Re: haveď v notebooku
Napsal: 13 led 2012 20:01
Tá prva utilita mi nejde stiahnuť... stránka je nefunkčná.
Stránka 3 z 6
Re: haveď v notebooku
Napsal: 13 led 2012 20:05
Me odkaz normalne funguje, ale hodil jsem jej tedy sem na LP http://leteckaposta.cz/714480065
Re: haveď v notebooku
Napsal: 13 led 2012 20:12
Dajak sa mi pc tomu bráni, ani cez tu povodnu ani cez letecku to nejde stiahnuť 
Re: haveď v notebooku
Napsal: 13 led 2012 20:18
Udelejte tedy HJT + OTL
Re: haveď v notebooku
Napsal: 14 led 2012 18:14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:38, on 14. 1. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Program Files\Garena Plus\Room\garena_room.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\My Documents\Downloads\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKLM\..\RunOnce: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O21 - SSODL: Windows Task Services - C:\Documents and Settings\Michal\Application Data\1.exe - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\Beruska.com29458B\pev.3XE
--
End of file - 5414 bytes
Scan saved at 18:14:38, on 14. 1. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Program Files\Garena Plus\Room\garena_room.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michal\My Documents\Downloads\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKLM\..\RunOnce: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O21 - SSODL: Windows Task Services - C:\Documents and Settings\Michal\Application Data\1.exe - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\Beruska.com29458B\pev.3XE
--
End of file - 5414 bytes
Re: haveď v notebooku
Napsal: 14 led 2012 18:28
OTL logfile created on: 14. 1. 2012 18:16:13 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michal\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy
447,20 Mb Total Physical Memory | 103,15 Mb Available Physical Memory | 23,07% Memory free
1,03 Gb Paging File | 0,63 Gb Available in Paging File | 60,62% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 51,11 Gb Free Space | 68,58% Space Free | Partition Type: NTFS
Computer Name: ALLA | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.01.12 21:23:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michal\Desktop\OTL.exe
PRC - [2012.01.11 01:45:53 | 005,399,896 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exe
PRC - [2012.01.09 11:16:08 | 004,142,424 | ---- | M] (Garena Online PTE LTD) -- C:\Program Files\Garena Plus\Room\garena_room.exe
PRC - [2011.11.16 00:41:32 | 008,391,152 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
PRC - [2011.10.20 20:45:48 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008.04.13 19:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.03 17:42:56 | 000,376,921 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2007.05.03 17:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
========== Modules (No Company Name) ==========
MOD - [2012.01.11 01:45:53 | 005,399,896 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exe
MOD - [2012.01.10 20:22:15 | 000,020,992 | ---- | M] () -- C:\Program Files\Garena Plus\VersionModule.dll
MOD - [2012.01.10 20:20:07 | 000,059,392 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\PlatformPlugin.dll
MOD - [2012.01.10 20:10:53 | 000,120,832 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\GoKartPlugin.dll
MOD - [2012.01.10 20:10:49 | 000,119,808 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\GoKartPHPlugin.dll
MOD - [2012.01.10 20:10:45 | 000,105,984 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\PluginThe7TW.dll
MOD - [2012.01.10 20:10:44 | 000,166,400 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\BlackShotPlugin.dll
MOD - [2012.01.10 20:10:44 | 000,123,904 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\LoLTWPlugin.dll
MOD - [2012.01.10 20:10:44 | 000,106,496 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\PluginTexasHoldEmTW.dll
MOD - [2012.01.10 20:10:42 | 000,122,368 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\LoLPHPlugin.dll
MOD - [2012.01.10 20:09:41 | 000,566,784 | ---- | M] () -- C:\Program Files\Garena Plus\PluginAux.dll
MOD - [2012.01.10 20:09:33 | 000,147,456 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\HonCISPlugin.dll
MOD - [2012.01.10 20:09:33 | 000,146,944 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\HonPlugin.dll
MOD - [2012.01.10 20:09:31 | 000,105,984 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\PluginWinTexasTW.dll
MOD - [2012.01.10 20:09:26 | 000,127,488 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\LoLPlugin.dll
MOD - [2012.01.10 20:09:15 | 000,055,296 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\PluginNews.dll
MOD - [2012.01.10 19:32:31 | 000,046,080 | ---- | M] () -- C:\Program Files\Garena Plus\lib\Http.dll
MOD - [2012.01.10 05:56:47 | 000,858,624 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XLL.dll
MOD - [2012.01.10 05:56:36 | 000,096,768 | ---- | M] () -- C:\Program Files\Garena Plus\lib\UILayout.dll
MOD - [2012.01.10 05:55:30 | 000,163,328 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2012.01.10 05:55:14 | 000,048,128 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XmlUIModule.dll
MOD - [2012.01.05 01:55:58 | 000,531,456 | ---- | M] () -- C:\Program Files\Garena Plus\CxImage.dll
MOD - [2012.01.05 01:55:38 | 000,038,400 | ---- | M] () -- C:\Program Files\Garena Plus\FileLoader.dll
MOD - [2012.01.05 01:48:23 | 000,061,440 | ---- | M] () -- C:\Program Files\Garena Plus\lib\UdtLib.dll
MOD - [2012.01.05 01:34:41 | 000,114,176 | ---- | M] () -- C:\Program Files\Garena Plus\PluginUpdate.dll
MOD - [2011.12.14 02:32:03 | 000,573,100 | ---- | M] () -- C:\Program Files\Garena Plus\sqlite3.dll
MOD - [2011.11.16 00:41:32 | 000,229,360 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
MOD - [2011.11.16 00:41:28 | 007,859,200 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtGui4.dll
MOD - [2011.11.16 00:41:28 | 002,210,816 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtCore4.dll
MOD - [2011.11.16 00:41:28 | 000,814,080 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtNetwork4.dll
MOD - [2011.11.16 00:41:28 | 000,421,360 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
MOD - [2011.11.16 00:41:28 | 000,195,584 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg4.dll
MOD - [2011.11.16 00:41:28 | 000,158,704 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
MOD - [2011.11.16 00:41:28 | 000,025,600 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\imageformats\qgif4.dll
MOD - [2011.10.20 20:45:46 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\ppgooglenaclpluginchrome.dll
MOD - [2011.10.20 20:45:45 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\pdf.dll
MOD - [2011.10.20 20:44:09 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\avutil-51.dll
MOD - [2011.10.20 20:44:08 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\avformat-53.dll
MOD - [2011.10.20 20:44:07 | 001,745,992 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\avcodec-53.dll
MOD - [2011.10.20 17:45:13 | 008,587,936 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\gcswf32.dll
MOD - [2011.10.11 18:02:34 | 000,100,352 | ---- | M] () -- C:\Program Files\Garena Plus\ggspawn.dll
MOD - [2011.10.10 19:41:22 | 000,122,136 | ---- | M] () -- C:\Program Files\Garena Plus\ggcode.dll
MOD - [2011.08.25 04:36:56 | 000,184,832 | ---- | M] () -- C:\Program Files\Garena Plus\ImageModule.dll
MOD - [2011.08.12 03:51:26 | 000,405,504 | ---- | M] () -- C:\Program Files\Garena Plus\Room\XMLSkin.dll
MOD - [2011.08.11 00:26:54 | 000,019,456 | ---- | M] () -- C:\Program Files\Garena Plus\PluginModule.dll
MOD - [2011.07.03 22:39:30 | 002,621,952 | ---- | M] () -- C:\Program Files\Garena Plus\ggdownloader.dll
MOD - [2011.05.24 02:29:26 | 000,277,784 | ---- | M] () -- C:\Program Files\Garena Plus\Room\ggsec.dll
MOD - [2011.05.24 00:41:24 | 000,009,728 | ---- | M] () -- C:\Program Files\Garena Plus\lib\ClientTcp.dll
MOD - [2011.05.03 23:57:24 | 000,360,280 | ---- | M] () -- C:\Program Files\Garena Plus\lib\GaVoiceGroup.dll
MOD - [2011.01.03 18:10:36 | 000,526,848 | ---- | M] () -- C:\Program Files\Garena Plus\Room\sqlite3.dll
MOD - [2010.12.30 02:37:08 | 000,163,328 | ---- | M] () -- C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2010.10.28 01:14:42 | 000,105,984 | ---- | M] () -- C:\Program Files\Garena Plus\lib\HttpLayer.dll
MOD - [2010.10.28 01:14:40 | 000,510,464 | ---- | M] () -- C:\Program Files\Garena Plus\lib\RSALib.dll
MOD - [2010.10.28 01:14:40 | 000,418,304 | ---- | M] () -- C:\Program Files\Garena Plus\lib\exchndl.dll
MOD - [2010.10.28 01:14:40 | 000,319,488 | ---- | M] () -- C:\Program Files\Garena Plus\lib\ClientLib.dll
MOD - [2010.10.28 01:14:40 | 000,197,632 | ---- | M] () -- C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
MOD - [2010.10.28 01:14:40 | 000,178,176 | ---- | M] () -- C:\Program Files\Garena Plus\lib\MP3Module.dll
MOD - [2010.10.25 22:59:30 | 000,070,144 | ---- | M] () -- C:\Program Files\Garena Plus\Room\gcaclientdll.dll
MOD - [2010.09.15 20:13:54 | 000,054,784 | ---- | M] () -- C:\Program Files\Garena Plus\Room\Inject.dll
MOD - [2010.07.14 19:13:44 | 000,097,792 | ---- | M] () -- C:\Program Files\Garena Plus\CommonLib.dll
MOD - [2010.05.05 00:56:32 | 000,025,088 | ---- | M] () -- C:\Program Files\Garena Plus\DibModule.dll
MOD - [2010.01.09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.08.11 05:45:26 | 000,162,304 | ---- | M] () -- C:\Program Files\Garena Plus\LogLib.dll
MOD - [2009.07.15 08:42:56 | 000,056,832 | ---- | M] () -- C:\Program Files\Garena Plus\PluginKernel.dll
MOD - [2008.04.13 19:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2007.07.05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2006.11.09 08:00:00 | 000,162,304 | ---- | M] () -- C:\Program Files\Garena Plus\lame_enc.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.01.09 23:28:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.25 22:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\Beruska.com29458B\pev.3XE -- (PEVSystemStart)
SRV - [2010.01.21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2007.05.03 17:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (GGSAFERDriver)
DRV - [2008.04.13 14:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007.08.24 11:46:48 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.07.04 22:55:40 | 002,304,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.05.02 19:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.03.28 19:52:18 | 000,057,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006.12.14 16:44:06 | 000,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.03 09:32:00 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.07.14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005.07.12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2012.01.13 19:12:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe ( )
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe ( )
O4 - HKLM..\RunOnce: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe ( )
O4 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003..\RunOnce: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services = C:\Documents and Settings\Michal\Application Data\1.exe ( )
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services = C:\Documents and Settings\Michal\Application Data\1.exe ( )
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&oslať do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55D5C386-D030-43D0-A347-01FBA96655DF}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: Windows Task Services - C:\Documents and Settings\Michal\Application Data\1.exe - No CLSID value found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.03 09:24:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell - "" = AutoRun
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\1b37f31f.exe
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\explore\command - "" = E:\RECYCLER\1b37f31f.exe
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\open\command - "" = E:\RECYCLER\1b37f31f.exe
O33 - MountPoints2\{4f4b96b0-3677-11e1-8efc-0015af57abac}\Shell - "" = AutoRun
O33 - MountPoints2\{4f4b96b0-3677-11e1-8efc-0015af57abac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f4b96b0-3677-11e1-8efc-0015af57abac}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[2012.01.13 19:18:08 | 000,368,640 | ---- | C] ( ) -- C:\Documents and Settings\Michal\Application Data\1.exe
[2012.01.13 18:10:31 | 000,000,000 | --SD | C] -- C:\Beruska.com29458B
[2012.01.13 18:04:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michal\My Documents\My Videos
[2012.01.13 16:51:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.12 21:22:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michal\Desktop\OTL.exe
[2012.01.12 18:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\My Documents\VIDEO_TS
[2012.01.12 17:28:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michal\Recent
[2012.01.12 15:33:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012.01.12 14:22:42 | 000,000,000 | --SD | C] -- C:\Beruska.com
[2012.01.12 14:21:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.01.11 22:46:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.01.11 22:44:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.01.11 22:44:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.01.11 22:44:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.01.11 22:44:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.01.11 22:44:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.01.11 22:44:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.11 22:44:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michal\Start Menu\Programs\Administrative Tools
[2012.01.11 22:31:39 | 004,382,027 | R--- | C] (Swearware) -- C:\Documents and Settings\Michal\Desktop\Beruska.com.exe
[2012.01.11 18:06:27 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michal\Desktop\tdsskiller.exe
[2012.01.10 20:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Start Menu\Programs\WinRAR
[2012.01.10 20:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012.01.09 23:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2012.01.09 23:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Local Settings\Application Data\Adobe
[2012.01.09 23:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012.01.09 23:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.01.09 23:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.01.09 23:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.01.09 23:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.01.09 23:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2012.01.09 23:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012.01.09 23:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.01.09 23:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012.01.09 23:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.01.09 23:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012.01.09 22:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012.01.09 22:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.01.09 22:57:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012.01.09 22:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Local Settings\Application Data\Microsoft Help
[2012.01.09 22:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.01.09 22:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012.01.09 22:56:41 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.01.09 12:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Desktop\Songy
[2012.01.09 12:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Application Data\AVG
[2012.01.09 12:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.01.09 12:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2012.01.09 12:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.01.09 11:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.01.09 11:53:16 | 000,000,000 | ---D | C] -- C:\rsit
[2012.01.09 11:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Application Data\Malwarebytes
[2012.01.09 11:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.09 11:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.09 11:28:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.09 11:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
========== Files - Modified Within 7 Days ==========
[2012.01.14 16:46:38 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\keyset.dat
[2012.01.14 14:27:09 | 000,368,640 | ---- | M] ( ) -- C:\Documents and Settings\Michal\Application Data\1.exe
[2012.01.14 14:26:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.13 19:40:54 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\regsrv33.exe
[2012.01.13 19:40:54 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\2.exe
[2012.01.13 19:12:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.01.13 18:05:11 | 004,382,027 | R--- | M] (Swearware) -- C:\Documents and Settings\Michal\Desktop\Beruska.com.exe
[2012.01.13 14:34:53 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\room_v3.dat
[2012.01.12 22:08:51 | 008,455,382 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\05.Gamba - jemna a krasna (prod. Ziki).mp3
[2012.01.12 21:27:29 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.01.12 21:23:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michal\Desktop\OTL.exe
[2012.01.12 21:20:32 | 000,156,371 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo copy.jpg
[2012.01.12 21:20:20 | 004,605,679 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo.psd
[2012.01.12 21:04:37 | 001,320,979 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\beautiful-tree-wallpapers_28076_2560x1600.jpg
[2012.01.12 20:59:57 | 000,170,375 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.psd
[2012.01.12 20:59:33 | 000,054,503 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.png
[2012.01.12 20:47:32 | 000,193,502 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko copy.png
[2012.01.12 20:39:29 | 001,757,094 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko.psd
[2012.01.12 19:53:17 | 000,071,671 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\310816_211036362285068_100001361168147_512496_5434136_n.jpg
[2012.01.12 19:50:28 | 000,034,467 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\bean3.jpg
[2012.01.12 19:29:01 | 000,052,574 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\Bane_The_Dark_Knight_Rises.jpg
[2012.01.12 15:02:12 | 113,005,472 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\setup_11.0.0.1245.x01_2012_01_12_16_38.exe
[2012.01.11 22:46:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.01.11 18:06:32 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michal\Desktop\tdsskiller.exe
[2012.01.11 17:50:38 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012.01.11 17:44:15 | 000,782,336 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\RogueKiller.exe
[2012.01.11 17:43:58 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\CKScanner.exe
[2012.01.11 16:27:24 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012.01.11 15:14:42 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\DVD Shrink 3.2.lnk
[2012.01.11 14:19:01 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.10 23:16:04 | 000,043,388 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\untitled.JPG
[2012.01.10 00:11:30 | 001,565,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.09 23:42:23 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\Photoshop.lnk
[2012.01.09 23:40:10 | 000,034,308 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2012.01.09 12:09:12 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\AVG PC Tuneup 2011.lnk
[2012.01.09 11:28:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
========== Files Created - No Company Name ==========
[2012.01.13 19:40:56 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Michal\Application Data\regsrv33.exe
[2012.01.13 19:40:54 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Michal\Application Data\2.exe
[2012.01.12 22:08:09 | 008,455,382 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\05.Gamba - jemna a krasna (prod. Ziki).mp3
[2012.01.12 21:27:29 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.01.12 21:20:27 | 000,156,371 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo copy.jpg
[2012.01.12 21:20:18 | 004,605,679 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo.psd
[2012.01.12 21:04:43 | 001,320,979 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\beautiful-tree-wallpapers_28076_2560x1600.jpg
[2012.01.12 20:59:56 | 000,170,375 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.psd
[2012.01.12 20:59:29 | 000,054,503 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.png
[2012.01.12 20:47:20 | 000,193,502 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko copy.png
[2012.01.12 20:39:22 | 001,757,094 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko.psd
[2012.01.12 19:53:19 | 000,071,671 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\310816_211036362285068_100001361168147_512496_5434136_n.jpg
[2012.01.12 19:50:35 | 000,034,467 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\bean3.jpg
[2012.01.12 19:31:26 | 000,052,574 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\Bane_The_Dark_Knight_Rises.jpg
[2012.01.12 14:53:25 | 113,005,472 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\setup_11.0.0.1245.x01_2012_01_12_16_38.exe
[2012.01.11 22:46:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.01.11 22:46:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.01.11 22:44:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.11 22:44:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.11 22:44:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.11 22:44:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.11 22:44:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.11 17:49:29 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012.01.11 17:44:14 | 000,782,336 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\RogueKiller.exe
[2012.01.11 17:43:57 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\CKScanner.exe
[2012.01.10 23:16:03 | 000,043,388 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\untitled.JPG
[2012.01.09 23:42:23 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\Photoshop.lnk
[2012.01.09 23:40:10 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2012.01.09 23:39:04 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012.01.09 23:36:03 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012.01.09 23:33:42 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012.01.09 23:33:02 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012.01.09 23:29:52 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012.01.09 23:05:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2012.01.09 21:23:38 | 000,610,547 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\norway-fishing-holiday-1920x1080.jpg
[2012.01.09 12:09:12 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\AVG PC Tuneup 2011.lnk
[2012.01.09 11:28:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.06 15:28:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012.01.06 01:13:57 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012.01.03 22:50:54 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\Michal\Application Data\room_v3.dat
[2012.01.03 18:26:43 | 000,078,816 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2012.01.03 17:54:21 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.03 09:42:08 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe
[2012.01.03 09:42:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2012.01.03 09:27:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.01.03 09:20:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.01.03 01:06:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.01.03 01:04:57 | 001,565,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.03 00:44:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.04.13 19:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007.08.24 11:46:48 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007.07.04 22:28:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.07.04 22:28:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007.07.04 22:28:08 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.06.05 13:40:44 | 000,149,278 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006.12.30 21:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.08.18 03:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.18 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.18 03:00:00 | 000,455,710 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.18 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.18 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.18 03:00:00 | 000,075,684 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.18 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.18 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.18 03:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.18 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2012.01.14 16:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2012.01.13 18:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.01.09 22:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\AVG
[2012.01.14 16:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\GarenaPlus
[2012.01.12 18:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\TS3Client
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
< End of report >
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michal\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy
447,20 Mb Total Physical Memory | 103,15 Mb Available Physical Memory | 23,07% Memory free
1,03 Gb Paging File | 0,63 Gb Available in Paging File | 60,62% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 51,11 Gb Free Space | 68,58% Space Free | Partition Type: NTFS
Computer Name: ALLA | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.01.12 21:23:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michal\Desktop\OTL.exe
PRC - [2012.01.11 01:45:53 | 005,399,896 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exe
PRC - [2012.01.09 11:16:08 | 004,142,424 | ---- | M] (Garena Online PTE LTD) -- C:\Program Files\Garena Plus\Room\garena_room.exe
PRC - [2011.11.16 00:41:32 | 008,391,152 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
PRC - [2011.10.20 20:45:48 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008.04.13 19:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.03 17:42:56 | 000,376,921 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2007.05.03 17:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
========== Modules (No Company Name) ==========
MOD - [2012.01.11 01:45:53 | 005,399,896 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exe
MOD - [2012.01.10 20:22:15 | 000,020,992 | ---- | M] () -- C:\Program Files\Garena Plus\VersionModule.dll
MOD - [2012.01.10 20:20:07 | 000,059,392 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\PlatformPlugin.dll
MOD - [2012.01.10 20:10:53 | 000,120,832 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\GoKartPlugin.dll
MOD - [2012.01.10 20:10:49 | 000,119,808 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\GoKartPHPlugin.dll
MOD - [2012.01.10 20:10:45 | 000,105,984 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\PluginThe7TW.dll
MOD - [2012.01.10 20:10:44 | 000,166,400 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\BlackShotPlugin.dll
MOD - [2012.01.10 20:10:44 | 000,123,904 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\LoLTWPlugin.dll
MOD - [2012.01.10 20:10:44 | 000,106,496 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\PluginTexasHoldEmTW.dll
MOD - [2012.01.10 20:10:42 | 000,122,368 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\LoLPHPlugin.dll
MOD - [2012.01.10 20:09:41 | 000,566,784 | ---- | M] () -- C:\Program Files\Garena Plus\PluginAux.dll
MOD - [2012.01.10 20:09:33 | 000,147,456 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\HonCISPlugin.dll
MOD - [2012.01.10 20:09:33 | 000,146,944 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\HonPlugin.dll
MOD - [2012.01.10 20:09:31 | 000,105,984 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\PluginWinTexasTW.dll
MOD - [2012.01.10 20:09:26 | 000,127,488 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\LoLPlugin.dll
MOD - [2012.01.10 20:09:15 | 000,055,296 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\PluginNews.dll
MOD - [2012.01.10 19:32:31 | 000,046,080 | ---- | M] () -- C:\Program Files\Garena Plus\lib\Http.dll
MOD - [2012.01.10 05:56:47 | 000,858,624 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XLL.dll
MOD - [2012.01.10 05:56:36 | 000,096,768 | ---- | M] () -- C:\Program Files\Garena Plus\lib\UILayout.dll
MOD - [2012.01.10 05:55:30 | 000,163,328 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2012.01.10 05:55:14 | 000,048,128 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XmlUIModule.dll
MOD - [2012.01.05 01:55:58 | 000,531,456 | ---- | M] () -- C:\Program Files\Garena Plus\CxImage.dll
MOD - [2012.01.05 01:55:38 | 000,038,400 | ---- | M] () -- C:\Program Files\Garena Plus\FileLoader.dll
MOD - [2012.01.05 01:48:23 | 000,061,440 | ---- | M] () -- C:\Program Files\Garena Plus\lib\UdtLib.dll
MOD - [2012.01.05 01:34:41 | 000,114,176 | ---- | M] () -- C:\Program Files\Garena Plus\PluginUpdate.dll
MOD - [2011.12.14 02:32:03 | 000,573,100 | ---- | M] () -- C:\Program Files\Garena Plus\sqlite3.dll
MOD - [2011.11.16 00:41:32 | 000,229,360 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
MOD - [2011.11.16 00:41:28 | 007,859,200 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtGui4.dll
MOD - [2011.11.16 00:41:28 | 002,210,816 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtCore4.dll
MOD - [2011.11.16 00:41:28 | 000,814,080 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtNetwork4.dll
MOD - [2011.11.16 00:41:28 | 000,421,360 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
MOD - [2011.11.16 00:41:28 | 000,195,584 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg4.dll
MOD - [2011.11.16 00:41:28 | 000,158,704 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
MOD - [2011.11.16 00:41:28 | 000,025,600 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\imageformats\qgif4.dll
MOD - [2011.10.20 20:45:46 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\ppgooglenaclpluginchrome.dll
MOD - [2011.10.20 20:45:45 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\pdf.dll
MOD - [2011.10.20 20:44:09 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\avutil-51.dll
MOD - [2011.10.20 20:44:08 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\avformat-53.dll
MOD - [2011.10.20 20:44:07 | 001,745,992 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\avcodec-53.dll
MOD - [2011.10.20 17:45:13 | 008,587,936 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\gcswf32.dll
MOD - [2011.10.11 18:02:34 | 000,100,352 | ---- | M] () -- C:\Program Files\Garena Plus\ggspawn.dll
MOD - [2011.10.10 19:41:22 | 000,122,136 | ---- | M] () -- C:\Program Files\Garena Plus\ggcode.dll
MOD - [2011.08.25 04:36:56 | 000,184,832 | ---- | M] () -- C:\Program Files\Garena Plus\ImageModule.dll
MOD - [2011.08.12 03:51:26 | 000,405,504 | ---- | M] () -- C:\Program Files\Garena Plus\Room\XMLSkin.dll
MOD - [2011.08.11 00:26:54 | 000,019,456 | ---- | M] () -- C:\Program Files\Garena Plus\PluginModule.dll
MOD - [2011.07.03 22:39:30 | 002,621,952 | ---- | M] () -- C:\Program Files\Garena Plus\ggdownloader.dll
MOD - [2011.05.24 02:29:26 | 000,277,784 | ---- | M] () -- C:\Program Files\Garena Plus\Room\ggsec.dll
MOD - [2011.05.24 00:41:24 | 000,009,728 | ---- | M] () -- C:\Program Files\Garena Plus\lib\ClientTcp.dll
MOD - [2011.05.03 23:57:24 | 000,360,280 | ---- | M] () -- C:\Program Files\Garena Plus\lib\GaVoiceGroup.dll
MOD - [2011.01.03 18:10:36 | 000,526,848 | ---- | M] () -- C:\Program Files\Garena Plus\Room\sqlite3.dll
MOD - [2010.12.30 02:37:08 | 000,163,328 | ---- | M] () -- C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2010.10.28 01:14:42 | 000,105,984 | ---- | M] () -- C:\Program Files\Garena Plus\lib\HttpLayer.dll
MOD - [2010.10.28 01:14:40 | 000,510,464 | ---- | M] () -- C:\Program Files\Garena Plus\lib\RSALib.dll
MOD - [2010.10.28 01:14:40 | 000,418,304 | ---- | M] () -- C:\Program Files\Garena Plus\lib\exchndl.dll
MOD - [2010.10.28 01:14:40 | 000,319,488 | ---- | M] () -- C:\Program Files\Garena Plus\lib\ClientLib.dll
MOD - [2010.10.28 01:14:40 | 000,197,632 | ---- | M] () -- C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
MOD - [2010.10.28 01:14:40 | 000,178,176 | ---- | M] () -- C:\Program Files\Garena Plus\lib\MP3Module.dll
MOD - [2010.10.25 22:59:30 | 000,070,144 | ---- | M] () -- C:\Program Files\Garena Plus\Room\gcaclientdll.dll
MOD - [2010.09.15 20:13:54 | 000,054,784 | ---- | M] () -- C:\Program Files\Garena Plus\Room\Inject.dll
MOD - [2010.07.14 19:13:44 | 000,097,792 | ---- | M] () -- C:\Program Files\Garena Plus\CommonLib.dll
MOD - [2010.05.05 00:56:32 | 000,025,088 | ---- | M] () -- C:\Program Files\Garena Plus\DibModule.dll
MOD - [2010.01.09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.08.11 05:45:26 | 000,162,304 | ---- | M] () -- C:\Program Files\Garena Plus\LogLib.dll
MOD - [2009.07.15 08:42:56 | 000,056,832 | ---- | M] () -- C:\Program Files\Garena Plus\PluginKernel.dll
MOD - [2008.04.13 19:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2007.07.05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2006.11.09 08:00:00 | 000,162,304 | ---- | M] () -- C:\Program Files\Garena Plus\lame_enc.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.01.09 23:28:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.25 22:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\Beruska.com29458B\pev.3XE -- (PEVSystemStart)
SRV - [2010.01.21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2007.05.03 17:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (GGSAFERDriver)
DRV - [2008.04.13 14:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007.08.24 11:46:48 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.07.04 22:55:40 | 002,304,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.05.02 19:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.03.28 19:52:18 | 000,057,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006.12.14 16:44:06 | 000,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.03 09:32:00 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.07.14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005.07.12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\15.0.874.102\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2012.01.13 19:12:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe ( )
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003..\Run: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe ( )
O4 - HKLM..\RunOnce: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe ( )
O4 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003..\RunOnce: [Windows Task Services] C:\Documents and Settings\Michal\Application Data\1.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services = C:\Documents and Settings\Michal\Application Data\1.exe ( )
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1644491937-1935655697-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Task Services = C:\Documents and Settings\Michal\Application Data\1.exe ( )
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&oslať do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55D5C386-D030-43D0-A347-01FBA96655DF}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: Windows Task Services - C:\Documents and Settings\Michal\Application Data\1.exe - No CLSID value found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.03 09:24:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell - "" = AutoRun
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\1b37f31f.exe
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\explore\command - "" = E:\RECYCLER\1b37f31f.exe
O33 - MountPoints2\{1d22c106-3775-11e1-8eff-0015af57abac}\Shell\open\command - "" = E:\RECYCLER\1b37f31f.exe
O33 - MountPoints2\{4f4b96b0-3677-11e1-8efc-0015af57abac}\Shell - "" = AutoRun
O33 - MountPoints2\{4f4b96b0-3677-11e1-8efc-0015af57abac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f4b96b0-3677-11e1-8efc-0015af57abac}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[2012.01.13 19:18:08 | 000,368,640 | ---- | C] ( ) -- C:\Documents and Settings\Michal\Application Data\1.exe
[2012.01.13 18:10:31 | 000,000,000 | --SD | C] -- C:\Beruska.com29458B
[2012.01.13 18:04:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michal\My Documents\My Videos
[2012.01.13 16:51:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.12 21:22:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michal\Desktop\OTL.exe
[2012.01.12 18:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\My Documents\VIDEO_TS
[2012.01.12 17:28:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michal\Recent
[2012.01.12 15:33:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012.01.12 14:22:42 | 000,000,000 | --SD | C] -- C:\Beruska.com
[2012.01.12 14:21:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.01.11 22:46:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.01.11 22:44:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.01.11 22:44:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.01.11 22:44:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.01.11 22:44:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.01.11 22:44:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.01.11 22:44:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.11 22:44:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michal\Start Menu\Programs\Administrative Tools
[2012.01.11 22:31:39 | 004,382,027 | R--- | C] (Swearware) -- C:\Documents and Settings\Michal\Desktop\Beruska.com.exe
[2012.01.11 18:06:27 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michal\Desktop\tdsskiller.exe
[2012.01.10 20:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Start Menu\Programs\WinRAR
[2012.01.10 20:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012.01.09 23:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2012.01.09 23:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Local Settings\Application Data\Adobe
[2012.01.09 23:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012.01.09 23:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.01.09 23:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.01.09 23:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.01.09 23:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.01.09 23:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2012.01.09 23:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012.01.09 23:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.01.09 23:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012.01.09 23:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.01.09 23:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012.01.09 22:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012.01.09 22:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.01.09 22:57:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012.01.09 22:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Local Settings\Application Data\Microsoft Help
[2012.01.09 22:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.01.09 22:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012.01.09 22:56:41 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.01.09 12:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Desktop\Songy
[2012.01.09 12:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Application Data\AVG
[2012.01.09 12:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.01.09 12:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2012.01.09 12:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.01.09 11:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.01.09 11:53:16 | 000,000,000 | ---D | C] -- C:\rsit
[2012.01.09 11:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal\Application Data\Malwarebytes
[2012.01.09 11:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.09 11:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.09 11:28:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.09 11:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
========== Files - Modified Within 7 Days ==========
[2012.01.14 16:46:38 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\keyset.dat
[2012.01.14 14:27:09 | 000,368,640 | ---- | M] ( ) -- C:\Documents and Settings\Michal\Application Data\1.exe
[2012.01.14 14:26:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.13 19:40:54 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\regsrv33.exe
[2012.01.13 19:40:54 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\2.exe
[2012.01.13 19:12:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.01.13 18:05:11 | 004,382,027 | R--- | M] (Swearware) -- C:\Documents and Settings\Michal\Desktop\Beruska.com.exe
[2012.01.13 14:34:53 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\Michal\Application Data\room_v3.dat
[2012.01.12 22:08:51 | 008,455,382 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\05.Gamba - jemna a krasna (prod. Ziki).mp3
[2012.01.12 21:27:29 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.01.12 21:23:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michal\Desktop\OTL.exe
[2012.01.12 21:20:32 | 000,156,371 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo copy.jpg
[2012.01.12 21:20:20 | 004,605,679 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo.psd
[2012.01.12 21:04:37 | 001,320,979 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\beautiful-tree-wallpapers_28076_2560x1600.jpg
[2012.01.12 20:59:57 | 000,170,375 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.psd
[2012.01.12 20:59:33 | 000,054,503 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.png
[2012.01.12 20:47:32 | 000,193,502 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko copy.png
[2012.01.12 20:39:29 | 001,757,094 | ---- | M] () -- C:\Documents and Settings\Michal\My Documents\mucinko.psd
[2012.01.12 19:53:17 | 000,071,671 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\310816_211036362285068_100001361168147_512496_5434136_n.jpg
[2012.01.12 19:50:28 | 000,034,467 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\bean3.jpg
[2012.01.12 19:29:01 | 000,052,574 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\Bane_The_Dark_Knight_Rises.jpg
[2012.01.12 15:02:12 | 113,005,472 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\setup_11.0.0.1245.x01_2012_01_12_16_38.exe
[2012.01.11 22:46:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.01.11 18:06:32 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michal\Desktop\tdsskiller.exe
[2012.01.11 17:50:38 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012.01.11 17:44:15 | 000,782,336 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\RogueKiller.exe
[2012.01.11 17:43:58 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\CKScanner.exe
[2012.01.11 16:27:24 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012.01.11 15:14:42 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\DVD Shrink 3.2.lnk
[2012.01.11 14:19:01 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.10 23:16:04 | 000,043,388 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\untitled.JPG
[2012.01.10 00:11:30 | 001,565,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.09 23:42:23 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\Photoshop.lnk
[2012.01.09 23:40:10 | 000,034,308 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2012.01.09 12:09:12 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Michal\Desktop\AVG PC Tuneup 2011.lnk
[2012.01.09 11:28:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
========== Files Created - No Company Name ==========
[2012.01.13 19:40:56 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Michal\Application Data\regsrv33.exe
[2012.01.13 19:40:54 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Michal\Application Data\2.exe
[2012.01.12 22:08:09 | 008,455,382 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\05.Gamba - jemna a krasna (prod. Ziki).mp3
[2012.01.12 21:27:29 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.01.12 21:20:27 | 000,156,371 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo copy.jpg
[2012.01.12 21:20:18 | 004,605,679 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko hotovo.psd
[2012.01.12 21:04:43 | 001,320,979 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\beautiful-tree-wallpapers_28076_2560x1600.jpg
[2012.01.12 20:59:56 | 000,170,375 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.psd
[2012.01.12 20:59:29 | 000,054,503 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko render.png
[2012.01.12 20:47:20 | 000,193,502 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko copy.png
[2012.01.12 20:39:22 | 001,757,094 | ---- | C] () -- C:\Documents and Settings\Michal\My Documents\mucinko.psd
[2012.01.12 19:53:19 | 000,071,671 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\310816_211036362285068_100001361168147_512496_5434136_n.jpg
[2012.01.12 19:50:35 | 000,034,467 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\bean3.jpg
[2012.01.12 19:31:26 | 000,052,574 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\Bane_The_Dark_Knight_Rises.jpg
[2012.01.12 14:53:25 | 113,005,472 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\setup_11.0.0.1245.x01_2012_01_12_16_38.exe
[2012.01.11 22:46:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.01.11 22:46:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.01.11 22:44:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.11 22:44:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.11 22:44:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.11 22:44:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.11 22:44:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.11 17:49:29 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012.01.11 17:44:14 | 000,782,336 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\RogueKiller.exe
[2012.01.11 17:43:57 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\CKScanner.exe
[2012.01.10 23:16:03 | 000,043,388 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\untitled.JPG
[2012.01.09 23:42:23 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\Photoshop.lnk
[2012.01.09 23:40:10 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2012.01.09 23:39:04 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012.01.09 23:36:03 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012.01.09 23:33:42 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012.01.09 23:33:02 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012.01.09 23:29:52 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012.01.09 23:05:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2012.01.09 21:23:38 | 000,610,547 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\norway-fishing-holiday-1920x1080.jpg
[2012.01.09 12:09:12 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Michal\Desktop\AVG PC Tuneup 2011.lnk
[2012.01.09 11:28:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.06 15:28:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012.01.06 01:13:57 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012.01.03 22:50:54 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\Michal\Application Data\room_v3.dat
[2012.01.03 18:26:43 | 000,078,816 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2012.01.03 17:54:21 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Michal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.03 09:42:08 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe
[2012.01.03 09:42:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2012.01.03 09:27:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.01.03 09:20:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.01.03 01:06:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.01.03 01:04:57 | 001,565,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.03 00:44:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.04.13 19:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007.08.24 11:46:48 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007.07.04 22:28:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.07.04 22:28:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007.07.04 22:28:08 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.06.05 13:40:44 | 000,149,278 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006.12.30 21:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.08.18 03:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.18 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.18 03:00:00 | 000,455,710 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.18 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.18 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.18 03:00:00 | 000,075,684 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.18 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.18 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.18 03:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.18 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2012.01.14 16:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2012.01.13 18:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.01.09 22:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\AVG
[2012.01.14 16:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\GarenaPlus
[2012.01.12 18:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal\Application Data\TS3Client
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
< End of report >
Re: haveď v notebooku
Napsal: 14 led 2012 19:40
Myslel jsem tu opravu pomoci HJT + OTL jak jsem psal zde http://viry.cz/forum/viewtopic.php?p=1075945#p1075945
Re: haveď v notebooku
Napsal: 14 led 2012 20:30
========== PROCESSES ==========
All processes killed
========== FILES ==========
C:\Documents and Settings\Michal\Application Data\regsrv33.exe moved successfully.
C:\Documents and Settings\Michal\Application Data\1.exe moved successfully.
C:\Documents and Settings\Michal\Application Data\2.exe moved successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.31.0 log created on 01142012_202840
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== FILES ==========
C:\Documents and Settings\Michal\Application Data\regsrv33.exe moved successfully.
C:\Documents and Settings\Michal\Application Data\1.exe moved successfully.
C:\Documents and Settings\Michal\Application Data\2.exe moved successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.31.0 log created on 01142012_202840
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Re: haveď v notebooku
Napsal: 14 led 2012 20:34
Poprosim o novy log z RSIT
Re: haveď v notebooku
Napsal: 14 led 2012 20:37
Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal at 2012-01-14 20:37:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (69%) free of 76 GB
Total RAM: 447 MB (10% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-01-16 561552]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"ACU"=C:\Program Files\Atheros\ACU.exe [2007-05-03 376921]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft DLL Registaation"=C:\Documents and Settings\Michal\Application Data\regsrv33.exe [2012-01-14 8704]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
C:\Program Files\ASUS\Splendid\ACMON.exe [2007-07-10 851968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\WINDOWS\ASScrProlog.exe [2012-01-03 37232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30 51768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2007-07-04 26112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-08-23 229376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-04 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Windows Task Services - C:\Documents and Settings\Michal\Application Data\1.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Garena Plus\Room\garena_room.exe"="C:\Program Files\Garena Plus\Room\garena_room.exe:*:Enabled:Garena"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-01-14 20:30:42 ----A---- C:\Documents and Settings\Michal\Application Data\regsrv33.exe
2012-01-14 20:30:41 ----A---- C:\Documents and Settings\Michal\Application Data\2.exe
2012-01-14 20:30:38 ----A---- C:\Documents and Settings\Michal\Application Data\1.exe
2012-01-13 18:10:31 ----SD---- C:\Beruska.com29458B
2012-01-13 18:09:29 ----A---- C:\WINDOWS\ntbtlog.txt
2012-01-13 16:51:14 ----D---- C:\_OTL
2012-01-12 15:33:20 ----D---- C:\WINDOWS\Temp
2012-01-12 14:22:42 ----SD---- C:\Beruska.com
2012-01-12 14:21:29 ----SHD---- C:\WINDOWS\CSC
2012-01-11 22:46:18 ----A---- C:\Boot.bak
2012-01-11 22:46:13 ----RASHD---- C:\cmdcons
2012-01-11 22:44:42 ----A---- C:\WINDOWS\zip.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\SWSC.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\SWREG.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\sed.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\PEV.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\NIRCMD.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\MBR.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\grep.exe
2012-01-11 22:44:37 ----D---- C:\WINDOWS\ERDNT
2012-01-11 22:44:32 ----D---- C:\Qoobox
2012-01-11 18:06:54 ----A---- C:\TDSSKiller.2.7.0.0_11.01.2012_18.06.54_log.txt
2012-01-11 17:49:29 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2012-01-09 23:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2012-01-09 23:40:10 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2012-01-09 23:37:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-01-09 23:36:56 ----D---- C:\Program Files\Bonjour
2012-01-09 23:28:52 ----D---- C:\Program Files\Adobe
2012-01-09 23:28:14 ----D---- C:\Program Files\Common Files\Macrovision Shared
2012-01-09 23:27:09 ----D---- C:\Program Files\Common Files\Adobe
2012-01-09 23:05:41 ----A---- C:\WINDOWS\system32\srvany.exe
2012-01-09 23:02:21 ----D---- C:\Program Files\Common Files\DESIGNER
2012-01-09 23:02:13 ----D---- C:\Program Files\MSBuild
2012-01-09 23:00:56 ----D---- C:\Program Files\Microsoft Sync Framework
2012-01-09 22:59:56 ----D---- C:\Program Files\Microsoft Visual Studio 8
2012-01-09 22:58:08 ----D---- C:\Program Files\Microsoft Analysis Services
2012-01-09 22:57:51 ----D---- C:\WINDOWS\SHELLNEW
2012-01-09 22:57:00 ----D---- C:\Program Files\Microsoft Office
2012-01-09 22:56:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-01-09 22:56:41 ----RHD---- C:\MSOCache
2012-01-09 12:10:43 ----D---- C:\Documents and Settings\Michal\Application Data\AVG
2012-01-09 12:09:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2012-01-09 12:09:07 ----D---- C:\Program Files\AVG
2012-01-09 11:53:19 ----D---- C:\Program Files\trend micro
2012-01-09 11:53:16 ----D---- C:\rsit
2012-01-09 11:29:11 ----D---- C:\Documents and Settings\Michal\Application Data\Malwarebytes
2012-01-09 11:28:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-01-09 11:28:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-09 11:28:31 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-01-06 15:28:38 ----A---- C:\WINDOWS\WORDPAD.INI
2012-01-06 01:13:18 ----D---- C:\Program Files\Elaborate Bytes
2012-01-06 01:08:04 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2012-01-06 01:08:03 ----D---- C:\Program Files\DVD Shrink
2012-01-06 00:47:38 ----D---- C:\Documents and Settings\Michal\Application Data\WinRAR
2012-01-06 00:46:52 ----D---- C:\Program Files\WinRAR
2012-01-04 14:11:54 ----D---- C:\Documents and Settings\Michal\Application Data\vlc
2012-01-03 22:50:54 ----A---- C:\Documents and Settings\Michal\Application Data\room_v3.dat
2012-01-03 22:18:56 ----D---- C:\Documents and Settings\Michal\Application Data\GarenaPlus
2012-01-03 22:17:58 ----D---- C:\Program Files\Garena Plus
2012-01-03 22:17:56 ----D---- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
2012-01-03 22:05:35 ----D---- C:\Documents and Settings\Michal\Application Data\TS3Client
2012-01-03 22:00:43 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-01-03 21:58:29 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2012-01-03 21:58:28 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2012-01-03 21:58:27 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2012-01-03 21:58:24 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2012-01-03 21:58:23 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2012-01-03 21:58:22 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2012-01-03 21:58:22 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2012-01-03 21:58:21 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2012-01-03 21:58:21 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2012-01-03 21:58:20 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2012-01-03 21:58:19 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2012-01-03 21:58:19 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2012-01-03 21:58:18 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2012-01-03 21:58:18 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2012-01-03 21:58:17 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2012-01-03 21:58:17 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2012-01-03 21:58:15 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2012-01-03 21:58:13 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2012-01-03 21:58:13 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2012-01-03 21:58:13 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2012-01-03 21:58:12 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2012-01-03 21:58:12 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2012-01-03 21:58:11 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2012-01-03 21:58:10 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2012-01-03 21:58:10 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2012-01-03 21:58:09 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2012-01-03 21:58:09 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2012-01-03 21:58:08 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2012-01-03 21:58:08 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2012-01-03 21:58:07 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2012-01-03 21:58:06 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2012-01-03 21:58:06 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2012-01-03 21:58:05 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2012-01-03 21:58:05 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2012-01-03 21:58:05 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2012-01-03 21:58:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2012-01-03 21:58:03 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2012-01-03 21:58:02 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2012-01-03 21:58:02 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2012-01-03 21:58:00 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2012-01-03 21:57:59 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2012-01-03 21:57:58 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2012-01-03 21:57:58 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2012-01-03 21:57:57 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2012-01-03 21:57:56 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2012-01-03 21:57:56 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2012-01-03 21:57:55 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2012-01-03 21:57:55 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2012-01-03 21:57:54 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2012-01-03 21:57:53 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2012-01-03 21:57:51 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2012-01-03 21:57:50 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2012-01-03 21:57:50 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2012-01-03 21:57:48 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2012-01-03 21:57:48 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2012-01-03 21:57:47 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2012-01-03 21:57:46 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2012-01-03 21:57:45 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2012-01-03 21:57:45 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2012-01-03 21:57:45 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2012-01-03 21:57:44 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2012-01-03 21:57:44 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2012-01-03 21:57:43 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2012-01-03 21:57:43 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2012-01-03 21:57:42 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2012-01-03 21:57:30 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2012-01-03 21:57:29 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2012-01-03 21:57:29 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2012-01-03 21:57:28 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2012-01-03 21:57:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2012-01-03 21:57:24 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2012-01-03 21:57:23 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2012-01-03 21:57:22 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2012-01-03 21:57:21 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2012-01-03 21:57:18 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2012-01-03 21:56:53 ----D---- C:\WINDOWS\Logs
2012-01-03 18:26:43 ----A---- C:\WINDOWS\War3Unin.dat
2012-01-03 18:26:42 ----A---- C:\WINDOWS\War3Unin.pif
2012-01-03 18:26:42 ----A---- C:\WINDOWS\War3Unin.exe
2012-01-03 18:25:27 ----D---- C:\Program Files\Warcraft III
2012-01-03 18:20:13 ----D---- C:\Documents and Settings\Michal\Application Data\U3
2012-01-03 17:55:27 ----D---- C:\Program Files\VideoLAN
2012-01-03 09:43:51 ----A---- C:\WINDOWS\system32\acs.exe
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wsimd.sys
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wsimd.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wsfwDS.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wgapi.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wcapiU.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wcapi.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\dsaNac.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\dsa.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\drivers\wsimd.sys
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20U.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20resU.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20res.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20.dll
2012-01-03 09:43:37 ----D---- C:\Program Files\Atheros
2012-01-03 09:43:28 ----A---- C:\WINDOWS\system32\drivers\ar5211.sys
2012-01-03 09:43:28 ----A---- C:\WINDOWS\system32\ar5211.sys
2012-01-03 09:43:07 ----D---- C:\Documents and Settings\All Users\Application Data\Atheros
2012-01-03 09:42:39 ----D---- C:\Program Files\Wireless Console 2
2012-01-03 09:42:08 ----A---- C:\WINDOWS\ASUS Camera ScreenSaver.exe
2012-01-03 09:42:08 ----A---- C:\WINDOWS\ASUS Camera ScreenSaver Uninstaller.exe
2012-01-03 09:42:08 ----A---- C:\WINDOWS\ASScrProlog.exe
2012-01-03 09:42:07 ----A---- C:\WINDOWS\Asus_Camera_ScreenSaver.scr
2012-01-03 09:42:06 ----D---- C:\WINDOWS\Asus_Camera_ScreenSaver dir
2012-01-03 09:42:06 ----D---- C:\Documents and Settings\Michal\Application Data\Macromedia
2012-01-03 09:42:06 ----A---- C:\WINDOWS\impborl.dll
2012-01-03 09:42:06 ----A---- C:\WINDOWS\flashax.exe
2012-01-03 09:41:45 ----A---- C:\WINDOWS\system32\ACEngSvr.exe
2012-01-03 09:40:51 ----SHD---- C:\RECYCLER
2012-01-03 09:40:12 ----D---- C:\Program Files\ASUS
2012-01-03 09:40:06 ----D---- C:\Program Files\Common Files\InstallShield
2012-01-03 09:39:11 ----D---- C:\Program Files\ATK Hotkey
2012-01-03 09:39:10 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-03 09:39:04 ----D---- C:\Documents and Settings\Michal\Application Data\InstallShield
2012-01-03 09:36:58 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2012-01-03 09:33:55 ----D---- C:\Documents and Settings\Michal\Application Data\Identities
2012-01-03 09:33:54 ----HD---- C:\Program Files\Uninstall Information
2012-01-03 09:32:12 ----ASH---- C:\Documents and Settings\Michal\Application Data\desktop.ini
2012-01-03 09:32:11 ----SD---- C:\Documents and Settings\Michal\Application Data\Microsoft
2012-01-03 09:29:09 ----D---- C:\WINDOWS\SoftwareDistribution
2012-01-03 09:29:08 ----D---- C:\WINDOWS\Prefetch
2012-01-03 09:29:07 ----SD---- C:\WINDOWS\system32\Microsoft
2012-01-03 09:29:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-03 09:27:30 ----AS---- C:\WINDOWS\bootstat.dat
2012-01-03 09:25:00 ----D---- C:\WINDOWS\system32\xircom
2012-01-03 09:25:00 ----D---- C:\Program Files\xerox
2012-01-03 09:25:00 ----D---- C:\Program Files\microsoft frontpage
2012-01-03 09:24:35 ----RASH---- C:\MSDOS.SYS
2012-01-03 09:24:35 ----RASH---- C:\IO.SYS
2012-01-03 09:24:35 ----A---- C:\WINDOWS\control.ini
2012-01-03 09:24:35 ----A---- C:\CONFIG.SYS
2012-01-03 09:24:35 ----A---- C:\AUTOEXEC.BAT
2012-01-03 09:24:13 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-01-03 09:23:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-01-03 09:23:06 ----RD---- C:\WINDOWS\Offline Web Pages
2012-01-03 09:22:54 ----HD---- C:\Program Files\WindowsUpdate
2012-01-03 09:22:25 ----D---- C:\WINDOWS\system32\DirectX
2012-01-03 09:22:19 ----A---- C:\WINDOWS\system32\atrace.dll
2012-01-03 09:22:15 ----A---- C:\WINDOWS\system32\desktop.ini
2012-01-03 09:22:15 ----A---- C:\WINDOWS\desktop.ini
2012-01-03 09:22:08 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2012-01-03 09:22:07 ----A---- C:\WINDOWS\system32\acctres.dll
2012-01-03 09:22:06 ----D---- C:\Program Files\Common Files\Services
2012-01-03 09:22:04 ----SD---- C:\WINDOWS\Tasks
2012-01-03 09:22:04 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2012-01-03 09:22:03 ----D---- C:\Program Files\Common Files\MSSoap
2012-01-03 09:21:58 ----D---- C:\WINDOWS\srchasst
2012-01-03 09:21:57 ----D---- C:\WINDOWS\system32\Macromed
2012-01-03 09:21:54 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-01-03 09:21:54 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-01-03 09:21:54 ----A---- C:\WINDOWS\system32\wuauserv.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wups.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\qmgr.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2012-01-03 09:21:46 ----D---- C:\Program Files\Movie Maker
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\racpldlg.dll
2012-01-03 09:21:23 ----A---- C:\WINDOWS\system32\fltMc.exe
2012-01-03 09:21:23 ----A---- C:\WINDOWS\system32\fltlib.dll
2012-01-03 09:21:23 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2012-01-03 09:21:22 ----D---- C:\WINDOWS\system32\Restore
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\srsvc.dll
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\srrstr.dll
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\srclient.dll
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\msconf.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\mnmdd.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\ils.dll
2012-01-03 09:21:18 ----D---- C:\Program Files\NetMeeting
2012-01-03 09:21:18 ----A---- C:\WINDOWS\system32\msoert2.dll
2012-01-03 09:21:18 ----A---- C:\WINDOWS\system32\msoeacct.dll
2012-01-03 09:21:16 ----A---- C:\WINDOWS\system32\inetres.dll
2012-01-03 09:21:16 ----A---- C:\WINDOWS\system32\inetcomm.dll
2012-01-03 09:21:13 ----D---- C:\Program Files\Outlook Express
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\schedsvc.dll
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\mstinit.exe
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\mstask.dll
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\icwphbk.dll
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\icwdial.dll
2012-01-03 09:21:12 ----A---- C:\WINDOWS\system32\isign32.dll
2012-01-03 09:21:12 ----A---- C:\WINDOWS\system32\inetcfg.dll
2012-01-03 09:21:06 ----D---- C:\Program Files\Common Files\System
2012-01-03 09:21:00 ----D---- C:\Program Files\Internet Explorer
2012-01-03 09:20:30 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2012-01-03 09:20:12 ----D---- C:\Program Files\ComPlus Applications
2012-01-03 09:20:08 ----A---- C:\WINDOWS\vbaddin.ini
2012-01-03 09:20:08 ----A---- C:\WINDOWS\vb.ini
2012-01-03 09:20:00 ----D---- C:\WINDOWS\Registration
2012-01-03 09:19:49 ----D---- C:\Program Files\Online Services
2012-01-03 09:19:48 ----D---- C:\Program Files\Windows Media Player
2012-01-03 09:19:36 ----D---- C:\Program Files\Messenger
2012-01-03 09:19:32 ----D---- C:\Program Files\MSN Gaming Zone
2012-01-03 09:19:32 ----A---- C:\WINDOWS\system32\write.exe
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\hticons.dll
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\avwav.dll
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\avtapi.dll
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\avmeter.dll
2012-01-03 09:19:22 ----A---- C:\WINDOWS\system32\winchat.exe
2012-01-03 09:19:16 ----A---- C:\WINDOWS\system32\charmap.exe
2012-01-03 09:19:16 ----A---- C:\WINDOWS\system32\getuname.dll
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\winmine.exe
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\sol.exe
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\calc.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tslabels.ini
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tskill.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tscon.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\shadow.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\rwinsta.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\reset.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\regini.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\freecell.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\qwinsta.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\qappsrv.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\msg.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\logoff.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\cdmodem.dll
2012-01-03 09:19:07 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2012-01-03 09:18:49 ----D---- C:\Program Files\MSN
2012-01-03 09:18:48 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-01-03 09:18:48 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-01-03 09:18:48 ----A---- C:\WINDOWS\system32\accwiz.exe
2012-01-03 09:18:47 ----D---- C:\Program Files\Windows NT
2012-01-03 09:18:47 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-01-03 09:18:47 ----A---- C:\WINDOWS\system32\hypertrm.dll
2012-01-03 09:18:46 ----A---- C:\WINDOWS\system32\spider.exe
2012-01-03 09:18:46 ----A---- C:\WINDOWS\system32\clipbrd.exe
2012-01-03 09:18:45 ----D---- C:\WINDOWS\system32\en-US
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\tsgqec.dll
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-01-03 09:18:44 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2012-01-03 09:18:44 ----A---- C:\WINDOWS\system32\aaclient.dll
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\remotepg.dll
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\rdshost.exe
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\mstscax.dll
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\mstsc.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\termsrv.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\sessmgr.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdpclip.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdchost.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\qprocess.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\icaapi.dll
2012-01-03 09:18:41 ----D---- C:\WINDOWS\system32\MsDtc
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\mtxoci.dll
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\xolehlp.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\msdtctm.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\msdtclog.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\msdtc.exe
2012-01-03 09:18:39 ----D---- C:\WINDOWS\system32\Com
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\mtxex.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\mtxdm.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\comrepl.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\comaddin.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\colbact.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\stclient.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\clbcatex.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\catsrvut.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\catsrvps.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\catsrv.dll
2012-01-03 09:18:37 ----A---- C:\WINDOWS\system32\comuid.dll
2012-01-03 09:18:37 ----A---- C:\WINDOWS\system32\comsvcs.dll
2012-01-03 09:18:37 ----A---- C:\WINDOWS\system32\comsnap.dll
2012-01-03 09:18:36 ----A---- C:\WINDOWS\system32\clbcatq.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\servdeps.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\mmfutil.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\licwmi.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\cmprops.dll
2012-01-03 09:18:23 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2012-01-03 09:18:22 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2012-01-03 01:32:04 ----D---- C:\Program Files\Microsoft.NET
2012-01-03 01:19:24 ----A---- C:\moduleName.txt
2012-01-03 01:12:52 ----A---- C:\WINDOWS\system32\h323log.txt
2012-01-03 01:10:59 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2012-01-03 01:09:51 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2012-01-03 01:08:50 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2012-01-03 01:08:35 ----A---- C:\WINDOWS\system32\usbui.dll
2012-01-03 01:07:59 ----A---- C:\WINDOWS\system32\drivers\compbatt.sys
2012-01-03 01:07:58 ----A---- C:\WINDOWS\system32\drivers\CmBatt.sys
2012-01-03 01:07:58 ----A---- C:\WINDOWS\system32\drivers\battc.sys
2012-01-03 01:06:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-03 01:06:35 ----SHD---- C:\WINDOWS\Installer
2012-01-03 01:06:34 ----D---- C:\Program Files\Common Files\ODBC
2012-01-03 01:06:34 ----A---- C:\WINDOWS\ODBCINST.INI
2012-01-03 01:06:30 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-01-03 01:06:29 ----RD---- C:\Program Files
2012-01-03 01:06:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-01-03 01:06:29 ----D---- C:\Program Files\Common Files
2012-01-03 01:06:26 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2012-01-03 01:06:26 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2012-01-03 01:06:26 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdur.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdru.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2012-01-03 01:06:20 ----RA---- C:\WINDOWS\system32\kbdest.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdro.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\irclass.dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2012-01-03 01:06:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2012-01-03 01:06:10 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2012-01-03 01:06:10 ----A---- C:\WINDOWS\system32\batt.dll
2012-01-03 01:06:09 ----A---- C:\WINDOWS\NOTEPAD.EXE
2012-01-03 01:06:06 ----A---- C:\WINDOWS\system32\storprop.dll
2012-01-03 01:05:55 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2012-01-03 01:05:36 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-03 01:05:36 ----D---- C:\WINDOWS\system32\CatRoot
2012-01-03 01:05:30 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-01-03 01:04:58 ----SHD---- C:\System Volume Information
2012-01-03 01:04:58 ----D---- C:\Documents and Settings
2012-01-03 01:04:57 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-01-03 01:03:57 ----RASH---- C:\boot.ini
2012-01-03 01:03:33 ----D---- C:\Documents and Settings\Michal\Application Data\Adobe
2012-01-03 00:59:11 ----D---- C:\Program Files\CCleaner
2012-01-03 00:58:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-03 00:58:29 ----RSD---- C:\WINDOWS\Fonts
2012-01-03 00:58:29 ----RD---- C:\WINDOWS\Web
2012-01-03 00:58:29 ----HD---- C:\WINDOWS\inf
2012-01-03 00:58:29 ----D---- C:\WINDOWS\WinSxS
2012-01-03 00:58:29 ----D---- C:\WINDOWS\twain_32
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\wins
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\wbem
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\usmt
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\spool
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\ShellExt
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\Setup
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\scripting
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\ras
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\oobe
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\npp
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\mui
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\inetsrv
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\IME
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\icsxml
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\ias
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\export
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\en
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\drivers\etc
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\drivers\disdn
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\drivers
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\dhcp
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\config
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\3com_dmi
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\3076
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\2052
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1054
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1042
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1041
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1037
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1033
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1031
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1028
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1025
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system
2012-01-03 00:58:29 ----D---- C:\WINDOWS\security
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Resources
2012-01-03 00:58:29 ----D---- C:\WINDOWS\repair
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Provisioning
2012-01-03 00:58:29 ----D---- C:\WINDOWS\pchealth
2012-01-03 00:58:29 ----D---- C:\WINDOWS\PeerNet
2012-01-03 00:58:29 ----D---- C:\WINDOWS\NLDRV
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Network Diagnostic
2012-01-03 00:58:29 ----D---- C:\WINDOWS\mui
2012-01-03 00:58:29 ----D---- C:\WINDOWS\msapps
2012-01-03 00:58:29 ----D---- C:\WINDOWS\msagent
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Media
2012-01-03 00:58:29 ----D---- C:\WINDOWS\L2Schemas
2012-01-03 00:58:29 ----D---- C:\WINDOWS\java
2012-01-03 00:58:29 ----D---- C:\WINDOWS\ime
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Help
2012-01-03 00:58:29 ----D---- C:\WINDOWS\ehome
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Driver Cache
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Debug
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Cursors
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Connection Wizard
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Config
2012-01-03 00:58:29 ----D---- C:\WINDOWS\AppPatch
2012-01-03 00:58:29 ----D---- C:\WINDOWS\addins
2012-01-03 00:58:29 ----D---- C:\WINDOWS
2012-01-03 00:58:28 ----ASH---- C:\pagefile.sys
2012-01-03 00:49:23 ----RSD---- C:\WINDOWS\assembly
2012-01-03 00:48:59 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-03 00:48:05 ----D---- C:\Program Files\ATI Technologies
2012-01-03 00:45:57 ----A---- C:\WINDOWS\system32\snymsico.dll
2012-01-03 00:45:57 ----A---- C:\WINDOWS\system32\drivers\risdptsk.sys
2012-01-03 00:45:57 ----A---- C:\WINDOWS\system32\drivers\rimsptsk.sys
2012-01-03 00:45:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-01-03 00:45:14 ----A---- C:\WINDOWS\system32\drivers\Rtnicxp.sys
2012-01-03 00:45:13 ----D---- C:\WINDOWS\OPTIONS
2012-01-03 00:44:31 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2012-01-03 00:44:28 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2012-01-03 00:44:25 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2012-01-03 00:44:24 ----A---- C:\WINDOWS\system32\ChCfg.exe
2012-01-03 00:44:21 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2012-01-03 00:44:19 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2012-01-03 00:44:17 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2012-01-03 00:44:15 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2012-01-03 00:44:13 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2012-01-03 00:44:11 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012-01-03 00:44:09 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2012-01-03 00:44:05 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012-01-03 00:43:59 ----D---- C:\WINDOWS\system32\RTCOM
2012-01-03 00:43:56 ----A---- C:\WINDOWS\system32\ksuser.dll
2012-01-03 00:43:56 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2012-01-03 00:43:56 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2012-01-03 00:43:52 ----A---- C:\WINDOWS\SoundMan.exe
2012-01-03 00:43:52 ----A---- C:\WINDOWS\SkyTel.exe
2012-01-03 00:43:52 ----A---- C:\WINDOWS\RtlUpd.exe
2012-01-03 00:43:51 ----A---- C:\WINDOWS\RTLCPL.exe
2012-01-03 00:43:50 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2012-01-03 00:43:49 ----D---- C:\Program Files\Realtek
2012-01-03 00:43:49 ----A---- C:\WINDOWS\RTHDCPL.exe
2012-01-03 00:43:49 ----A---- C:\WINDOWS\MicCal.exe
2012-01-03 00:43:49 ----A---- C:\WINDOWS\alcwzrd.exe
2012-01-03 00:43:49 ----A---- C:\WINDOWS\Alcmtr.exe
2012-01-03 00:43:45 ----A---- C:\WINDOWS\RtlExUpd.dll
======List of files/folders modified in the last 1 month======
2012-01-09 22:58:57 ----A---- C:\WINDOWS\win.ini
2012-01-03 09:23:55 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2012-01-03 01:12:18 ----A---- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 risdptsk;risdptsk; C:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-12-16 31088]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-04 2304000]
R3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-05-03 364629]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-04 483328]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 KMService;KMService; C:\WINDOWS\system32\srvany.exe [2003-04-18 8192]
S2 PEVSystemStart;PEVSystemStart; C:\Beruska.com29458B\pev.3XE [2011-06-25 256000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-01-09 654848]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Run by Michal at 2012-01-14 20:37:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (69%) free of 76 GB
Total RAM: 447 MB (10% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-01-16 561552]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"ACU"=C:\Program Files\Atheros\ACU.exe [2007-05-03 376921]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft DLL Registaation"=C:\Documents and Settings\Michal\Application Data\regsrv33.exe [2012-01-14 8704]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Task Services"=C:\Documents and Settings\Michal\Application Data\1.exe [2012-01-14 368640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
C:\Program Files\ASUS\Splendid\ACMON.exe [2007-07-10 851968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\WINDOWS\ASScrProlog.exe [2012-01-03 37232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30 51768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2007-07-04 26112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-08-23 229376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-04 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Windows Task Services - C:\Documents and Settings\Michal\Application Data\1.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Garena Plus\Room\garena_room.exe"="C:\Program Files\Garena Plus\Room\garena_room.exe:*:Enabled:Garena"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-01-14 20:30:42 ----A---- C:\Documents and Settings\Michal\Application Data\regsrv33.exe
2012-01-14 20:30:41 ----A---- C:\Documents and Settings\Michal\Application Data\2.exe
2012-01-14 20:30:38 ----A---- C:\Documents and Settings\Michal\Application Data\1.exe
2012-01-13 18:10:31 ----SD---- C:\Beruska.com29458B
2012-01-13 18:09:29 ----A---- C:\WINDOWS\ntbtlog.txt
2012-01-13 16:51:14 ----D---- C:\_OTL
2012-01-12 15:33:20 ----D---- C:\WINDOWS\Temp
2012-01-12 14:22:42 ----SD---- C:\Beruska.com
2012-01-12 14:21:29 ----SHD---- C:\WINDOWS\CSC
2012-01-11 22:46:18 ----A---- C:\Boot.bak
2012-01-11 22:46:13 ----RASHD---- C:\cmdcons
2012-01-11 22:44:42 ----A---- C:\WINDOWS\zip.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\SWSC.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\SWREG.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\sed.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\PEV.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\NIRCMD.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\MBR.exe
2012-01-11 22:44:42 ----A---- C:\WINDOWS\grep.exe
2012-01-11 22:44:37 ----D---- C:\WINDOWS\ERDNT
2012-01-11 22:44:32 ----D---- C:\Qoobox
2012-01-11 18:06:54 ----A---- C:\TDSSKiller.2.7.0.0_11.01.2012_18.06.54_log.txt
2012-01-11 17:49:29 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2012-01-09 23:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2012-01-09 23:40:10 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2012-01-09 23:37:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-01-09 23:36:56 ----D---- C:\Program Files\Bonjour
2012-01-09 23:28:52 ----D---- C:\Program Files\Adobe
2012-01-09 23:28:14 ----D---- C:\Program Files\Common Files\Macrovision Shared
2012-01-09 23:27:09 ----D---- C:\Program Files\Common Files\Adobe
2012-01-09 23:05:41 ----A---- C:\WINDOWS\system32\srvany.exe
2012-01-09 23:02:21 ----D---- C:\Program Files\Common Files\DESIGNER
2012-01-09 23:02:13 ----D---- C:\Program Files\MSBuild
2012-01-09 23:00:56 ----D---- C:\Program Files\Microsoft Sync Framework
2012-01-09 22:59:56 ----D---- C:\Program Files\Microsoft Visual Studio 8
2012-01-09 22:58:08 ----D---- C:\Program Files\Microsoft Analysis Services
2012-01-09 22:57:51 ----D---- C:\WINDOWS\SHELLNEW
2012-01-09 22:57:00 ----D---- C:\Program Files\Microsoft Office
2012-01-09 22:56:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-01-09 22:56:41 ----RHD---- C:\MSOCache
2012-01-09 12:10:43 ----D---- C:\Documents and Settings\Michal\Application Data\AVG
2012-01-09 12:09:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2012-01-09 12:09:07 ----D---- C:\Program Files\AVG
2012-01-09 11:53:19 ----D---- C:\Program Files\trend micro
2012-01-09 11:53:16 ----D---- C:\rsit
2012-01-09 11:29:11 ----D---- C:\Documents and Settings\Michal\Application Data\Malwarebytes
2012-01-09 11:28:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-01-09 11:28:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-09 11:28:31 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-01-06 15:28:38 ----A---- C:\WINDOWS\WORDPAD.INI
2012-01-06 01:13:18 ----D---- C:\Program Files\Elaborate Bytes
2012-01-06 01:08:04 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2012-01-06 01:08:03 ----D---- C:\Program Files\DVD Shrink
2012-01-06 00:47:38 ----D---- C:\Documents and Settings\Michal\Application Data\WinRAR
2012-01-06 00:46:52 ----D---- C:\Program Files\WinRAR
2012-01-04 14:11:54 ----D---- C:\Documents and Settings\Michal\Application Data\vlc
2012-01-03 22:50:54 ----A---- C:\Documents and Settings\Michal\Application Data\room_v3.dat
2012-01-03 22:18:56 ----D---- C:\Documents and Settings\Michal\Application Data\GarenaPlus
2012-01-03 22:17:58 ----D---- C:\Program Files\Garena Plus
2012-01-03 22:17:56 ----D---- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
2012-01-03 22:05:35 ----D---- C:\Documents and Settings\Michal\Application Data\TS3Client
2012-01-03 22:00:43 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-01-03 21:58:29 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2012-01-03 21:58:28 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2012-01-03 21:58:27 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2012-01-03 21:58:24 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2012-01-03 21:58:23 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2012-01-03 21:58:22 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2012-01-03 21:58:22 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2012-01-03 21:58:21 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2012-01-03 21:58:21 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2012-01-03 21:58:20 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2012-01-03 21:58:19 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2012-01-03 21:58:19 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2012-01-03 21:58:18 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2012-01-03 21:58:18 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2012-01-03 21:58:17 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2012-01-03 21:58:17 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2012-01-03 21:58:15 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2012-01-03 21:58:14 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2012-01-03 21:58:13 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2012-01-03 21:58:13 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2012-01-03 21:58:13 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2012-01-03 21:58:12 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2012-01-03 21:58:12 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2012-01-03 21:58:11 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2012-01-03 21:58:10 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2012-01-03 21:58:10 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2012-01-03 21:58:09 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2012-01-03 21:58:09 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2012-01-03 21:58:08 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2012-01-03 21:58:08 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2012-01-03 21:58:07 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2012-01-03 21:58:06 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2012-01-03 21:58:06 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2012-01-03 21:58:05 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2012-01-03 21:58:05 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2012-01-03 21:58:05 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2012-01-03 21:58:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2012-01-03 21:58:03 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2012-01-03 21:58:02 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2012-01-03 21:58:02 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2012-01-03 21:58:00 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2012-01-03 21:57:59 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2012-01-03 21:57:58 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2012-01-03 21:57:58 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2012-01-03 21:57:57 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2012-01-03 21:57:56 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2012-01-03 21:57:56 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2012-01-03 21:57:55 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2012-01-03 21:57:55 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2012-01-03 21:57:54 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2012-01-03 21:57:53 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2012-01-03 21:57:51 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2012-01-03 21:57:50 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2012-01-03 21:57:50 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2012-01-03 21:57:48 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2012-01-03 21:57:48 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2012-01-03 21:57:47 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2012-01-03 21:57:46 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2012-01-03 21:57:45 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2012-01-03 21:57:45 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2012-01-03 21:57:45 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2012-01-03 21:57:44 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2012-01-03 21:57:44 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2012-01-03 21:57:43 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2012-01-03 21:57:43 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2012-01-03 21:57:42 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2012-01-03 21:57:30 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2012-01-03 21:57:29 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2012-01-03 21:57:29 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2012-01-03 21:57:28 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2012-01-03 21:57:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2012-01-03 21:57:24 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2012-01-03 21:57:23 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2012-01-03 21:57:22 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2012-01-03 21:57:21 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2012-01-03 21:57:18 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2012-01-03 21:56:53 ----D---- C:\WINDOWS\Logs
2012-01-03 18:26:43 ----A---- C:\WINDOWS\War3Unin.dat
2012-01-03 18:26:42 ----A---- C:\WINDOWS\War3Unin.pif
2012-01-03 18:26:42 ----A---- C:\WINDOWS\War3Unin.exe
2012-01-03 18:25:27 ----D---- C:\Program Files\Warcraft III
2012-01-03 18:20:13 ----D---- C:\Documents and Settings\Michal\Application Data\U3
2012-01-03 17:55:27 ----D---- C:\Program Files\VideoLAN
2012-01-03 09:43:51 ----A---- C:\WINDOWS\system32\acs.exe
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wsimd.sys
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wsimd.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wsfwDS.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wgapi.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wcapiU.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\wcapi.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\dsaNac.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\dsa.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\drivers\wsimd.sys
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20U.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20resU.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20res.dll
2012-01-03 09:43:39 ----A---- C:\WINDOWS\system32\athcfg20.dll
2012-01-03 09:43:37 ----D---- C:\Program Files\Atheros
2012-01-03 09:43:28 ----A---- C:\WINDOWS\system32\drivers\ar5211.sys
2012-01-03 09:43:28 ----A---- C:\WINDOWS\system32\ar5211.sys
2012-01-03 09:43:07 ----D---- C:\Documents and Settings\All Users\Application Data\Atheros
2012-01-03 09:42:39 ----D---- C:\Program Files\Wireless Console 2
2012-01-03 09:42:08 ----A---- C:\WINDOWS\ASUS Camera ScreenSaver.exe
2012-01-03 09:42:08 ----A---- C:\WINDOWS\ASUS Camera ScreenSaver Uninstaller.exe
2012-01-03 09:42:08 ----A---- C:\WINDOWS\ASScrProlog.exe
2012-01-03 09:42:07 ----A---- C:\WINDOWS\Asus_Camera_ScreenSaver.scr
2012-01-03 09:42:06 ----D---- C:\WINDOWS\Asus_Camera_ScreenSaver dir
2012-01-03 09:42:06 ----D---- C:\Documents and Settings\Michal\Application Data\Macromedia
2012-01-03 09:42:06 ----A---- C:\WINDOWS\impborl.dll
2012-01-03 09:42:06 ----A---- C:\WINDOWS\flashax.exe
2012-01-03 09:41:45 ----A---- C:\WINDOWS\system32\ACEngSvr.exe
2012-01-03 09:40:51 ----SHD---- C:\RECYCLER
2012-01-03 09:40:12 ----D---- C:\Program Files\ASUS
2012-01-03 09:40:06 ----D---- C:\Program Files\Common Files\InstallShield
2012-01-03 09:39:11 ----D---- C:\Program Files\ATK Hotkey
2012-01-03 09:39:10 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-03 09:39:04 ----D---- C:\Documents and Settings\Michal\Application Data\InstallShield
2012-01-03 09:36:58 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2012-01-03 09:33:55 ----D---- C:\Documents and Settings\Michal\Application Data\Identities
2012-01-03 09:33:54 ----HD---- C:\Program Files\Uninstall Information
2012-01-03 09:32:12 ----ASH---- C:\Documents and Settings\Michal\Application Data\desktop.ini
2012-01-03 09:32:11 ----SD---- C:\Documents and Settings\Michal\Application Data\Microsoft
2012-01-03 09:29:09 ----D---- C:\WINDOWS\SoftwareDistribution
2012-01-03 09:29:08 ----D---- C:\WINDOWS\Prefetch
2012-01-03 09:29:07 ----SD---- C:\WINDOWS\system32\Microsoft
2012-01-03 09:29:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-03 09:27:30 ----AS---- C:\WINDOWS\bootstat.dat
2012-01-03 09:25:00 ----D---- C:\WINDOWS\system32\xircom
2012-01-03 09:25:00 ----D---- C:\Program Files\xerox
2012-01-03 09:25:00 ----D---- C:\Program Files\microsoft frontpage
2012-01-03 09:24:35 ----RASH---- C:\MSDOS.SYS
2012-01-03 09:24:35 ----RASH---- C:\IO.SYS
2012-01-03 09:24:35 ----A---- C:\WINDOWS\control.ini
2012-01-03 09:24:35 ----A---- C:\CONFIG.SYS
2012-01-03 09:24:35 ----A---- C:\AUTOEXEC.BAT
2012-01-03 09:24:13 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-01-03 09:23:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-01-03 09:23:06 ----RD---- C:\WINDOWS\Offline Web Pages
2012-01-03 09:22:54 ----HD---- C:\Program Files\WindowsUpdate
2012-01-03 09:22:25 ----D---- C:\WINDOWS\system32\DirectX
2012-01-03 09:22:19 ----A---- C:\WINDOWS\system32\atrace.dll
2012-01-03 09:22:15 ----A---- C:\WINDOWS\system32\desktop.ini
2012-01-03 09:22:15 ----A---- C:\WINDOWS\desktop.ini
2012-01-03 09:22:08 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2012-01-03 09:22:07 ----A---- C:\WINDOWS\system32\acctres.dll
2012-01-03 09:22:06 ----D---- C:\Program Files\Common Files\Services
2012-01-03 09:22:04 ----SD---- C:\WINDOWS\Tasks
2012-01-03 09:22:04 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2012-01-03 09:22:03 ----D---- C:\Program Files\Common Files\MSSoap
2012-01-03 09:21:58 ----D---- C:\WINDOWS\srchasst
2012-01-03 09:21:57 ----D---- C:\WINDOWS\system32\Macromed
2012-01-03 09:21:54 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-01-03 09:21:54 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-01-03 09:21:54 ----A---- C:\WINDOWS\system32\wuauserv.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wups.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-01-03 09:21:53 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\qmgr.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2012-01-03 09:21:52 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2012-01-03 09:21:46 ----D---- C:\Program Files\Movie Maker
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2012-01-03 09:21:28 ----A---- C:\WINDOWS\system32\racpldlg.dll
2012-01-03 09:21:23 ----A---- C:\WINDOWS\system32\fltMc.exe
2012-01-03 09:21:23 ----A---- C:\WINDOWS\system32\fltlib.dll
2012-01-03 09:21:23 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2012-01-03 09:21:22 ----D---- C:\WINDOWS\system32\Restore
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\srsvc.dll
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\srrstr.dll
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\srclient.dll
2012-01-03 09:21:22 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\msconf.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\mnmdd.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2012-01-03 09:21:21 ----A---- C:\WINDOWS\system32\ils.dll
2012-01-03 09:21:18 ----D---- C:\Program Files\NetMeeting
2012-01-03 09:21:18 ----A---- C:\WINDOWS\system32\msoert2.dll
2012-01-03 09:21:18 ----A---- C:\WINDOWS\system32\msoeacct.dll
2012-01-03 09:21:16 ----A---- C:\WINDOWS\system32\inetres.dll
2012-01-03 09:21:16 ----A---- C:\WINDOWS\system32\inetcomm.dll
2012-01-03 09:21:13 ----D---- C:\Program Files\Outlook Express
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\schedsvc.dll
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\mstinit.exe
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\mstask.dll
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\icwphbk.dll
2012-01-03 09:21:13 ----A---- C:\WINDOWS\system32\icwdial.dll
2012-01-03 09:21:12 ----A---- C:\WINDOWS\system32\isign32.dll
2012-01-03 09:21:12 ----A---- C:\WINDOWS\system32\inetcfg.dll
2012-01-03 09:21:06 ----D---- C:\Program Files\Common Files\System
2012-01-03 09:21:00 ----D---- C:\Program Files\Internet Explorer
2012-01-03 09:20:30 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2012-01-03 09:20:12 ----D---- C:\Program Files\ComPlus Applications
2012-01-03 09:20:08 ----A---- C:\WINDOWS\vbaddin.ini
2012-01-03 09:20:08 ----A---- C:\WINDOWS\vb.ini
2012-01-03 09:20:00 ----D---- C:\WINDOWS\Registration
2012-01-03 09:19:49 ----D---- C:\Program Files\Online Services
2012-01-03 09:19:48 ----D---- C:\Program Files\Windows Media Player
2012-01-03 09:19:36 ----D---- C:\Program Files\Messenger
2012-01-03 09:19:32 ----D---- C:\Program Files\MSN Gaming Zone
2012-01-03 09:19:32 ----A---- C:\WINDOWS\system32\write.exe
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\hticons.dll
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\avwav.dll
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\avtapi.dll
2012-01-03 09:19:23 ----A---- C:\WINDOWS\system32\avmeter.dll
2012-01-03 09:19:22 ----A---- C:\WINDOWS\system32\winchat.exe
2012-01-03 09:19:16 ----A---- C:\WINDOWS\system32\charmap.exe
2012-01-03 09:19:16 ----A---- C:\WINDOWS\system32\getuname.dll
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\winmine.exe
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\sol.exe
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-01-03 09:19:15 ----A---- C:\WINDOWS\system32\calc.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tslabels.ini
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tskill.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\tscon.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\shadow.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\rwinsta.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\reset.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\regini.exe
2012-01-03 09:19:14 ----A---- C:\WINDOWS\system32\freecell.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\qwinsta.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\qappsrv.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\msg.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\logoff.exe
2012-01-03 09:19:13 ----A---- C:\WINDOWS\system32\cdmodem.dll
2012-01-03 09:19:07 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2012-01-03 09:18:49 ----D---- C:\Program Files\MSN
2012-01-03 09:18:48 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-01-03 09:18:48 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-01-03 09:18:48 ----A---- C:\WINDOWS\system32\accwiz.exe
2012-01-03 09:18:47 ----D---- C:\Program Files\Windows NT
2012-01-03 09:18:47 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-01-03 09:18:47 ----A---- C:\WINDOWS\system32\hypertrm.dll
2012-01-03 09:18:46 ----A---- C:\WINDOWS\system32\spider.exe
2012-01-03 09:18:46 ----A---- C:\WINDOWS\system32\clipbrd.exe
2012-01-03 09:18:45 ----D---- C:\WINDOWS\system32\en-US
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\tsgqec.dll
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2012-01-03 09:18:45 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-01-03 09:18:44 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2012-01-03 09:18:44 ----A---- C:\WINDOWS\system32\aaclient.dll
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\remotepg.dll
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\rdshost.exe
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\mstscax.dll
2012-01-03 09:18:43 ----A---- C:\WINDOWS\system32\mstsc.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\termsrv.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\sessmgr.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdpclip.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\rdchost.dll
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\qprocess.exe
2012-01-03 09:18:42 ----A---- C:\WINDOWS\system32\icaapi.dll
2012-01-03 09:18:41 ----D---- C:\WINDOWS\system32\MsDtc
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\mtxoci.dll
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2012-01-03 09:18:41 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\xolehlp.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\msdtctm.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\msdtclog.dll
2012-01-03 09:18:40 ----A---- C:\WINDOWS\system32\msdtc.exe
2012-01-03 09:18:39 ----D---- C:\WINDOWS\system32\Com
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\mtxex.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\mtxdm.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\comrepl.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\comaddin.dll
2012-01-03 09:18:39 ----A---- C:\WINDOWS\system32\colbact.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\stclient.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\clbcatex.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\catsrvut.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\catsrvps.dll
2012-01-03 09:18:38 ----A---- C:\WINDOWS\system32\catsrv.dll
2012-01-03 09:18:37 ----A---- C:\WINDOWS\system32\comuid.dll
2012-01-03 09:18:37 ----A---- C:\WINDOWS\system32\comsvcs.dll
2012-01-03 09:18:37 ----A---- C:\WINDOWS\system32\comsnap.dll
2012-01-03 09:18:36 ----A---- C:\WINDOWS\system32\clbcatq.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\servdeps.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\mmfutil.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\licwmi.dll
2012-01-03 09:18:26 ----A---- C:\WINDOWS\system32\cmprops.dll
2012-01-03 09:18:23 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2012-01-03 09:18:22 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2012-01-03 01:32:04 ----D---- C:\Program Files\Microsoft.NET
2012-01-03 01:19:24 ----A---- C:\moduleName.txt
2012-01-03 01:12:52 ----A---- C:\WINDOWS\system32\h323log.txt
2012-01-03 01:10:59 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2012-01-03 01:09:51 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2012-01-03 01:08:50 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2012-01-03 01:08:35 ----A---- C:\WINDOWS\system32\usbui.dll
2012-01-03 01:07:59 ----A---- C:\WINDOWS\system32\drivers\compbatt.sys
2012-01-03 01:07:58 ----A---- C:\WINDOWS\system32\drivers\CmBatt.sys
2012-01-03 01:07:58 ----A---- C:\WINDOWS\system32\drivers\battc.sys
2012-01-03 01:06:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-03 01:06:35 ----SHD---- C:\WINDOWS\Installer
2012-01-03 01:06:34 ----D---- C:\Program Files\Common Files\ODBC
2012-01-03 01:06:34 ----A---- C:\WINDOWS\ODBCINST.INI
2012-01-03 01:06:30 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-01-03 01:06:29 ----RD---- C:\Program Files
2012-01-03 01:06:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-01-03 01:06:29 ----D---- C:\Program Files\Common Files
2012-01-03 01:06:26 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2012-01-03 01:06:26 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2012-01-03 01:06:26 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdur.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdru.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2012-01-03 01:06:24 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2012-01-03 01:06:22 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2012-01-03 01:06:21 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2012-01-03 01:06:20 ----RA---- C:\WINDOWS\system32\kbdest.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdro.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2012-01-03 01:06:19 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\irclass.dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2012-01-03 01:06:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2012-01-03 01:06:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2012-01-03 01:06:10 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2012-01-03 01:06:10 ----A---- C:\WINDOWS\system32\batt.dll
2012-01-03 01:06:09 ----A---- C:\WINDOWS\NOTEPAD.EXE
2012-01-03 01:06:06 ----A---- C:\WINDOWS\system32\storprop.dll
2012-01-03 01:05:55 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2012-01-03 01:05:36 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-03 01:05:36 ----D---- C:\WINDOWS\system32\CatRoot
2012-01-03 01:05:30 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-01-03 01:04:58 ----SHD---- C:\System Volume Information
2012-01-03 01:04:58 ----D---- C:\Documents and Settings
2012-01-03 01:04:57 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-01-03 01:03:57 ----RASH---- C:\boot.ini
2012-01-03 01:03:33 ----D---- C:\Documents and Settings\Michal\Application Data\Adobe
2012-01-03 00:59:11 ----D---- C:\Program Files\CCleaner
2012-01-03 00:58:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-03 00:58:29 ----RSD---- C:\WINDOWS\Fonts
2012-01-03 00:58:29 ----RD---- C:\WINDOWS\Web
2012-01-03 00:58:29 ----HD---- C:\WINDOWS\inf
2012-01-03 00:58:29 ----D---- C:\WINDOWS\WinSxS
2012-01-03 00:58:29 ----D---- C:\WINDOWS\twain_32
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\wins
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\wbem
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\usmt
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\spool
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\ShellExt
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\Setup
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\scripting
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\ras
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\oobe
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\npp
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\mui
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\inetsrv
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\IME
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\icsxml
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\ias
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\export
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\en
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\drivers\etc
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\drivers\disdn
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\drivers
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\dhcp
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\config
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\3com_dmi
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\3076
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\2052
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1054
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1042
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1041
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1037
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1033
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1031
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1028
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32\1025
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system32
2012-01-03 00:58:29 ----D---- C:\WINDOWS\system
2012-01-03 00:58:29 ----D---- C:\WINDOWS\security
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Resources
2012-01-03 00:58:29 ----D---- C:\WINDOWS\repair
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Provisioning
2012-01-03 00:58:29 ----D---- C:\WINDOWS\pchealth
2012-01-03 00:58:29 ----D---- C:\WINDOWS\PeerNet
2012-01-03 00:58:29 ----D---- C:\WINDOWS\NLDRV
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Network Diagnostic
2012-01-03 00:58:29 ----D---- C:\WINDOWS\mui
2012-01-03 00:58:29 ----D---- C:\WINDOWS\msapps
2012-01-03 00:58:29 ----D---- C:\WINDOWS\msagent
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Media
2012-01-03 00:58:29 ----D---- C:\WINDOWS\L2Schemas
2012-01-03 00:58:29 ----D---- C:\WINDOWS\java
2012-01-03 00:58:29 ----D---- C:\WINDOWS\ime
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Help
2012-01-03 00:58:29 ----D---- C:\WINDOWS\ehome
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Driver Cache
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Debug
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Cursors
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Connection Wizard
2012-01-03 00:58:29 ----D---- C:\WINDOWS\Config
2012-01-03 00:58:29 ----D---- C:\WINDOWS\AppPatch
2012-01-03 00:58:29 ----D---- C:\WINDOWS\addins
2012-01-03 00:58:29 ----D---- C:\WINDOWS
2012-01-03 00:58:28 ----ASH---- C:\pagefile.sys
2012-01-03 00:49:23 ----RSD---- C:\WINDOWS\assembly
2012-01-03 00:48:59 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-03 00:48:05 ----D---- C:\Program Files\ATI Technologies
2012-01-03 00:45:57 ----A---- C:\WINDOWS\system32\snymsico.dll
2012-01-03 00:45:57 ----A---- C:\WINDOWS\system32\drivers\risdptsk.sys
2012-01-03 00:45:57 ----A---- C:\WINDOWS\system32\drivers\rimsptsk.sys
2012-01-03 00:45:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-01-03 00:45:14 ----A---- C:\WINDOWS\system32\drivers\Rtnicxp.sys
2012-01-03 00:45:13 ----D---- C:\WINDOWS\OPTIONS
2012-01-03 00:44:31 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2012-01-03 00:44:28 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2012-01-03 00:44:25 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2012-01-03 00:44:24 ----A---- C:\WINDOWS\system32\ChCfg.exe
2012-01-03 00:44:21 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2012-01-03 00:44:19 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2012-01-03 00:44:17 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2012-01-03 00:44:15 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2012-01-03 00:44:13 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2012-01-03 00:44:11 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012-01-03 00:44:09 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2012-01-03 00:44:05 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012-01-03 00:43:59 ----D---- C:\WINDOWS\system32\RTCOM
2012-01-03 00:43:56 ----A---- C:\WINDOWS\system32\ksuser.dll
2012-01-03 00:43:56 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2012-01-03 00:43:56 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2012-01-03 00:43:52 ----A---- C:\WINDOWS\SoundMan.exe
2012-01-03 00:43:52 ----A---- C:\WINDOWS\SkyTel.exe
2012-01-03 00:43:52 ----A---- C:\WINDOWS\RtlUpd.exe
2012-01-03 00:43:51 ----A---- C:\WINDOWS\RTLCPL.exe
2012-01-03 00:43:50 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2012-01-03 00:43:49 ----D---- C:\Program Files\Realtek
2012-01-03 00:43:49 ----A---- C:\WINDOWS\RTHDCPL.exe
2012-01-03 00:43:49 ----A---- C:\WINDOWS\MicCal.exe
2012-01-03 00:43:49 ----A---- C:\WINDOWS\alcwzrd.exe
2012-01-03 00:43:49 ----A---- C:\WINDOWS\Alcmtr.exe
2012-01-03 00:43:45 ----A---- C:\WINDOWS\RtlExUpd.dll
======List of files/folders modified in the last 1 month======
2012-01-09 22:58:57 ----A---- C:\WINDOWS\win.ini
2012-01-03 09:23:55 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2012-01-03 01:12:18 ----A---- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 risdptsk;risdptsk; C:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-12-16 31088]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-04 2304000]
R3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-05-03 364629]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-04 483328]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 KMService;KMService; C:\WINDOWS\system32\srvany.exe [2003-04-18 8192]
S2 PEVSystemStart;PEVSystemStart; C:\Beruska.com29458B\pev.3XE [2011-06-25 256000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-01-09 654848]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Re: haveď v notebooku
Napsal: 15 led 2012 10:08
Odkud se ta svine furt vraci
Stahnete SPTD http://www.duplexsecure.com/en/downloads
Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte
Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
Dejte logy z Gmeru - viz muj podpis
Stahnete SPTD http://www.duplexsecure.com/en/downloads
- Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
- Ulozte na plochu a spustte
- Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
- Ulozte na plochu a spustte
- Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t -s- Kliknete na OK
- Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
Dejte logy z Gmeru - viz muj podpisRe: haveď v notebooku
Napsal: 15 led 2012 14:39
Pri tomto kroku ked kliknem na OK tak vyskoči tento error...vyosek píše:
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t -s- Kliknete na OK
- Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
Re: haveď v notebooku
Napsal: 15 led 2012 15:16
ked som zapol gmer tak mi to uložilo prazdny log ale ked som scanoval tak toto
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-15 15:13:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC70P
Running: gmer.exe; Driver: C:\DOCUME~1\Michal\LOCALS~1\Temp\pxtorpow.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00986390
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00986640
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 009853D0
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00985300
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009811C0
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00981290
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00982570
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00981000
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 009810A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00982510
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] wininet.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 009820A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] wininet.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 009823A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] wininet.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00982160
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00981D10
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00987250
.text C:\WINDOWS\System32\alg.exe[604] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00AF6390
.text C:\WINDOWS\System32\alg.exe[604] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00AF6640
.text C:\WINDOWS\System32\alg.exe[604] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00AF53D0
.text C:\WINDOWS\System32\alg.exe[604] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AF5300
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AF11C0
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AF1290
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00AF2570
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00AF1000
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00AF10A0
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00AF2510
.text C:\WINDOWS\System32\alg.exe[604] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00AF1D10
.text C:\WINDOWS\System32\alg.exe[604] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00AF7250
.text C:\WINDOWS\System32\alg.exe[604] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00AF20A0
.text C:\WINDOWS\System32\alg.exe[604] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00AF23A0
.text C:\WINDOWS\System32\alg.exe[604] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00AF2160
.text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01336390
.text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01336640
.text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 013353D0
.text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01335300
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 013311C0
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01331290
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!MoveFileW 7C821249 5 Bytes JMP 01332570
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01331000
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!CopyFileW 7C82F863 5 Bytes JMP 013310A0
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01332510
.text C:\WINDOWS\system32\csrss.exe[724] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01331D10
.text C:\WINDOWS\system32\csrss.exe[724] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01337250
.text C:\WINDOWS\system32\csrss.exe[724] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 013320A0
.text C:\WINDOWS\system32\csrss.exe[724] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 013323A0
.text C:\WINDOWS\system32\csrss.exe[724] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01332160
.text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01516390
.text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01516640
.text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 015153D0
.text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01515300
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015111C0
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01511290
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01512570
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01511000
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 015110A0
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01512510
.text C:\WINDOWS\system32\winlogon.exe[752] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01511D10
.text C:\WINDOWS\system32\winlogon.exe[752] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01517250
.text C:\WINDOWS\system32\winlogon.exe[752] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 015120A0
.text C:\WINDOWS\system32\winlogon.exe[752] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 015123A0
.text C:\WINDOWS\system32\winlogon.exe[752] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01512160
.text C:\WINDOWS\system32\services.exe[796] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00D96390
.text C:\WINDOWS\system32\services.exe[796] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00D96640
.text C:\WINDOWS\system32\services.exe[796] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00D953D0
.text C:\WINDOWS\system32\services.exe[796] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D95300
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D911C0
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D91290
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00D92570
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00D91000
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00D910A0
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00D92510
.text C:\WINDOWS\system32\services.exe[796] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00D91D10
.text C:\WINDOWS\system32\services.exe[796] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D97250
.text C:\WINDOWS\system32\services.exe[796] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00D920A0
.text C:\WINDOWS\system32\services.exe[796] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00D923A0
.text C:\WINDOWS\system32\services.exe[796] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00D92160
.text C:\WINDOWS\system32\ctfmon.exe[852] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A66390
.text C:\WINDOWS\system32\ctfmon.exe[852] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A66640
.text C:\WINDOWS\system32\ctfmon.exe[852] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A653D0
.text C:\WINDOWS\system32\ctfmon.exe[852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A65300
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A611C0
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A61290
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A62570
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A61000
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A610A0
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A62510
.text C:\WINDOWS\system32\ctfmon.exe[852] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A61D10
.text C:\WINDOWS\system32\ctfmon.exe[852] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A67250
.text C:\WINDOWS\system32\ctfmon.exe[852] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00A620A0
.text C:\WINDOWS\system32\ctfmon.exe[852] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00A623A0
.text C:\WINDOWS\system32\ctfmon.exe[852] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00A62160
.text C:\WINDOWS\system32\Ati2evxx.exe[960] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00EF6390
.text C:\WINDOWS\system32\Ati2evxx.exe[960] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00EF6640
.text C:\WINDOWS\system32\Ati2evxx.exe[960] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00EF53D0
.text C:\WINDOWS\system32\Ati2evxx.exe[960] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00EF5300
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF11C0
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EF1290
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00EF2570
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00EF1000
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00EF10A0
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00EF2510
.text C:\WINDOWS\system32\Ati2evxx.exe[960] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00EF1D10
.text C:\WINDOWS\system32\Ati2evxx.exe[960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EF7250
.text C:\WINDOWS\system32\Ati2evxx.exe[960] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00EF20A0
.text C:\WINDOWS\system32\Ati2evxx.exe[960] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00EF23A0
.text C:\WINDOWS\system32\Ati2evxx.exe[960] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00EF2160
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00F56390
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F56640
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F553D0
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F55300
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F511C0
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F51290
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00F52570
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00F51000
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00F510A0
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00F52510
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00F51D10
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F57250
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00F520A0
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00F523A0
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00F52160
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00C26390
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00C26640
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00C253D0
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C25300
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C211C0
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C21290
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C22570
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C21000
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C210A0
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C22510
.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C21D10
.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C27250
.text C:\WINDOWS\system32\svchost.exe[1048] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00C220A0
.text C:\WINDOWS\system32\svchost.exe[1048] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00C223A0
.text C:\WINDOWS\system32\svchost.exe[1048] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00C22160
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02C56390
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02C56640
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 02C553D0
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02C55300
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02C511C0
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02C51290
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02C52570
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02C51000
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 02C510A0
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02C52510
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 02C51D10
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02C57250
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 02C520A0
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 02C523A0
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 02C52160
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00B46390
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00B46640
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00B453D0
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B45300
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] ntdll.dll!DbgUiRemoteBreakin 7C94FFE3 5 Bytes JMP 7C81CAFA C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B411C0
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B41290
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00B42570
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00B41000
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00B410A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00B42510
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00B420A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00B423A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00B42160
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00B41D10
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B47250
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 007A6390
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 007A6640
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007A53D0
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007A5300
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007A11C0
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007A1290
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 007A2570
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 007A1000
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007A10A0
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 007A2510
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 007A1D10
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007A7250
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 007A20A0
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 007A23A0
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 007A2160
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00C16390
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00C16640
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00C153D0
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C15300
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C11290
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C12570
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C11000
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C110A0
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C12510
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C11D10
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C17250
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00C120A0
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00C123A0
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00C12160
.text C:\Program Files\Atheros\ACU.exe[1196] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00BF6390
.text C:\Program Files\Atheros\ACU.exe[1196] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00BF6640
.text C:\Program Files\Atheros\ACU.exe[1196] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00BF53D0
.text C:\Program Files\Atheros\ACU.exe[1196] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BF5300
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF11C0
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BF1290
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00BF2570
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00BF1000
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00BF10A0
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00BF2510
.text C:\Program Files\Atheros\ACU.exe[1196] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00BF1D10
.text C:\Program Files\Atheros\ACU.exe[1196] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BF7250
.text C:\Program Files\Atheros\ACU.exe[1196] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00BF20A0
.text C:\Program Files\Atheros\ACU.exe[1196] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00BF23A0
.text C:\Program Files\Atheros\ACU.exe[1196] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00BF2160
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00C86390
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00C86640
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00C853D0
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C85300
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C811C0
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C81290
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C82570
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C81000
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C810A0
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C82510
.text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C81D10
.text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C87250
.text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00C820A0
.text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00C823A0
.text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00C82160
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 015F6390
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 015F6640
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 015F53D0
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 015F5300
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015F11C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 015F1290
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 015F2570
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 015F1000
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 015F10A0
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 015F2510
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 015F1D10
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015F7250
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 015F20A0
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 015F23A0
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 015F2160
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00B36390
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00B36640
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00B353D0
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B35300
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B311C0
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B31290
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00B32570
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00B31000
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00B310A0
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00B32510
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00B31D10
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B37250
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00B320A0
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00B323A0
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00B32160
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160
.text C:\WINDOWS\system32\wscntfy.exe[1352] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00BB6390
.text C:\WINDOWS\system32\wscntfy.exe[1352] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00BB6640
.text C:\WINDOWS\system32\wscntfy.exe[1352] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00BB53D0
.text C:\WINDOWS\system32\wscntfy.exe[1352] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BB5300
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB11C0
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BB1290
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00BB2570
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!CopyFileA
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-15 15:13:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC70P
Running: gmer.exe; Driver: C:\DOCUME~1\Michal\LOCALS~1\Temp\pxtorpow.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00986390
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00986640
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 009853D0
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00985300
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009811C0
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00981290
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00982570
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00981000
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 009810A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00982510
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] wininet.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 009820A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] wininet.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 009823A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] wininet.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00982160
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00981D10
.text C:\Documents and Settings\Michal\Application Data\1.exe[520] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00987250
.text C:\WINDOWS\System32\alg.exe[604] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00AF6390
.text C:\WINDOWS\System32\alg.exe[604] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00AF6640
.text C:\WINDOWS\System32\alg.exe[604] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00AF53D0
.text C:\WINDOWS\System32\alg.exe[604] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AF5300
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AF11C0
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AF1290
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00AF2570
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00AF1000
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00AF10A0
.text C:\WINDOWS\System32\alg.exe[604] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00AF2510
.text C:\WINDOWS\System32\alg.exe[604] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00AF1D10
.text C:\WINDOWS\System32\alg.exe[604] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00AF7250
.text C:\WINDOWS\System32\alg.exe[604] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00AF20A0
.text C:\WINDOWS\System32\alg.exe[604] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00AF23A0
.text C:\WINDOWS\System32\alg.exe[604] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00AF2160
.text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01336390
.text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01336640
.text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 013353D0
.text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01335300
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 013311C0
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01331290
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!MoveFileW 7C821249 5 Bytes JMP 01332570
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01331000
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!CopyFileW 7C82F863 5 Bytes JMP 013310A0
.text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01332510
.text C:\WINDOWS\system32\csrss.exe[724] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01331D10
.text C:\WINDOWS\system32\csrss.exe[724] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01337250
.text C:\WINDOWS\system32\csrss.exe[724] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 013320A0
.text C:\WINDOWS\system32\csrss.exe[724] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 013323A0
.text C:\WINDOWS\system32\csrss.exe[724] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01332160
.text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01516390
.text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01516640
.text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 015153D0
.text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01515300
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015111C0
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01511290
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01512570
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01511000
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 015110A0
.text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01512510
.text C:\WINDOWS\system32\winlogon.exe[752] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01511D10
.text C:\WINDOWS\system32\winlogon.exe[752] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01517250
.text C:\WINDOWS\system32\winlogon.exe[752] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 015120A0
.text C:\WINDOWS\system32\winlogon.exe[752] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 015123A0
.text C:\WINDOWS\system32\winlogon.exe[752] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01512160
.text C:\WINDOWS\system32\services.exe[796] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00D96390
.text C:\WINDOWS\system32\services.exe[796] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00D96640
.text C:\WINDOWS\system32\services.exe[796] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00D953D0
.text C:\WINDOWS\system32\services.exe[796] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D95300
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D911C0
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D91290
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00D92570
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00D91000
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00D910A0
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00D92510
.text C:\WINDOWS\system32\services.exe[796] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00D91D10
.text C:\WINDOWS\system32\services.exe[796] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D97250
.text C:\WINDOWS\system32\services.exe[796] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00D920A0
.text C:\WINDOWS\system32\services.exe[796] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00D923A0
.text C:\WINDOWS\system32\services.exe[796] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00D92160
.text C:\WINDOWS\system32\ctfmon.exe[852] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A66390
.text C:\WINDOWS\system32\ctfmon.exe[852] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A66640
.text C:\WINDOWS\system32\ctfmon.exe[852] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A653D0
.text C:\WINDOWS\system32\ctfmon.exe[852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A65300
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A611C0
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A61290
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A62570
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A61000
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A610A0
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A62510
.text C:\WINDOWS\system32\ctfmon.exe[852] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A61D10
.text C:\WINDOWS\system32\ctfmon.exe[852] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A67250
.text C:\WINDOWS\system32\ctfmon.exe[852] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00A620A0
.text C:\WINDOWS\system32\ctfmon.exe[852] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00A623A0
.text C:\WINDOWS\system32\ctfmon.exe[852] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00A62160
.text C:\WINDOWS\system32\Ati2evxx.exe[960] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00EF6390
.text C:\WINDOWS\system32\Ati2evxx.exe[960] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00EF6640
.text C:\WINDOWS\system32\Ati2evxx.exe[960] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00EF53D0
.text C:\WINDOWS\system32\Ati2evxx.exe[960] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00EF5300
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF11C0
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EF1290
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00EF2570
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00EF1000
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00EF10A0
.text C:\WINDOWS\system32\Ati2evxx.exe[960] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00EF2510
.text C:\WINDOWS\system32\Ati2evxx.exe[960] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00EF1D10
.text C:\WINDOWS\system32\Ati2evxx.exe[960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EF7250
.text C:\WINDOWS\system32\Ati2evxx.exe[960] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00EF20A0
.text C:\WINDOWS\system32\Ati2evxx.exe[960] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00EF23A0
.text C:\WINDOWS\system32\Ati2evxx.exe[960] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00EF2160
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00F56390
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F56640
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F553D0
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F55300
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F511C0
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F51290
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00F52570
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00F51000
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00F510A0
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00F52510
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00F51D10
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F57250
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00F520A0
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00F523A0
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00F52160
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00C26390
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00C26640
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00C253D0
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C25300
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C211C0
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C21290
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C22570
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C21000
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C210A0
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C22510
.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C21D10
.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C27250
.text C:\WINDOWS\system32\svchost.exe[1048] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00C220A0
.text C:\WINDOWS\system32\svchost.exe[1048] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00C223A0
.text C:\WINDOWS\system32\svchost.exe[1048] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00C22160
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02C56390
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02C56640
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 02C553D0
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02C55300
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02C511C0
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02C51290
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02C52570
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02C51000
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 02C510A0
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02C52510
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 02C51D10
.text C:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02C57250
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 02C520A0
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 02C523A0
.text C:\WINDOWS\System32\svchost.exe[1088] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 02C52160
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00B46390
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00B46640
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00B453D0
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B45300
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] ntdll.dll!DbgUiRemoteBreakin 7C94FFE3 5 Bytes JMP 7C81CAFA C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B411C0
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B41290
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00B42570
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00B41000
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00B410A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00B42510
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00B420A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00B423A0
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00B42160
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00B41D10
.text C:\Documents and Settings\Michal\Application Data\1.exe[1120] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B47250
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 007A6390
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 007A6640
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007A53D0
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007A5300
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007A11C0
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007A1290
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 007A2570
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 007A1000
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007A10A0
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 007A2510
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 007A1D10
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007A7250
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 007A20A0
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 007A23A0
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 007A2160
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00C16390
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00C16640
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00C153D0
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C15300
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C11290
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C12570
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C11000
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C110A0
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C12510
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C11D10
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C17250
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00C120A0
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00C123A0
.text C:\Program Files\Wireless Console 2\wcourier.exe[1172] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00C12160
.text C:\Program Files\Atheros\ACU.exe[1196] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00BF6390
.text C:\Program Files\Atheros\ACU.exe[1196] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00BF6640
.text C:\Program Files\Atheros\ACU.exe[1196] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00BF53D0
.text C:\Program Files\Atheros\ACU.exe[1196] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BF5300
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF11C0
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BF1290
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00BF2570
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00BF1000
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00BF10A0
.text C:\Program Files\Atheros\ACU.exe[1196] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00BF2510
.text C:\Program Files\Atheros\ACU.exe[1196] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00BF1D10
.text C:\Program Files\Atheros\ACU.exe[1196] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BF7250
.text C:\Program Files\Atheros\ACU.exe[1196] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00BF20A0
.text C:\Program Files\Atheros\ACU.exe[1196] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00BF23A0
.text C:\Program Files\Atheros\ACU.exe[1196] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00BF2160
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00C86390
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00C86640
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00C853D0
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C85300
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C811C0
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C81290
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C82570
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C81000
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C810A0
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C82510
.text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C81D10
.text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C87250
.text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00C820A0
.text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00C823A0
.text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00C82160
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 015F6390
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 015F6640
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 015F53D0
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 015F5300
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015F11C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 015F1290
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 015F2570
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 015F1000
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 015F10A0
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 015F2510
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 015F1D10
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015F7250
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 015F20A0
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 015F23A0
.text C:\WINDOWS\system32\Ati2evxx.exe[1272] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 015F2160
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00B36390
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00B36640
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00B353D0
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B35300
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B311C0
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B31290
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00B32570
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00B31000
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00B310A0
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00B32510
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00B31D10
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B37250
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00B320A0
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00B323A0
.text C:\Documents and Settings\Michal\Application Data\regsrv33.exe[1300] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00B32160
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1328] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160
.text C:\WINDOWS\system32\wscntfy.exe[1352] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00BB6390
.text C:\WINDOWS\system32\wscntfy.exe[1352] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00BB6640
.text C:\WINDOWS\system32\wscntfy.exe[1352] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00BB53D0
.text C:\WINDOWS\system32\wscntfy.exe[1352] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BB5300
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB11C0
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BB1290
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00BB2570
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!CopyFileA
Re: haveď v notebooku
Napsal: 15 led 2012 15:16
7C8286D6 5 Bytes JMP 00BB1000
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00BB10A0
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00BB2510
.text C:\WINDOWS\system32\wscntfy.exe[1352] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00BB1D10
.text C:\WINDOWS\system32\wscntfy.exe[1352] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BB7250
.text C:\WINDOWS\system32\wscntfy.exe[1352] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00BB20A0
.text C:\WINDOWS\system32\wscntfy.exe[1352] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00BB23A0
.text C:\WINDOWS\system32\wscntfy.exe[1352] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00BB2160
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A56390
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A56640
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A553D0
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A55300
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A511C0
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A51290
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A52570
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A51000
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A510A0
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A52510
.text C:\WINDOWS\system32\spoolsv.exe[1564] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A51D10
.text C:\WINDOWS\system32\spoolsv.exe[1564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A57250
.text C:\WINDOWS\system32\spoolsv.exe[1564] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00A520A0
.text C:\WINDOWS\system32\spoolsv.exe[1564] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00A523A0
.text C:\WINDOWS\system32\spoolsv.exe[1564] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00A52160
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510
.text C:\WINDOWS\system32\svchost.exe[1588] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 000A1D10
.text C:\WINDOWS\system32\svchost.exe[1588] WS2_32.dll!send 71AB4C27 5 Bytes JMP 000A7250
.text C:\WINDOWS\system32\svchost.exe[1588] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 000A20A0
.text C:\WINDOWS\system32\svchost.exe[1588] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 000A23A0
.text C:\WINDOWS\system32\svchost.exe[1588] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 000A2160
.text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02FB6390
.text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02FB6640
.text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 02FB53D0
.text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02FB5300
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02FB11C0
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02FB1290
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02FB2570
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02FB1000
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 02FB10A0
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02FB2510
.text C:\WINDOWS\Explorer.EXE[1668] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 02FB20A0
.text C:\WINDOWS\Explorer.EXE[1668] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 02FB23A0
.text C:\WINDOWS\Explorer.EXE[1668] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 02FB2160
.text C:\WINDOWS\Explorer.EXE[1668] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 02FB1D10
.text C:\WINDOWS\Explorer.EXE[1668] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02FB7250
.text C:\WINDOWS\system32\acs.exe[1692] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01D56390
.text C:\WINDOWS\system32\acs.exe[1692] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01D56640
.text C:\WINDOWS\system32\acs.exe[1692] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 01D553D0
.text C:\WINDOWS\system32\acs.exe[1692] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01D55300
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01D511C0
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01D51290
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01D52570
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01D51000
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 01D510A0
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01D52510
.text C:\WINDOWS\system32\acs.exe[1692] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01D51D10
.text C:\WINDOWS\system32\acs.exe[1692] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01D57250
.text C:\WINDOWS\system32\acs.exe[1692] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 01D520A0
.text C:\WINDOWS\system32\acs.exe[1692] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 01D523A0
.text C:\WINDOWS\system32\acs.exe[1692] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01D52160
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 007C6390
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 007C6640
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007C53D0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007C5300
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C11C0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007C1290
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 007C2570
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 007C1000
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007C10A0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 007C2510
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 007C1D10
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007C7250
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 007C20A0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 007C23A0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 007C2160
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00196390
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00196640
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001953D0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00195300
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00191D10
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00197250
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001920A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001923A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00192160
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00196390
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00196640
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001953D0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00195300
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00191D10
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00197250
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001920A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001923A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00192160
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Qjisii C:\Documents and Settings\Michal\Application Data\Qjisii.exe
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Michal\Application Data\Qjisii.exe 252731 bytes executable
---- EOF - GMER 1.0.15 ----
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00BB10A0
.text C:\WINDOWS\system32\wscntfy.exe[1352] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00BB2510
.text C:\WINDOWS\system32\wscntfy.exe[1352] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00BB1D10
.text C:\WINDOWS\system32\wscntfy.exe[1352] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BB7250
.text C:\WINDOWS\system32\wscntfy.exe[1352] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00BB20A0
.text C:\WINDOWS\system32\wscntfy.exe[1352] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00BB23A0
.text C:\WINDOWS\system32\wscntfy.exe[1352] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00BB2160
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A56390
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A56640
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A553D0
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A55300
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A511C0
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A51290
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A52570
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A51000
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A510A0
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A52510
.text C:\WINDOWS\system32\spoolsv.exe[1564] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A51D10
.text C:\WINDOWS\system32\spoolsv.exe[1564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A57250
.text C:\WINDOWS\system32\spoolsv.exe[1564] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00A520A0
.text C:\WINDOWS\system32\spoolsv.exe[1564] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00A523A0
.text C:\WINDOWS\system32\spoolsv.exe[1564] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00A52160
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510
.text C:\WINDOWS\system32\svchost.exe[1588] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 000A1D10
.text C:\WINDOWS\system32\svchost.exe[1588] WS2_32.dll!send 71AB4C27 5 Bytes JMP 000A7250
.text C:\WINDOWS\system32\svchost.exe[1588] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 000A20A0
.text C:\WINDOWS\system32\svchost.exe[1588] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 000A23A0
.text C:\WINDOWS\system32\svchost.exe[1588] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 000A2160
.text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02FB6390
.text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02FB6640
.text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 02FB53D0
.text C:\WINDOWS\Explorer.EXE[1668] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02FB5300
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02FB11C0
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02FB1290
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02FB2570
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02FB1000
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 02FB10A0
.text C:\WINDOWS\Explorer.EXE[1668] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02FB2510
.text C:\WINDOWS\Explorer.EXE[1668] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 02FB20A0
.text C:\WINDOWS\Explorer.EXE[1668] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 02FB23A0
.text C:\WINDOWS\Explorer.EXE[1668] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 02FB2160
.text C:\WINDOWS\Explorer.EXE[1668] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 02FB1D10
.text C:\WINDOWS\Explorer.EXE[1668] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02FB7250
.text C:\WINDOWS\system32\acs.exe[1692] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01D56390
.text C:\WINDOWS\system32\acs.exe[1692] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01D56640
.text C:\WINDOWS\system32\acs.exe[1692] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 01D553D0
.text C:\WINDOWS\system32\acs.exe[1692] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01D55300
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01D511C0
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01D51290
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01D52570
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01D51000
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 01D510A0
.text C:\WINDOWS\system32\acs.exe[1692] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01D52510
.text C:\WINDOWS\system32\acs.exe[1692] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01D51D10
.text C:\WINDOWS\system32\acs.exe[1692] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01D57250
.text C:\WINDOWS\system32\acs.exe[1692] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 01D520A0
.text C:\WINDOWS\system32\acs.exe[1692] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 01D523A0
.text C:\WINDOWS\system32\acs.exe[1692] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 01D52160
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 007C6390
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 007C6640
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007C53D0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007C5300
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C11C0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007C1290
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 007C2570
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 007C1000
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007C10A0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 007C2510
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 007C1D10
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007C7250
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 007C20A0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 007C23A0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1772] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 007C2160
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00196390
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00196640
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001953D0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00195300
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00191D10
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00197250
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001920A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001923A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2264] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00192160
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2628] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001620A0
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001623A0
.text C:\Documents and Settings\Michal\Desktop\gmer.exe[2748] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00162160
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00196390
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00196640
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001953D0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00195300
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00191D10
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00197250
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 001920A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 001923A0
.text C:\Documents and Settings\Michal\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2828] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 00192160
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Qjisii C:\Documents and Settings\Michal\Application Data\Qjisii.exe
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Michal\Application Data\Qjisii.exe 252731 bytes executable
---- EOF - GMER 1.0.15 ----
Re: haveď v notebooku
Napsal: 15 led 2012 16:58
Skript pro OTL - Opravit - Log sem
Kód: Vybrat vše
:reg
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Qjisii"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Task Services"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Task Services"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Task Services"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft DLL Registaation"=-
"Windows Task Services"=-
"ctfmon.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Task Services"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Task Services"=-
:files
C:\Documents and Settings\Michal\Application Data\regsrv33.exe
C:\Documents and Settings\Michal\Application Data\2.exe
C:\Documents and Settings\Michal\Application Data\1.exe
C:\Documents and Settings\Michal\Application Data\Qjisii.exe
C:\Documents and Settings\Michal\Application Data\*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]