286-915B-7DBD-D931AB9AF200}\ARPPRODUCTICON.exe
[2012.01.03 00:52:45 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{E5B85BE7-55B5-0A14-7634-FEF92BCB87FB}\ARPPRODUCTICON.exe
[2012.01.03 00:52:12 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{F384BD83-C317-94DA-A4AB-3E75E43F4F8C}\ARPPRODUCTICON.exe
[2012.01.03 00:52:40 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{F622BE4A-363F-F2B6-1F98-54E5E99B1750}\ARPPRODUCTICON.exe
[2012.01.03 00:52:15 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Michal\Application Data\Microsoft\Installer\{F6D39840-BB27-A191-BDF2-1841CA805D24}\ARPPRODUCTICON.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Michal\Application Data\U3\temp\Launchpad Removal.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2012.01.03 01:03:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.01.03 01:03:56 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.01.03 01:03:55 | 000,921,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >
[2012.01.12 16:38:51 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\system32\drivers\34845690.sys
[2012.01.11 17:50:38 | 000,111,872 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys

< %systemroot%\system32\*.* /3 >
[2012.01.09 23:40:10 | 000,034,308 | ---- | M] () -- C:\WINDOWS\system32\BASSMOD.dll
[2012.01.10 00:11:30 | 001,565,328 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.01.12 21:27:29 | 000,000,512 | ---- | M] () MD5=421298B565E27DB289CF478C9A72786E -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 12. 1. 2012 21:25:53 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michal\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

447,20 Mb Total Physical Memory | 124,15 Mb Available Physical Memory | 27,76% Memory free
1,03 Gb Paging File | 0,66 Gb Available in Paging File | 63,71% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 53,25 Gb Free Space | 71,45% Space Free | Partition Type: NTFS

Computer Name: ALLA | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1644491937-1935655697-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Garena Plus\Room\garena_room.exe" = C:\Program Files\Garena Plus\Room\garena_room.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003C932A-0064-B581-3935-284D2CE76A89}" = Catalyst Control Center Core Implementation
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AD37499-3D5D-12F0-EBEA-46EE9AD02DBF}" = Catalyst Control Center Localization German
"{174D7CC5-1117-29D3-8422-2E54ADF7DB5D}" = Catalyst Control Center Localization Norwegian
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1E0E1039-E45D-7EA2-E377-E00C2857E0C2}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A1D4A5-3D9B-9434-4F97-40367BDF4E47}" = Catalyst Control Center Graphics Full New
"{23894154-0961-CD0A-BAC0-67E6E96165C3}" = CCC Help Chinese Standard
"{24DFAAD6-E1ED-F588-2AD5-2EA4FE9113AE}" = CCC Help Korean
"{26886987-D038-7438-8DF2-ED3B1888E052}" = CCC Help Hungarian
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C6D0ACD-DD2B-BFE5-A005-53AFD4AA3175}" = Catalyst Control Center Localization Spanish
"{2D50DC1F-FCEC-D970-1DFB-E73CF2404451}" = Catalyst Control Center Localization Hungarian
"{306682DE-BB8E-CD56-9F6B-DE209469418A}" = CCC Help Turkish
"{310477AD-884B-736D-B2C8-7BE9433B243D}" = CCC Help Swedish
"{31814F2E-FA58-AFE8-DC97-3BD97F7191C2}" = CCC Help Greek
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{354F7470-D8E3-95D0-3488-B9E32D5E9636}" = CCC Help German
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{380FAC97-C47F-C5A9-2A51-DFF8DE144B37}" = Catalyst Control Center Localization Italian
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{407A5080-4B1C-A43D-9EED-A3B5EDBCF593}" = CCC Help Polish
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{46FE06BF-2A08-9D00-ABFD-7F967817E275}" = Catalyst Control Center Localization Swedish
"{4B50D80D-A482-DECD-B584-EB054EBA878A}" = ccc-core-preinstall
"{4B8ACECB-D518-99AA-B1F3-E79F905A83EE}" = Catalyst Control Center Localization Czech
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5ABA84ED-D61B-257F-809F-A8C883865854}" = Catalyst Control Center Localization Dutch
"{5B464CAC-76BD-BDBB-8066-318D05D171DF}" = Catalyst Control Center Localization Finnish
"{5C7332EA-BFB9-24A0-BDD9-254F4B113E41}" = Catalyst Control Center Localization Polish
"{6426C1E8-ADD6-F91F-C152-2ABB7AB25F9F}" = Catalyst Control Center Graphics Full Existing
"{66B5F542-952C-F50D-BFF3-BCA582B65860}" = Catalyst Control Center Localization Turkish
"{67213BA8-70C6-458D-9B64-4B93FB35E84B}" = CCC Help Italian
"{6AA66ACB-E93C-C7CD-F303-D473AEC8A43E}" = CCC Help Norwegian
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D5DC54D-B06E-32A8-A5D9-4978D7A75FA1}" = Catalyst Control Center Localization Japanese
"{6DC712D0-A8AE-70EE-215D-ECE5DB29782C}" = Skins
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{782BC438-2C73-77F4-F5B6-7ADC87F611BB}" = CCC Help Spanish
"{791A19F4-E4E5-F4B0-7687-F5D1C4FF799A}" = Catalyst Control Center Graphics Light
"{7BBA76B4-CC34-0AAB-6D48-BE0181E20832}" = CCC Help Dutch
"{7F311276-1CD6-1661-8BAE-DD9016FE9B8D}" = Catalyst Control Center Localization Russian
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{84C89CF4-F64E-6820-375C-24963DDF99C9}" = Catalyst Control Center Localization Greek
"{8C0D145D-EB41-E1DB-6250-0146B02CBA3A}" = CCC Help Japanese
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F5D6849-1A7E-B0B2-F1DE-C0FF21F9E78C}" = CCC Help French
"{90140000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2010
"{90140000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2010
"{90140000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2010
"{90140000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2010
"{90140000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2010
"{90140000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2010
"{90140000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2010
"{90140000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2010
"{90140000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2010
"{90140000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{944DA8EF-FD4E-1FD9-D88A-B22D78913BE6}" = Catalyst Control Center Localization Portuguese
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97F5E039-D2F5-18C0-F0C9-6981F73514CC}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9E684286-287F-AE06-6909-31A0944A9B4F}" = Catalyst Control Center Localization Danish
"{A0CE9CC5-B17D-3FD5-20B9-A2509B475A20}" = ccc-utility
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A35D49A6-F3CF-87AA-6FF1-777D8A06BAB1}" = CCC Help English
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2CEACB9-7690-30B5-D80A-B138DB4F0E37}" = Catalyst Control Center Localization Chinese Traditional
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D26970AA-C66F-142F-7C66-A73FC3546F57}" = CCC Help Russian
"{D88DB576-0989-879A-38B1-7ED6224B2F52}" = Catalyst Control Center Localization Thai
"{D8B87EBC-12C2-D4FC-F085-A062D4906216}" = CCC Help Danish
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2A05D36-56EF-84FC-E7D7-090D6E5F09BC}" = CCC Help Finnish
"{E4DA4D2C-F57F-782E-752E-9286E5713297}" = Catalyst Control Center Localization Korean
"{E4E118EF-5286-915B-7DBD-D931AB9AF200}" = CCC Help Portuguese
"{E5B85BE7-55B5-0A14-7634-FEF92BCB87FB}" = CCC Help Chinese Traditional
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F384BD83-C317-94DA-A4AB-3E75E43F4F8C}" = Catalyst Control Center Localization Chinese Standard
"{F622BE4A-363F-F2B6-1F98-54E5E99B1750}" = CCC Help Thai
"{F6D39840-BB27-A191-BDF2-1841CA805D24}" = CCC Help Czech
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"DVD Shrink_is1" = DVD Shrink 3.2
"im" = Garena Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.60.0.1800
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1644491937-1935655697-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12. 1. 2012 19:41:01 | Computer Name = ALLA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12. 1. 2012 21:21:05 | Computer Name = ALLA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12. 1. 2012 21:21:06 | Computer Name = ALLA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12. 1. 2012 21:30:59 | Computer Name = ALLA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12. 1. 2012 21:30:59 | Computer Name = ALLA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12. 1. 2012 21:37:34 | Computer Name = ALLA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12. 1. 2012 21:37:34 | Computer Name = ALLA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12. 1. 2012 23:12:36 | Computer Name = ALLA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12. 1. 2012 23:31:38 | Computer Name = ALLA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 13. 1. 2012 0:43:46 | Computer Name = ALLA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

[ System Events ]
Error - 12. 1. 2012 22:38:21 | Computer Name = ALLA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12. 1. 2012 22:38:25 | Computer Name = ALLA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12. 1. 2012 22:38:29 | Computer Name = ALLA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12. 1. 2012 22:38:33 | Computer Name = ALLA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12. 1. 2012 22:38:37 | Computer Name = ALLA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12. 1. 2012 22:38:42 | Computer Name = ALLA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12. 1. 2012 22:38:46 | Computer Name = ALLA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12. 1. 2012 22:38:50 | Computer Name = ALLA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12. 1. 2012 22:38:58 | Computer Name = ALLA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12. 1. 2012 22:38:58 | Computer Name = ALLA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

< End of report >

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
DRV - [2012.01.12 17:57:11 | 000,000,536 | -HS- | M] () [File_System | Unknown | Running] -- C:\WINDOWS\0696139drv.spi -- (0696139drv)
DRV - [2012.01.12 16:38:51 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\34845690.sys -- (34845690)
[2012.01.04 23:49:24 | 000,012,887 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\10F.exe
[2012.01.04 23:49:27 | 000,012,906 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\111.exe
[2012.01.04 23:49:29 | 000,012,906 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\113.exe
[2012.01.04 14:55:10 | 000,012,906 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\7.exe
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

:services
ydqgn

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=-
"Malwarebytes Anti-Malware (cleanup)"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft DLL Registaation"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Windows Task Services"=-

:files
C:\Documents and Settings\Michal\Application Data\1FA.exe
C:\Documents and Settings\Michal\Application Data\regsrv33.exe
C:\WINDOWS\System32\drivers\mjkaqej.sys
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Error: No service named 0696139drv was found to stop!
Service\Driver key 0696139drv not found.
C:\WINDOWS\0696139drv.spi moved successfully.
Error: No service named 34845690 was found to stop!
Service\Driver key 34845690 not found.
File C:\WINDOWS\system32\DRIVERS\34845690.sys not found.
C:\Documents and Settings\Michal\Application Data\10F.exe moved successfully.
C:\Documents and Settings\Michal\Application Data\111.exe moved successfully.
C:\Documents and Settings\Michal\Application Data\113.exe moved successfully.
C:\Documents and Settings\Michal\Application Data\7.exe moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
========== SERVICES/DRIVERS ==========
Error: No service named ydqgn was found to stop!
Service\Driver key ydqgn not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft DLL Registaation deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\Windows Task Services deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Michal\Application Data\1FA.exe not found.
C:\Documents and Settings\Michal\Application Data\regsrv33.exe moved successfully.
File\Folder C:\WINDOWS\System32\drivers\mjkaqej.sys not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Michal
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 347697 bytes
->Google Chrome cache emptied: 350767188 bytes
->Flash cache emptied: 1827 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 19554304 bytes

Total Files Cleaned = 354,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Michal
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01132012_165114

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Zkuste prosim nyni spustit ComboFix

Cez normálny režim combofix zamrzol cca 5 minut po spustení a na safe mod +networking s názvom Beruska.com zamrzol notebook cca po 15 minutách... + vo windows procesoch sa mi opeť objavil proec 18D.exe (pred byvavali 1.exe 4.exe 14.exe, atd. a tiež proces regsrv33.exe ktory sa mi ukazoval aj predtym...

Odnekud se to obnovuje, poprosim o novy log z RSIT

Inak veľa krat sa mi aj stava ked pred vypnutím pc vypnem v ccleanerovi proces ctfmon.exe tak po zapnuti pc opeť ho mam zapnuty...
nech sa pači tu je log

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal at 2012-01-13 18:39:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (69%) free of 76 GB
Total RAM: 447 MB (48% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Michal Logon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"ACU"=C:\Program Files\Atheros\ACU.exe [2007-05-03 376921]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\18D.exe [2012-01-12 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\18D.exe [2012-01-12 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\18D.exe [2012-01-12 368640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\18D.exe [2012-01-12 368640]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Microsoft DLL Registaation"=C:\Documents and Settings\Michal\Application Data\regsrv33.exe [2012-01-13 8704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\18D.exe [2012-01-12 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
C:\Program Files\ASUS\Splendid\ACMON.exe [2007-07-10 851968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\WINDOWS\ASScrProlog.exe [2012-01-03 37232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30 51768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2007-07-04 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-08-23 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-12-24 460872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (cleanup)]
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll [2011-12-24 1080904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-04 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Windows Task Services - C:\Documents and Settings\Michal\Application Data\18D.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Garena Plus\Room\garena_room.exe"="C:\Program Files\Garena Plus\Room\garena_room.exe:*:Enabled:Garena"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-01-13 18:29:10 ----A---- C:\Documents and Settings\Michal\Application Data\regsrv33.exe
2012-01-13 18:10:31 ----SD---- C:\Beruska.com29458B
2012-01-13 18:09:29 ----A---- C:\WINDOWS\ntbtlog.txt
2012-01-13 16:51:14 ----D---- C:\_OTL
2012-01-13 12:10:10 ----A---- C:\Documents and Settings\Michal\Application Data\2.exe
2012-01-13 08:30:00 ----A---- C:\Documents and Settings\Michal\Application Data\1.exe
2012-01-12 22:15:15 ----A---- C:\Documents and Settings\Michal\Application Data\18D.exe
2012-01-12 15:33:20 ----D---- C:\WINDOWS\Temp
2012-01-12 14:22:42 ----SD---- C:\Beruska.com
2012-01-12 14:21:29 ----SHD---- C:\WINDOWS\CSC
2012-01-11 22:46:18 ----A---- C:\Boot.bak
2012-01-11 22:46:13 ----RASHD---- C:\cmdcons
2012-01-11 22:44:42 ----A---- C:\WINDOWS\zip.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\SWSC.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\SWREG.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\sed.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\PEV.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\NIRCMD.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\MBR.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\grep.exe
2012-01-11 22:44:37 ----D---- C:\WINDOWS\ERDNT
2012-01-11 22:44:32 ----D---- C:\Qoobox
2012-01-11 18:06:54 ----A---- C:\TDSSKiller.2.7.0.0_11.01.2012_18.06.54_log.txt
2012-01-11 17:49:29 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2012-01-09 23:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2012-01-09 23:40:10 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2012-01-09 23:37:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-01-09 23:36:56 ----D---- C:\Program Files\Bonjour
2012-01-09 23:28:52 ----D---- C:\Program Files\Adobe
2012-01-09 23:28:14 ----D---- C:\Program Files\Common Files\Macrovision Shared
2012-01-09 23:27:09 ----D---- C:\Program Files\Common Files\Adobe
2012-01-09 23:05:41 ----A---- C:\WINDOWS\system32\srvany.exe
2012-01-09 23:02:21 ----D---- C:\Program Files\Common Files\DESIGNER
2012-01-09 23:02:13 ----D---- C:\Program Files\MSBuild
2012-01-09 23:00:56 ----D---- C:\Program Files\Microsoft Sync Framework
2012-01-09 22:59:56 ----D---- C:\Program Files\Microsoft Visual Studio 8
2012-01-09 22:58:08 ----D---- C:\Program Files\Microsoft Analysis Services
2012-01-09 22:57:51 ----D---- C:\WINDOWS\SHELLNEW
2012-01-09 22:57:00 ----D---- C:\Program Files\Microsoft Office
2012-01-09 22:56:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-01-09 22:56:41 ----RHD---- C:\MSOCache
2012-01-09 12:10:43 ----D---- C:\Documents and Settings\Michal\Application Data\AVG
2012-01-09 12:09:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2012-01-09 12:09:07 ----D---- C:\Program Files\AVG
2012-01-09 11:53:19 ----D---- C:\Program Files\trend micro
2012-01-09 11:53:16 ----D---- C:\rsit
2012-01-09 11:29:11 ----D---- C:\Documents and Settings\Michal\Application Data\Malwarebytes
2012-01-09 11:28:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-01-09 11:28:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-09 11:28:31 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-01-06 15:28:38 ----A---- C:\WINDOWS\WORDPAD.INI
2012-01-06 01:13:18 ----D---- C:\Program Files\Elaborate Bytes
2012-01-06 01:08:04 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2012-01-06 01:08:03 ----D---- C:\Program Files\DVD Shrink
2012-01-06 00:47:38 ----D---- C:\Documents and Settings\Michal\Application Data\WinRAR
2012-01-06 00:46:52 ----D---- C:\Program Files\WinRAR
2012-01-04 14:11:54 ----D---- C:\Documents and Settings\Michal\Application Data\vlc
2012-01-03 22:50:54 ----A---- C:\Documents and Settings\Michal\Application Data\room_v3.dat
2012-01-03 22:18:56 ----D---- C:\Documents and Settings\Michal\Application Data\GarenaPlus
2012-01-03 22:17:58 ----D---- C:\Program Files\Garena Plus
2012-01-03 22:17:56 ----D---- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
2012-01-03 22:05:35 ----D---- C:\Documents and Settings\Michal\Application Data\TS3Client
2012-01-03 22:00:43 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-01-03 21:58:29 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2012-01-03 21:58:28 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2012-01-03 21:58:27 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2012-01-03 21:58:24 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2012-01-03 21:58:23 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2012-01-03 21:58:22 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2012-01-03 21:58:22 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2012-01-03 21:58:21 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2012-01-03 21:58:21 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2012-01-03 21:58:20 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2012-01-03 21:58:19 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2012-01-03 21:58:19 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2012-01-03 21:58:18 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2012-01-03 21:58:18 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2012-01-03 21:58:17 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2012-01-03 21:58:17 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2012-01-03 21:58:15 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2012-01-03 21:58:13 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2012-01-03 21:58:13 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2012-01-03 21:58:13 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2012-01-03 21:58:12 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2012-01-03 21:58:12 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2012-01-03 21:58:11 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2012-01-03 21:58:10 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2012-01-03 21:58:10 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2012-01-03 21:58:09 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2012-01-03 21:58:09 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2012-01-03 21:58:08 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2012-01-03 21:58:08 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2012-01-03 21:58:07 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2012-01-03 21:58:06 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2012-01-03 21:58:06 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2012-01-03 21:58:05 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2012-01-03 21:58:05 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2012-01-03 21:58:05 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2012-01-03 21:58:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2012-01-03 21:58:03 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2012-01-03 21:58:02 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2012-01-03 21:58:02 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2012-01-03 21:58:00 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2012-01-03 21:57:59 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2012-01-03 21:57:58 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2012-01-03 21:57:58 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2012-01-03 21:57:57 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2012-01-03 21:57:56 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2012-01-03 21:57:56 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2012-01-03 21:57:55 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2012-01-03 21:57:55 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2012-01-03 21:57:54 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2012-01-03 21:57:53 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2012-01-03 21:57:51 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2012-01-03 21:57:50 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2012-01-03 21:57:50 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2012-01-03 21:57:48 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2012-01-03 21:57:48 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2012-01-03 21:57:47 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2012-01-03 21:57:46 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2012-01-03 21:57:45 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2012-01-03 21:57:45 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2012-01-03 21:57:45 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2012-01-03 21:57:44 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2012-01-03 21:57:44 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2012-01-03 21:57:43 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2012-01-03 21:57:43 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2012-01-03 21:57:42 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2012-01-03 21:57:30 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2012-01-03 21:57:29 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2012-01-03 21:57:29 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2012-01-03 21:57:28 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2012-01-03 21:57:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2012-01-03 21:57:24 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2012-01-03 21:57:23 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2012-01-03 21:57:22 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2012-01-03 21:57:21 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2012-01-03 21:57:18 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2012-01-03 21:56:53 ----D---- C:\WINDOWS\Logs
2012-01-03 18:26:43 ----A---- C:\WINDOWS\War3Unin.dat
2012-01-03 18:26:42 ----A---- C:\WINDOWS\War3Unin.pif
2012-01-03 18:26:42 ----A---- C:\WINDOWS\War3Unin.exe
2012-01-03 18:25:27 ----D---- C:\Program Files\Warcraft III
2012-01-03 18:20:13 ----D---- C:\Documents and Settings\Michal\Application Data\U3
2012-01-03 17:55:27 ----D---- C:\Program Files\VideoLAN
2012-01-03 09:43:51 ----A---- C:\WINDOWS\system32\acs.exe
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wsimd.sys
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wsimd.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wsfwDS.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wgapi.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wcapiU.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wcapi.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\dsaNac.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\dsa.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\drivers\wsimd.sys
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20U.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20resU.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20res.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20.dll
2012-01-03 09:43:37 ----D---- C:\Program Files\Atheros
2012-01-03 09:43:28 ----A---- C:\WINDOWS\system32\drivers\ar5211.sys
2012-01-03 09:43:28 ----A---- C:\WINDOWS\system32\ar5211.sys
2012-01-03 09:43:07 ----D---- C:\Documents and Settings\All Users\Application Data\Atheros
2012-01-03 09:42:39 ----D---- C:\Program Files\Wireless Console 2
2012-01-03 09:42:08 ----A---- C:\WINDOWS\ASUS Camera ScreenSaver.exe
2012-01-03 09:42:08 ----A---- C:\WINDOWS\ASUS Camera ScreenSaver Uninstaller.exe
2012-01-03 09:42:08 ----A---- C:\WINDOWS\ASScrProlog.exe
2012-01-03 09:42:07 ----A---- C:\WINDOWS\Asus_Camera_ScreenSaver.scr
2012-01-03 09:42:06 ----D---- C:\WINDOWS\Asus_Camera_ScreenSaver dir
2012-01-03 09:42:06 ----D---- C:\Documents and Settings\Michal\Application Data\Macromedia
2012-01-03 09:42:06 ----A---- C:\WINDOWS\impborl.dll
2012-01-03 09:42:06 ----A---- C:\WINDOWS\flashax.exe
2012-01-03 09:41:45 ----A---- C:\WINDOWS\system32\ACEngSvr.exe
2012-01-03 09:40:51 ----SHD---- C:\RECYCLER
2012-01-03 09:40:12 ----D---- C:\Program Files\ASUS
2012-01-03 09:40:06 ----D---- C:\Program Files\Common Files\InstallShield
2012-01-03 09:39:11 ----D---- C:\Program Files\ATK Hotkey
2012-01-03 09:39:10 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-03 09:39:04 ----D---- C:\Documents and Settings\Michal\Application Data\InstallShield
2012-01-03 09:36:58 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2012-01-03 09:33:55 ----D---- C:\Documents and Settings\Michal\Application Data\Identities
2012-01-03 09:33:54 ----HD---- C:\Program Files\Uninstall Information
2012-01-03 09:32:12 ----ASH---- C:\Documents and Settings\Michal\Application Data\desktop.ini
2012-01-03 09:32:11 ----SD---- C:\Documents and Settings\Michal\Application Data\Microsoft
2012-01-03 09:29:09 ----D---- C:\WINDOWS\SoftwareDistribution
2012-01-03 09:29:08 ----D---- C:\WINDOWS\Prefetch
2012-01-03 09:29:07 ----SD---- C:\WINDOWS\system32\Microsoft
2012-01-03 09:29:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-03 09:27:30 ----AS---- C:\WINDOWS\bootstat.dat
2012-01-03 09:25:00 ----D---- C:\WINDOWS\system32\xircom
2012-01-03 09:25:00 ----D---- C:\Program Files\xerox
2012-01-03 09:25:00 ----D---- C:\Program Files\microsoft frontpage
2012-01-03 09:24:35 ----RASH---- C:\MSDOS.SYS
2012-01-03 09:24:35 ----RASH---- C:\IO.SYS
2012-01-03 09:24:35 ----A---- C:\WINDOWS\control.ini
2012-01-03 09:24:35 ----A---- C:\CONFIG.SYS
2012-01-03 09:24:35 ----A---- C:\AUTOEXEC.BAT
2012-01-03 09:24:13 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-01-03 09:23:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-01-03 09:23:06 ----RD---- C:\WINDOWS\Offline Web Pages
2012-01-03 09:22:54 ----HD---- C:\Program Files\WindowsUpdate
2012-01-03 09:22:25 ----D---- C:\WINDOWS\system32\DirectX
2012-01-03 09:22:19 ----A---- C:\WINDOWS\system32\atrace.dll
2012-01-03 09:22:15 ----A---- C:\WINDOWS\system32\desktop.ini
2012-01-03 09:22:15 ----A---- C:\WINDOWS\desktop.ini
2012-01-03 09:22:08 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2012-01-03 09:22:07 ----A---- C:\WINDOWS\system32\acctres.dll
2012-01-03 09:22:06 ----D---- C:\Program Files\Common Files\Services
2012-01-03 09:22:04 ----SD---- C:\WINDOWS\Tasks
2012-01-03 09:22:04 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2012-01-03 09:22:03 ----D---- C:\Program Files\Common Files\MSSoap
2012-01-03 09:21:58 ----D---- C:\WINDOWS\srchasst
2012-01-03 09:21:57 ----D---- C:\WINDOWS\system32\Macromed
2012-01-03 09:21:54 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-01-03 09:21:54 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-01-03 09:21:54 ----A---- C:\WINDOWS\system32\wuauserv.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wups.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\qmgr.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2012-01-03 09:21:46 ----D---- C:\Program Files\Movie Maker
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\racpldlg.dll
2012-01-03 09:21:23 ----A---- C:\WINDOWS\system32\fltMc.exe
2012-01-03 09:21:23 ----A---- C:\WINDOWS\system32\fltlib.dll
2012-01-03 09:21:23 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2012-01-03 09:21:22 ----D---- C:\WINDOWS\system32\Restore
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\srsvc.dll
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\srrstr.dll
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\srclient.dll
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\msconf.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\mnmdd.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\ils.dll
2012-01-03 09:21:18 ----D---- C:\Program Files\NetMeeting
2012-01-03 09:21:18 ----A---- C:\WINDOWS\system32\msoert2.dll
2012-01-03 09:21:18 ----A---- C:\WINDOWS\system32\msoeacct.dll
2012-01-03 09:21:16 ----A---- C:\WINDOWS\system32\inetres.dll
2012-01-03 09:21:16 ----A---- C:\WINDOWS\system32\inetcomm.dll
2012-01-03 09:21:13 ----D---- C:\Program Files\Outlook Express
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\schedsvc.dll
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\mstinit.exe
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\mstask.dll
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\icwphbk.dll
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\icwdial.dll
2012-01-03 09:21:12 ----A---- C:\WINDOWS\system32\isign32.dll
2012-01-03 09:21:12 ----A---- C:\WINDOWS\system32\inetcfg.dll
2012-01-03 09:21:06 ----D---- C:\Program Files\Common Files\System
2012-01-03 09:21:00 ----D---- C:\Program Files\Internet Explorer
2012-01-03 09:20:30 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2012-01-03 09:20:12 ----D---- C:\Program Files\ComPlus Applications
2012-01-03 09:20:08 ----A---- C:\WINDOWS\vbaddin.ini
2012-01-03 09:20:08 ----A---- C:\WINDOWS\vb.ini
2012-01-03 09:20:00 ----D---- C:\WINDOWS\Registration
2012-01-03 09:19:49 ----D---- C:\Program Files\Online Services
2012-01-03 09:19:48 ----D---- C:\Program Files\Windows Media Player
2012-01-03 09:19:36 ----D---- C:\Program Files\Messenger
2012-01-03 09:19:32 ----D---- C:\Program Files\MSN Gaming Zone
2012-01-03 09:19:32 ----A---- C:\WINDOWS\system32\write.exe
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\hticons.dll
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\avwav.dll
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\avtapi.dll
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\avmeter.dll
2012-01-03 09:19:22 ----A---- C:\WINDOWS\system32\winchat.exe
2012-01-03 09:19:16 ----A---- C:\WINDOWS\system32\charmap.exe
2012-01-03 09:19:16 ----A---- C:\WINDOWS\system32\getuname.dll
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\winmine.exe
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\sol.exe
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\calc.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tslabels.ini
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tskill.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tscon.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\shadow.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\rwinsta.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\reset.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\regini.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\freecell.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\qwinsta.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\qappsrv.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\msg.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\logoff.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\cdmodem.dll
2012-01-03 09:19:07 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2012-01-03 09:18:49 ----D---- C:\Program Files\MSN
2012-01-03 09:18:48 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-01-03 09:18:48 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-01-03 09:18:48 ----A---- C:\WINDOWS\system32\accwiz.exe
2012-01-03 09:18:47 ----D---- C:\Program Files\Windows NT
2012-01-03 09:18:47 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-01-03 09:18:47 ----A---- C:\WINDOWS\system32\hypertrm.dll
2012-01-03 09:18:46 ----A---- C:\WINDOWS\system32\spider.exe
2012-01-03 09:18:46 ----A---- C:\WINDOWS\system32\clipbrd.exe
2012-01-03 09:18:45 ----D---- C:\WINDOWS\system32\en-US
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\tsgqec.dll
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-01-03 09:18:44 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2012-01-03 09:18:44 ----A---- C:\WINDOWS\system32\aaclient.dll
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\remotepg.dll
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\rdshost.exe
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\mstscax.dll
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\mstsc.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\termsrv.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\sessmgr.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdpclip.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdchost.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\qprocess.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\icaapi.dll
2012-01-03 09:18:41 ----D---- C:\WINDOWS\system32\MsDtc
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\mtxoci.dll
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\xolehlp.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\msdtctm.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\msdtclog.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\msdtc.exe
2012-01-03 09:18:39 ----D---- C:\WINDOWS\system32\Com
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\mtxex.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\mtxdm.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\comrepl.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\comaddin.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\colbact.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\stclient.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\clbcatex.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\catsrvut.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\catsrvps.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\catsrv.dll
2012-01-03 09:18:37 ----A---- C:\WINDOWS\system32\comuid.dll
2012-01-03 09:18:37 ----A---- C:\WINDOWS\system32\comsvcs.dll
2012-01-03 09:18:37 ----A---- C:\WINDOWS\system32\comsnap.dll
2012-01-03 09:18:36 ----A---- C:\WINDOWS\system32\clbcatq.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\servdeps.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\mmfutil.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\licwmi.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\cmprops.dll
2012-01-03 09:18:23 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2012-01-03 09:18:22 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2012-01-03 01:32:04 ----D---- C:\Program Files\Microsoft.NET
2012-01-03 01:19:24 ----A---- C:\moduleName.txt
2012-01-03 01:12:52 ----A---- C:\WINDOWS\system32\h323log.txt
2012-01-03 01:10:59 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2012-01-03 01:09:51 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2012-01-03 01:08:50 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2012-01-03 01:08:35 ----A---- C:\WINDOWS\system32\usbui.dll
2012-01-03 01:07:59 ----A---- C:\WINDOWS\system32\drivers\compbatt.sys
2012-01-03 01:07:58 ----A---- C:\WINDOWS\system32\drivers\CmBatt.sys
2012-01-03 01:07:58 ----A---- C:\WINDOWS\system32\drivers\battc.sys
2012-01-03 01:06:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-03 01:06:35 ----SHD---- C:\WINDOWS\Installer
2012-01-03 01:06:34 ----D---- C:\Program Files\Common Files\ODBC
2012-01-03 01:06:34 ----A---- C:\WINDOWS\ODBCINST.INI
2012-01-03 01:06:30 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-01-03 01:06:29 ----RD---- C:\Program Files
2012-01-03 01:06:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-01-03 01:06:29 ----D---- C:\Program Files\Common Files
2012-01-03 01:06:26 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2012-01-03 01:06:26 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2012-01-03 01:06:26 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdur.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdru.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2012-01-03 01:06:20 ----RA---- C:\WINDOWS\system32\kbdest.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdro.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\irclass.dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2012-01-03 01:06:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2012-01-03 01:06:10 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2012-01-03 01:06:10 ----A---- C:\WINDOWS\system32\batt.dll
2012-01-03 01:06:09 ----A---- C:\WINDOWS\NOTEPAD.EXE
2012-01-03 01:06:06 ----A---- C:\WINDOWS\system32\storprop.dll
2012-01-03 01:05:55 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2012-01-03 01:05:36 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-03 01:05:36 ----D---- C:\WINDOWS\system32\CatRoot
2012-01-03 01:05:30 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-01-03 01:04:58 ----SHD---- C:\System Volume Information
2012-01-03 01:04:58 ----D---- C:\Documents and Settings
2012-01-03 01:04:57 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-01-03 01:03:57 ----RASH---- C:\boot.ini
2012-01-03 01:03:33 ----D---- C:\Documents and Settings\Michal\Application Data\Adobe
2012-01-03 00:59:11 ----D---- C:\Program Files\CCleaner
2012-01-03 00:58:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-03 00:58:29 ----RSD---- C:\WINDOWS\Fonts
2012-01-03 00:58:29 ----RD---- C:\WINDOWS\Web
2012-01-03 00:58:29 ----HD---- C:\WINDOWS\inf
2012-01-03 00:58:29 ----D---- C:\WINDOWS\WinSxS
2012-01-03 00:58:29 ----D---- C:\WINDOWS\twain_32
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\wins
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\wbem
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\usmt
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\spool
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\ShellExt
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\Setup
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\scripting
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\ras
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\oobe
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\npp
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\mui
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\inetsrv
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\IME
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\icsxml
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\ias
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\export
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\en
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\drivers\etc
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\drivers\disdn
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\drivers
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\dhcp
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\config
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\3com_dmi
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\3076
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\2052
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1054
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1042
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1041
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1037
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1033
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1031
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1028
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1025
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system
2012-01-03 00:58:29 ----D---- C:\WINDOWS\security
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Resources
2012-01-03 00:58:29 ----D---- C:\WINDOWS\repair
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Provisioning
2012-01-03 00:58:29 ----D---- C:\WINDOWS\pchealth
2012-01-03 00:58:29 ----D---- C:\WINDOWS\PeerNet
2012-01-03 00:58:29 ----D---- C:\WINDOWS\NLDRV
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Network Diagnostic
2012-01-03 00:58:29 ----D---- C:\WINDOWS\mui
2012-01-03 00:58:29 ----D---- C:\WINDOWS\msapps
2012-01-03 00:58:29 ----D---- C:\WINDOWS\msagent
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Media
2012-01-03 00:58:29 ----D---- C:\WINDOWS\L2Schemas
2012-01-03 00:58:29 ----D---- C:\WINDOWS\java
2012-01-03 00:58:29 ----D---- C:\WINDOWS\ime
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Help
2012-01-03 00:58:29 ----D---- C:\WINDOWS\ehome
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Driver Cache
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Debug
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Cursors
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Connection Wizard
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Config
2012-01-03 00:58:29 ----D---- C:\WINDOWS\AppPatch
2012-01-03 00:58:29 ----D---- C:\WINDOWS\addins
2012-01-03 00:58:29 ----D---- C:\WINDOWS
2012-01-03 00:58:28 ----ASH---- C:\pagefile.sys
2012-01-03 00:49:23 ----RSD---- C:\WINDOWS\assembly
2012-01-03 00:48:59 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-03 00:48:05 ----D---- C:\Program Files\ATI Technologies
2012-01-03 00:45:57 ----A---- C:\WINDOWS\system32\snymsico.dll
2012-01-03 00:45:57 ----A---- C:\WINDOWS\system32\drivers\risdptsk.sys
2012-01-03 00:45:57 ----A---- C:\WINDOWS\system32\drivers\rimsptsk.sys
2012-01-03 00:45:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-01-03 00:45:14 ----A---- C:\WINDOWS\system32\drivers\Rtnicxp.sys
2012-01-03 00:45:13 ----D---- C:\WINDOWS\OPTIONS
2012-01-03 00:44:31 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2012-01-03 00:44:28 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2012-01-03 00:44:25 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2012-01-03 00:44:24 ----A---- C:\WINDOWS\system32\ChCfg.exe
2012-01-03 00:44:21 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2012-01-03 00:44:19 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2012-01-03 00:44:17 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2012-01-03 00:44:15 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2012-01-03 00:44:13 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2012-01-03 00:44:11 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012-01-03 00:44:09 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2012-01-03 00:44:05 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012-01-03 00:43:59 ----D---- C:\WINDOWS\system32\RTCOM
2012-01-03 00:43:56 ----A---- C:\WINDOWS\system32\ksuser.dll
2012-01-03 00:43:56 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2012-01-03 00:43:56 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2012-01-03 00:43:52 ----A---- C:\WINDOWS\SoundMan.exe
2012-01-03 00:43:52 ----A---- C:\WINDOWS\SkyTel.exe
2012-01-03 00:43:52 ----A---- C:\WINDOWS\RtlUpd.exe
2012-01-03 00:43:51 ----A---- C:\WINDOWS\RTLCPL.exe
2012-01-03 00:43:50 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2012-01-03 00:43:49 ----D---- C:\Program Files\Realtek
2012-01-03 00:43:49 ----A---- C:\WINDOWS\RTHDCPL.exe
2012-01-03 00:43:49 ----A---- C:\WINDOWS\MicCal.exe
2012-01-03 00:43:49 ----A---- C:\WINDOWS\alcwzrd.exe
2012-01-03 00:43:49 ----A---- C:\WINDOWS\Alcmtr.exe
2012-01-03 00:43:45 ----A---- C:\WINDOWS\RtlExUpd.dll

======List of files/folders modified in the last 1 month======

2012-01-09 22:58:57 ----A---- C:\WINDOWS\win.ini
2012-01-03 09:23:55 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2012-01-03 01:12:18 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 risdptsk;risdptsk; C:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-12-16 31088]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-04 2304000]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-05-03 364629]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-04 483328]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 KMService;KMService; C:\WINDOWS\system32\srvany.exe [2003-04-18 8192]
S2 PEVSystemStart;PEVSystemStart; C:\Beruska.com29458B\pev.3XE [2011-06-25 256000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-01-09 654848]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Dalsi opravny skript pro OTL - postup stejny - klik na Opravit

Kód: Vybrat vše

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (cleanup)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Task Services"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Task Services"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Task Services"=-
"Microsoft DLL Registaation"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Task Services"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Task Services"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Windows Task Services"=-

:files
C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Michal Logon.job
C:\Documents and Settings\Michal\Application Data\*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

čím viac sa toho chceme zbaviť tým viac toho pribúda... momentálne je zapnuty proces 1.exe až 4x

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (cleanup)\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Windows Task Services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Windows Task Services deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Task Services deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft DLL Registaation deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Windows Task Services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Task Services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\Windows Task Services deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Michal Logon.job moved successfully.
C:\Documents and Settings\Michal\Application Data\1.exe moved successfully.
C:\Documents and Settings\Michal\Application Data\18D.exe moved successfully.
C:\Documents and Settings\Michal\Application Data\2.exe moved successfully.
C:\Documents and Settings\Michal\Application Data\regsrv33.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Michal
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 110886501 bytes
->Flash cache emptied: 701 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 106,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Michal
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01132012_191231

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040 a obnovu zatim nezapinejte zpet

Stahnete HJT http://www.hijackthis.cz/download/hijackthis.exe a udelejte jim sken - pripadne postup zde http://www.viry.cz/forum/viewtopic.php?f=24&t=16765 - log mi sem dejte

spravil somt en bod obnovenia presne podla návodu ale tí šmejdi sa mi tu držia ako kliešte

nech sa páči, log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:51, on 13. 1. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Michal\Application Data\1.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\Michal\Application Data\1.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Michal\Application Data\regsrv33.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\My Documents\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKLM\..\RunOnce: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Run: [Microsoft DLL Registaation] C:\Documents and Settings\Michal\Application Data\regsrv33.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O21 - SSODL: Windows Task Services - C:\Documents and Settings\Michal\Application Data\1.exe - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\Beruska.com29458B\pev.3XE

--
End of file - 5451 bytes

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

Spustte HJT a provedeme fixnuti polozek

HJT najdete zde C:\Documents and Settings\Michal\My Documents\Downloads\hijackthis.exe
Otevre se Vam okno, kliknete na Do a system scan only
V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
O4 - HKLM\..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKLM\..\RunOnce: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Run: [Microsoft DLL Registaation] C:\Documents and Settings\Michal\Application Data\regsrv33.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O21 - SSODL: Windows Task Services - C:\Documents and Settings\Michal\Application Data\1.exe - (no file)
Kliknete na Fix checked (vlevo dole)
HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

Skript pro OTL

Kód: Vybrat vše

:Processes
killallprocesses

:files
C:\Documents and Settings\Michal\Application Data\regsrv33.exe
C:\Documents and Settings\Michal\Application Data\1.exe
C:\Documents and Settings\Michal\Application Data\*.exe

:commands
[REBOOT]

VIRY.CZ

haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku

Re: haveď v notebooku