VIRY.CZ

Log z Root Repeal

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/08 12:03
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA6BA8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA63A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA5CB3000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\ADSM_PData_0150
Status: Invisible to the Windows API!

Path: \\?\C:\ADSM_PData_0150\*
Status: Could not enumerate files with the Windows API (0x00000006)!


Path: C:\ADSM_PData_0150\DB
Status: Invisible to the Windows API!

Path: C:\ADSM_PData_0150\DragWait.exe
Status: Invisible to the Windows API!

Path: C:\ADSM_PData_0150\_avt
Status: Invisible to the Windows API!

Path: \\?\C:\ADSM_PData_0150\DB\*
Status: Could not enumerate files with the Windows API (0x00000006)!


Path: C:\ADSM_PData_0150\DB\SI.db
Status: Invisible to the Windows API!

Path: C:\ADSM_PData_0150\DB\UL.db
Status: Invisible to the Windows API!

Path: C:\ADSM_PData_0150\DB\VL.db
Status: Invisible to the Windows API!

Path: C:\ADSM_PData_0150\DB\_avt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\cch6B0.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\cch6B1.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\cch6CD.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Temp\cch6CE.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Temp\cch6D0.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Temp\cch6D1.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Temp\cch6D3.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Temp\cch6D4.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Andy\Local Settings\temp\etilqs_eywnRbuzguhv1beGFcWi
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Andy\Local Settings\temp\etilqs_VdjhLM34eJG5WSWGb7n6
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Andy\Local Settings\temp\chrome_shutdown_ms.txt
Status: Visible to the Windows API, but not on disk.

Path: \\?\C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\*
Status: Could not enumerate files with the Windows API (0x00000006)!


Path: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys
Status: Invisible to the Windows API!

Path: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Andy\My Documents\Fotky\Fotky škola\veci.rar:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\01\0000018d_events.dat
Status: Size mismatch (API: 78692, Raw: 76872)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\01\0000018d_objbt.dat
Status: Size mismatch (API: 3160, Raw: 3096)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\01\0000018d_objdt.dat
Status: Size mismatch (API: 43060, Raw: 42412)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\01\0000018d_objid.dat
Status: Size mismatch (API: 4130, Raw: 4072)

Path: C:\Documents and Settings\Andy\Local Settings\Apps\2.0\M4OA22RM.WV2\3V9DE1ZV.J00\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Andy\Local Settings\Apps\2.0\M4OA22RM.WV2\3V9DE1ZV.J00\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Andy\Local Settings\Apps\2.0\M4OA22RM.WV2\3V9DE1ZV.J00\manifests\CZD Kalkulacka.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Andy\Local Settings\Apps\2.0\M4OA22RM.WV2\3V9DE1ZV.J00\manifests\CZD Kalkulacka.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7736e

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f77a86

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7860c

#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f78b40

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f77d78

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f76460

#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f78a18

#: 044 Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f75d0a

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f788d4

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f77102

#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f78c72

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7a40e

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f77886

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f78976

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f76a20

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f76cf8

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7821c

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7a980

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f76e3a

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f76ee4

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f78016

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f79ea6

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7643c

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7644e

#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f77030

#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f78be2

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f77b08

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f76604

#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f78ab0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7756e

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7a438

#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f78d14

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f77492

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f76f8e

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f76bb6

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f768bc

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7a128

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f76b34

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f760c2

#: 194 Function Name: NtReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7909e

#: 195 Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f78f64

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f79c30

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f76224

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7a860

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f75ec4

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f78312

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f77984

#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f795f2

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f79fa0

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7a4c2

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f76744

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7a5a6

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7a6d2

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f79dd2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f776ea

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f7763c

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f777c8

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f8732a

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f873ee

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f87454

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f8738a

#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f86ec4

#: 323 Function Name: NtUserCallOneParam
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f87242

#: 378 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f870b2

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f86e2c

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f8717a

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f86e78

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f87004

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f86f5a

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f86fae

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f8710a

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f87064

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f86d7c

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6f86dd2

==EOF==

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

ComboFix 10-01-04.01 - Andy 10.01.2010 16:20:45.4.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2039.1039 [GMT 1:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andy\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"C:\cleanup.bat"
"C:\zip.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.bat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\pdfforge Toolbar\
C:\zip.exe

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 12:59 . 2010-01-10 13:24 -------- d-----w- C:\michal key
2010-01-06 09:46 . 2010-01-10 15:19 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-01-04 11:00 . 2009-10-13 15:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2010-01-04 10:59 . 2009-10-13 15:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2010-01-04 10:59 . 2009-10-13 15:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2010-01-04 10:59 . 2009-10-13 15:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2010-01-04 10:58 . 2009-10-13 15:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-01-04 10:58 . 2010-01-04 10:58 -------- d-----w- c:\program files\Daniusoft
2010-01-02 20:27 . 2010-01-03 21:20 -------- d-----w- c:\documents and settings\Andy\DoctorWeb
2010-01-01 16:24 . 2010-01-01 16:24 -------- d-----w- c:\program files\Acclaim Entertainment
2010-01-01 16:24 . 1998-01-23 11:22 304128 ----a-w- c:\windows\IsUninst.exe
2009-12-31 11:08 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-12-31 11:04 . 2009-12-31 11:23 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-31 10:40 . 2009-12-31 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Recisio
2009-12-31 10:40 . 2009-12-31 11:28 -------- d-----w- c:\program files\KaraFun
2009-12-29 18:47 . 2009-12-29 18:48 -------- d-----w- C:\DCPARTE
2009-12-29 11:06 . 2000-03-29 21:00 125440 ----a-w- c:\windows\system32\UNZDLL.DLL
2009-12-29 11:06 . 1999-05-21 20:10 129024 ----a-w- c:\windows\system32\ZIPDLL.DLL
2009-12-29 11:06 . 2009-12-29 11:06 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-12-28 15:20 . 2009-12-28 15:21 -------- d-----w- c:\program files\RM Downloader
2009-12-27 13:39 . 2009-12-27 13:39 -------- d-----w- c:\program files\DriverGuide DriverScan
2009-12-25 11:02 . 2009-12-25 11:03 -------- d-----w- C:\rsit
2009-12-25 11:02 . 2009-12-25 11:02 -------- d-----w- c:\program files\trend micro
2009-12-25 10:54 . 2009-12-25 10:54 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-23 16:13 . 2009-12-23 16:13 -------- d-----w- c:\program files\HD Tune
2009-12-22 18:00 . 2009-12-22 18:00 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-12-22 17:57 . 2009-12-22 18:04 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-22 17:57 . 2009-12-22 18:04 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-22 17:56 . 2010-01-10 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-22 17:56 . 2009-12-22 17:56 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-20 15:24 . 2009-12-20 15:24 -------- d-----w- c:\documents and settings\Andy\Local Settings\Application Data\Thinstall
2009-12-19 16:23 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-19 16:23 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-15 21:30 . 2009-12-15 21:30 -------- d-----w- c:\program files\Tunatic
2009-12-15 14:44 . 2009-12-15 14:44 -------- d-----w- c:\documents and settings\Andy\Application Data\omnitrans
2009-12-15 12:11 . 2009-12-22 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-14 22:43 . 2010-01-01 17:20 -------- d-sh--w- c:\documents and settings\Andy\Phone Browser
2009-12-13 14:51 . 2009-12-13 14:51 -------- d-----w- c:\program files\Omnitrans International

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 01:58 . 2009-11-08 11:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-08 10:20 . 2009-02-18 19:41 -------- d-----w- c:\documents and settings\Andy\Application Data\BatteryBar
2010-01-08 10:15 . 2009-02-18 19:41 -------- d-----w- c:\program files\BatteryBar
2010-01-07 15:10 . 2009-02-20 14:02 -------- d-----w- c:\documents and settings\Andy\Application Data\uTorrent
2010-01-07 11:54 . 2009-07-28 14:46 -------- d-----w- c:\documents and settings\Andy\Application Data\vlc
2010-01-03 19:28 . 2009-06-04 10:46 -------- d-----w- c:\program files\eTECH
2010-01-01 17:20 . 2009-02-18 12:59 -------- d-----w- c:\documents and settings\Andy\Application Data\PC Suite
2009-12-29 21:21 . 2009-03-27 15:43 -------- d-----w- c:\documents and settings\Andy\Application Data\dvdcss
2009-12-29 20:41 . 2009-05-23 10:02 -------- d-----w- c:\documents and settings\Andy\Application Data\Canon
2009-12-29 10:48 . 2009-02-14 12:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-28 19:28 . 2009-02-16 17:06 -------- d-----w- c:\documents and settings\Andy\Application Data\Skype
2009-12-28 16:23 . 2006-06-24 01:13 114688 ----a-w- c:\windows\system32\liclock.dll
2009-12-22 17:52 . 2009-02-14 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-22 16:40 . 2009-02-28 20:45 237568 ----a-w- c:\windows\system32\winping.exe
2009-12-22 16:40 . 2009-02-28 20:45 397379 ----a-w- c:\windows\system32\paqbonus.exe
2009-12-22 13:20 . 2009-02-23 22:12 -------- d-----w- c:\program files\Mobiola Web Camera 2 for S60 3rd Edition
2009-12-20 15:24 . 2009-11-09 14:01 -------- d-----w- c:\documents and settings\Andy\Application Data\Thinstall
2009-12-19 16:14 . 2009-05-23 10:02 -------- d-----w- c:\program files\Canon
2009-12-19 16:14 . 2009-02-14 11:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-15 13:12 . 2009-02-14 11:42 135144 ----a-w- c:\documents and settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-15 13:08 . 2009-02-14 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-11 13:27 . 2009-12-11 13:27 -------- d-----w- c:\program files\KGB Archiver 2
2009-12-07 21:07 . 2009-02-16 17:12 -------- d-----w- c:\documents and settings\Andy\Application Data\skypePM
2009-12-06 17:34 . 2009-12-06 17:34 -------- d-----w- c:\program files\Aspect one
2009-12-04 13:58 . 2009-02-27 12:46 -------- d-----w- c:\program files\Java
2009-12-01 00:19 . 2009-03-31 16:35 -------- d-----w- c:\documents and settings\Andy\Application Data\U3
2009-11-28 08:56 . 2009-02-14 19:05 -------- d-----w- c:\program files\Opera
2009-11-22 15:28 . 2009-11-22 15:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-22 11:48 . 2009-11-22 11:48 -------- d-----w- c:\documents and settings\Andy\Application Data\Vectir
2009-11-22 11:43 . 2009-11-22 11:43 -------- d-----w- c:\program files\Vectir
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 22:30 . 2009-11-03 22:41 996984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-11 20:02 . 2009-11-11 20:02 -------- d-----w- c:\program files\directx
2009-11-11 16:34 . 2009-08-11 13:39 -------- d-----w- c:\program files\4shared.com
2009-10-29 07:45 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-28 08:33 . 2009-02-14 11:35 356352 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-02-28 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2006-02-28 12:00 . 2009-02-14 12:13 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatBar"="c:\program files\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-05-31 3158016]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-23 2582288]
"PhilipsLime"="c:\program files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2006-06-09 159744]
"MzRamBooster"="c:\program files\MzRam\MzRamBooster.exe" [2009-05-15 194560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-16 39408]
"Google Update"="c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-24 133104]
"Vectir"="c:\program files\Vectir\Vectir.exe" [2008-03-18 688128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-07-12 225280]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-26 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-12 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-26 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-17 815104]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-03-05 677408]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-11-13 851968]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-02-14 33136]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-07-13 651264]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2009-07-13 1337344]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-16 122368]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]
Canon LBP3200 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP4LAK.EXE [2009-3-15 30720]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Andy\\My Documents\\VLCPortable\\App\\vlc\\vlc.exe"=
"c:\\Documents and Settings\\Andy\\My Documents\\Nový priečinok\\DC++\\StrongDC.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Phone Remote Control\\PhoneRemoteControl.exe"=
"c:\\Documents and Settings\\Andy\\My Documents\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [30.1.2007 21:07 39080]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [23.3.2009 19:07 1382672]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [16.2.2009 17:07 222456]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.1.2007 18:31 42000]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.2.2009 12:30 36608]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.5.2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.5.2009 20:59 19472]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [4.1.2010 11:58 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [4.1.2010 11:59 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [4.1.2010 11:59 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [4.1.2010 11:59 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [4.1.2010 12:00 25704]
S0 a347scsi;a347scsi;c:\windows\system32\Drivers\a347scsi.sys --> c:\windows\system32\Drivers\a347scsi.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 TEUSBAVCAP;USB AV4CH Capture;c:\windows\system32\drivers\U3104AVCap.sys [25.9.2009 9:43 73472]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 13:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2009-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-606747145-725345543-1004Core.job
- c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 12:22]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-606747145-725345543-1004UA.job
- c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\8t5423nd.default\
FF - component: c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\8t5423nd.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\8t5423nd.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\8t5423nd.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\NPSWF32_back.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 16:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\ADSM_PData_0150

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="9C1EC2BA3B63FC1690A227E97A2EC579ED27AFD839CC6CD11E336FBD1A049AA84ED1124ED429DB4785D2707FED7A0EBD81B27D5C410535FE6805EE62D699988BC772CC798DD62B29E54ABCF4963B47B3669F2D24FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74C9DB7CE019D40AA5CACECAF4D34B19C002A3F5E5371FA61DD7B4241719884C932128D508F820E93BEBF6A7A814E696556AC6BDFD8778F7275A115DEBA5053F45C1E11F0493B216A49447AD6223ECB2C330E2C95E8E16B5625D72D435DE4CA771839252287B8E8986AAC658C7555830FE305793702D53AA4C2BBD4B2B1703786E10704D41BAAF3116ABFF55BE2F7025C191ED06C458F6EA888BD5A64B2212C0B9EFAECECF75696F9F698FCF17721FA1968B7B3D5F8DBBCE416A28F01003C0024176021C23593672E9EA64D7665DC67FA4B08A403089D1F8C6D81492ADA984B22F3D4E8220FCEC1BB57ABBE017F4C82ED1F94ACFBFDC9D28975C9E172AB21ED8AC6C98D4BE688C5E5773FAD1F41A5CC12A53AD9B90EEC57F5F6BA365FFB55889782045FF0BD5454A2BDCA7853C4B089BA83293CAA0FA37224A169A8ED7C4882367D2030BCBD5A171CC98E038F4DCC426FC264E7B079A0AD99073F1E8C7E2105877409D54BB2D7F6319F9DB53FBE69C26BD14376A1EBAAD60D9D77019CF91B7E6286812BA98A1DA475A75D7C3EA20D9A9E7F7383C7A71CFD6BC1253FF6870622CF3620115EDB0E132E2D08C65FA4509EAC8272B0611462F7D42F2B49E569C4E40CEBCC66E15DA2F8D6E2AE866595E0E66D7595A220B800601F8AC215A9014F810AF248959DE9E6D01DDCB2B50AEBFE4F6AD404012AC50B9152D7F81EF3D42F75EEF921867303FB5B6312CACE7AC08077E48039F8990CAEADA983AD5FEB10858394153FA9374C951B405F02D0584FD04450C0863B7B81A81A96DB975C2C818431883B5BF0B10D7C567F85B7C138F8E95ED4BC8DFCD3C0CB80BE12BD1A459D74C90BC803D11D310C1A1EA89EA6A3C25EB04C02477596867CCCF93C7DA1397830DA927B1A4AAA4936335052BB0D95D5546C47837FE2AF353830D35608817E4E26364AF7D3D47D887DB67AEC6B03817F8384099556847BD20AA08DBEE0CB027FDA710C463BF62FC6FA7BB84B5C1ECBAF3AB288713E20CC0916579BB6E294218CE4686C4F2EB64A80DA1CD91F91F34CFBD97173357FFEE92791D1A7E4B8F62F1E6F38B0655E9E50D6DCF6DD036121519C5782A661B76B8C1D48500B54E38FF37D394350BA503DB28A57B17E71F5C59C6F3C69375D543863019657D9F33A01A91B97AFFA6560A45C85AF3024CCCF05E0F4A4EDEBEF19B88E8E7031579463EFFE896FE712E23A6CA854"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3056)
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\BatteryBar\BatteryBar.dll
c:\program files\BatteryBar\BatteryBar.Utilities.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\windows\system32\crypserv.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\CAP4RSK.EXE
c:\windows\RTHDCPL.EXE
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\program files\Philips\Philips Lime Service\bin\Lime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Completion time: 2010-01-10 16:45:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 15:45
ComboFix2.txt 2010-01-04 14:18
ComboFix3.txt 2009-12-27 22:01

Pre-Run: 68 826 013 696 bytes free
Post-Run: 68 908 109 824 bytes free

- - End Of File - - 126E52BB70538AA2A435E752DE0650E7

Jak to vypadá s počítačem ted?

Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.



Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir


Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)


Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry

Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?

Zdá sa mi, že procesor je viac vyťažený aj pri jednoduchej práci. Niekedy sa mi sekne bluetooth adaptér a musím reštartovať pc.


Log RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Andy at 2010-01-12 10:52:20
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 75 GB (32%) free of 238 GB
Total RAM: 2039 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:26, on 12.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CAP4RSK.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\ASScrPro.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\MzRam\MzRamBooster.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\Vectir\Vectir.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Documents and Settings\Andy\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Andy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [MzRamBooster] C:\Program Files\MzRam\MzRamBooster.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Vectir] C:\Program Files\Vectir\Vectir.exe /Startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BatteryBar.lnk = ?
O4 - Startup: Real Desktop.lnk = C:\Program Files\Real Desktop\Real Desktop.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3869890203
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 14830 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-606747145-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-606747145-725345543-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-09 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-04 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-12-22 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-09 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-07-12 225280]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-26 16855552]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-10-12 1826816]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-26 630784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-17 815104]
"IFXSPMGT"=C:\WINDOWS\system32\ifxspmgt.exe [2007-03-05 677408]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-17 7737344]
"ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30 51768]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2007-11-13 851968]
"ASUS Screen Saver Protector"=C:\WINDOWS\ASScrPro.exe [2009-02-14 33136]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-11-03 2540800]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-21 134656]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-21 166912]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-01-21 134656]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"PhilipsDM"=C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe [2006-07-13 651264]
"4shared Update"=C:\Program Files\4shared Desktop\checkUpdate.exe [2009-07-13 1337344]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-10-16 122368]
"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2009-05-21 1372160]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2009-05-21 1202448]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StatBar"=C:\Program Files\Globe Software\StatBar\StatBar.exe [2003-07-25 335872]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2007-05-31 3158016]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2009-03-23 2582288]
"PhilipsLime"=C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe [2006-06-09 159744]
"MzRamBooster"=C:\Program Files\MzRam\MzRamBooster.exe [2009-05-15 194560]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-16 39408]
"Google Update"=C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 133104]
"Vectir"=C:\Program Files\Vectir\Vectir.exe [2008-03-18 688128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Canon LBP3200 Status Window.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE

C:\Documents and Settings\Andy\Start Menu\Programs\Startup
BatteryBar.lnk - C:\Program Files\BatteryBar\BatteryBar.exe
Real Desktop.lnk - C:\Program Files\Real Desktop\Real Desktop.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-01-21 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\Andy\My Documents\VLCPortable\App\vlc\vlc.exe"="C:\Documents and Settings\Andy\My Documents\VLCPortable\App\vlc\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\Andy\My Documents\Nový priečinok\DC++\StrongDC.exe"="C:\Documents and Settings\Andy\My Documents\Nový priečinok\DC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Mobiola Web Camera for S60\webcam.exe"="C:\Program Files\Mobiola Web Camera for S60\webcam.exe:*:Enabled:Mobiola Web Camera"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Phone Remote Control\PhoneRemoteControl.exe"="C:\Program Files\Phone Remote Control\PhoneRemoteControl.exe:*:Enabled: "
"C:\Documents and Settings\Andy\My Documents\utorrent.exe"="C:\Documents and Settings\Andy\My Documents\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Promixis\Girder\girder.exe"="C:\Program Files\Promixis\Girder\girder.exe:*:Enabled:Trust Girder"
"C:\Program Files\Promixis\Girder\grunt.exe"="C:\Program Files\Promixis\Girder\grunt.exe:*:Enabled:Trust Girder Runtime"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-01-12 10:52:20 ----D---- C:\rsit
2010-01-12 10:49:06 ----D---- C:\Program Files\CCleaner
2010-01-12 10:04:09 ----SHD---- C:\RECYCLER
2010-01-10 13:59:07 ----D---- C:\michal key
2010-01-06 10:46:35 ----A---- C:\WINDOWS\system32\acovcnt.exe
2010-01-04 11:58:34 ----D---- C:\Program Files\Daniusoft
2010-01-02 20:09:33 ----A---- C:\Boot.bak
2010-01-02 20:09:27 ----RASHD---- C:\cmdcons
2010-01-01 17:24:31 ----D---- C:\Program Files\Acclaim Entertainment
2010-01-01 17:24:15 ----A---- C:\WINDOWS\IsUninst.exe
2009-12-31 12:09:33 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-31 12:09:32 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-31 12:09:32 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-31 12:09:31 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-31 12:09:31 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-31 12:09:30 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-31 12:09:30 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-31 12:09:29 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-12-31 12:09:29 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-31 12:09:28 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-12-31 12:09:27 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-12-31 12:09:27 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-31 12:09:27 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-12-31 12:09:26 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-31 12:09:25 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-12-31 12:09:25 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-12-31 12:09:25 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-31 12:09:23 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-12-31 12:09:23 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-31 12:09:22 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-12-31 12:09:22 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-31 12:09:21 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-12-31 12:09:21 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-31 12:09:20 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-12-31 12:09:20 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-12-31 12:09:20 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-31 12:09:19 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-12-31 12:09:18 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-12-31 12:09:18 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-12-31 12:09:17 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-12-31 12:09:16 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-12-31 12:09:15 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-12-31 12:09:15 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-12-31 12:09:14 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-12-31 12:09:14 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-12-31 12:09:13 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-12-31 12:09:13 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-12-31 12:09:12 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-12-31 12:09:12 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-12-31 12:09:11 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-12-31 12:09:11 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-12-31 12:09:09 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-12-31 12:09:09 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-12-31 12:09:09 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-12-31 12:09:08 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-12-31 12:09:07 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-12-31 12:09:07 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-12-31 12:09:06 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-12-31 12:09:05 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-12-31 12:09:05 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-12-31 12:09:05 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-12-31 12:09:05 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-31 12:09:04 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-12-31 12:09:04 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-12-31 12:09:02 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-12-31 12:09:01 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-12-31 12:09:00 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-31 12:08:59 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-12-31 12:08:58 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-12-31 12:08:57 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-12-31 12:08:56 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-12-31 12:08:56 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-12-31 12:08:56 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-12-31 12:08:55 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-12-31 12:08:55 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-12-31 12:08:54 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-31 12:08:54 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-12-31 12:08:53 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-31 12:08:48 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-31 12:08:48 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-31 12:08:48 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-31 12:08:47 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-12-31 12:08:47 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-12-31 12:08:46 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-12-31 12:08:46 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-31 12:08:45 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-31 12:08:44 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-31 11:40:21 ----D---- C:\Documents and Settings\All Users\Application Data\Recisio
2009-12-31 11:40:20 ----D---- C:\Program Files\KaraFun
2009-12-29 19:47:57 ----D---- C:\DCPARTE
2009-12-29 12:07:07 ----A---- C:\WINDOWS\Memoria3.ini
2009-12-29 12:06:52 ----A---- C:\WINDOWS\PROTOCOL.INI
2009-12-29 12:06:38 ----A---- C:\WINDOWS\system32\ZIPDLL.DLL
2009-12-29 12:06:38 ----A---- C:\WINDOWS\system32\UNZDLL.DLL
2009-12-29 12:06:34 ----D---- C:\Program Files\Common Files\Borland Shared
2009-12-28 16:20:42 ----D---- C:\Program Files\RM Downloader
2009-12-27 14:39:35 ----D---- C:\Program Files\DriverGuide DriverScan
2009-12-25 12:02:41 ----D---- C:\Program Files\trend micro
2009-12-25 11:54:28 ----D---- C:\Program Files\Common Files\LightScribe
2009-12-23 17:13:12 ----D---- C:\Program Files\HD Tune
2009-12-22 18:56:32 ----D---- C:\Program Files\Kaspersky Lab
2009-12-22 18:56:32 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-12-19 17:26:02 ----A---- C:\WINDOWS\CSTBox.INI
2009-12-15 22:30:09 ----D---- C:\Program Files\Tunatic
2009-12-15 15:44:00 ----D---- C:\Documents and Settings\Andy\Application Data\omnitrans
2009-12-15 13:11:45 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-13 15:51:24 ----D---- C:\Program Files\Omnitrans International

======List of files/folders modified in the last 1 months======

2010-01-12 10:52:26 ----D---- C:\WINDOWS\Prefetch
2010-01-12 10:52:17 ----HD---- C:\WINDOWS\Temp
2010-01-12 10:49:06 ----D---- C:\Program Files
2010-01-12 10:42:12 ----AD---- C:\WINDOWS\system32
2010-01-12 10:42:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-12 10:39:19 ----A---- C:\WINDOWS\win.ini
2010-01-12 10:37:35 ----SHD---- C:\System Volume Information
2010-01-12 10:37:35 ----D---- C:\WINDOWS\system32\Restore
2010-01-12 10:36:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-12 10:35:45 ----AD---- C:\WINDOWS
2010-01-12 10:12:40 ----D---- C:\WINDOWS\Minidump
2010-01-11 21:35:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-10 16:45:35 ----D---- C:\WINDOWS\system32\drivers
2010-01-10 16:33:37 ----A---- C:\WINDOWS\system.ini
2010-01-10 16:30:18 ----D---- C:\WINDOWS\system32\config
2010-01-10 16:25:54 ----D---- C:\WINDOWS\AppPatch
2010-01-10 16:25:47 ----D---- C:\Program Files\Common Files
2010-01-10 16:12:50 ----A---- C:\WINDOWS\wincmd.ini
2010-01-10 15:54:21 ----D---- C:\Program Files\Mozilla Firefox
2010-01-10 15:36:17 ----HD---- C:\WINDOWS\inf
2010-01-08 11:20:58 ----D---- C:\Documents and Settings\Andy\Application Data\BatteryBar
2010-01-08 11:15:48 ----D---- C:\Program Files\BatteryBar
2010-01-07 16:10:45 ----D---- C:\Documents and Settings\Andy\Application Data\uTorrent
2010-01-07 12:54:48 ----D---- C:\Documents and Settings\Andy\Application Data\vlc
2010-01-04 15:43:26 ----D---- C:\Download
2010-01-04 12:00:32 ----DC---- C:\WINDOWS\system32\dllcache
2010-01-03 20:28:00 ----D---- C:\Program Files\eTECH
2010-01-03 10:56:20 ----SHD---- C:\WINDOWS\Installer
2010-01-03 10:56:20 ----D---- C:\Config.Msi
2010-01-03 10:56:14 ----A---- C:\WINDOWS\OEWABLog.txt
2010-01-03 10:55:10 ----D---- C:\Documents and Settings
2010-01-02 20:41:33 ----SD---- C:\WINDOWS\Tasks
2010-01-02 20:09:33 ----RASH---- C:\boot.ini
2010-01-01 18:20:14 ----D---- C:\Documents and Settings\Andy\Application Data\PC Suite
2009-12-31 12:23:16 ----D---- C:\WINDOWS\system32\DirectX
2009-12-31 12:08:53 ----RSD---- C:\WINDOWS\assembly
2009-12-29 22:21:26 ----D---- C:\Documents and Settings\Andy\Application Data\dvdcss
2009-12-29 21:41:01 ----D---- C:\Documents and Settings\Andy\Application Data\Canon
2009-12-29 15:55:08 ----D---- C:\WINDOWS\system32\oodag
2009-12-29 11:48:30 ----D---- C:\Program Files\Common Files\Adobe
2009-12-29 11:48:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-29 11:48:14 ----D---- C:\Program Files\Adobe
2009-12-28 20:28:37 ----D---- C:\Documents and Settings\Andy\Application Data\Skype
2009-12-28 17:23:26 ----A---- C:\WINDOWS\system32\liclock.dll
2009-12-28 10:14:23 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-22 18:52:59 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-12-22 18:52:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-22 17:55:48 ----D---- C:\WINDOWS\msk
2009-12-22 17:40:09 ----A---- C:\WINDOWS\system32\winping.exe
2009-12-22 17:40:08 ----A---- C:\WINDOWS\system32\paqbonus.exe
2009-12-22 14:20:59 ----D---- C:\Program Files\Mobiola Web Camera 2 for S60 3rd Edition
2009-12-22 00:04:33 ----SD---- C:\Documents and Settings\Andy\Application Data\Microsoft
2009-12-20 16:24:09 ----D---- C:\Documents and Settings\Andy\Application Data\Thinstall
2009-12-19 17:24:48 ----D---- C:\WINDOWS\Media
2009-12-19 17:24:46 ----D---- C:\WINDOWS\twain_32
2009-12-19 17:14:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-19 17:14:33 ----D---- C:\Program Files\Canon
2009-12-15 14:08:46 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-14 23:25:35 ----A---- C:\WINDOWS\WirelessFTP.INI
2009-12-14 21:48:32 ----A---- C:\WINDOWS\IE4 Error Log.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-12-22 296976]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-10 31846]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2007-01-30 39080]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys []
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-30 36608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-02 4620288]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-29 5632]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-25 5760]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-05-28 4203392]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-03-27 130816]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-26 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-02 1769984]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-05-03 39552]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-10-17 198976]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys [2009-10-13 25704]
S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2006-11-29 28224]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 STIrUsb;STIrUsb.sys SigmaTel USB-IrDA Adapter; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2004-10-19 31048]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TEUSBAVCAP;USB AV4CH Capture; C:\WINDOWS\system32\drivers\U3104AVCap.sys [2008-05-28 73472]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2001-08-01 32256]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-09-22 69632]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2009-03-23 1382672]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-05-21 874768]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\WINDOWS\system32\ifxspmgt.exe [2007-03-05 677408]
R2 IFXTCS;Trusted Platform Core Service; C:\WINDOWS\system32\ifxtcs.exe [2007-03-01 849440]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-20 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]
R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\WINDOWS\system32\IfxPsdSv.exe [2007-03-01 140832]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-05-21 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-05-21 909312]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-02-25 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-22 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-16 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Znáte tuto složku, můžete se prosím podívat, co v ní je?
C:\WINDOWS\msk

tyto dva soubory dejte do zipu nebo raru a někde uložte bokem. Tyto pak smažte
C:\WINDOWS\system32\winping.exe
C:\WINDOWS\system32\paqbonus.exe

Pokud by vám někde chyběli, njaké programy nešly, obnovíte je z raru . Nezdají se mi, ačkoliv virustotal byl v pořádku .

Zkoušeli jsme opravu winxp managerem?

Priečinok msk je prázdny, opravu XP managerom sme nerobili.

Dobře, tu složku tedy smažte. Co procesor nejvíc vytěžuje nevíte?
Podle mě je pc čisté

Najviac Google quick search box, je asi druhy alebo treti a berie dosť ramky. Ešte by som chcecel tu ikonu Moje dokumenty to Tento počítač. Ako často mám používať CCleaner ?

A můžete ho zkusit vypnout - odinstalovat, zda to pomůže?
Tu složku moje dokumenty nemáte jako ikonu na ploše, ale v nabídce startu ano?

Mám ju v Štarte ale mal som ju aj v Tento počítač.

A na ploše ji nechcete, že by jste nechal odeslat zástupce na plochu

Jinak zkuste opravu win xp managerem
http://www.viry.cz/forum/viewtopic.php?f=46&t=17549
Zkuste si s tím trochu pohrát

Nedalo by sa to nejako do toho počítača ? (starý zvyk)

Zkuste ten win xp manager , jinak nevím