Kontrola HJT logu - Preventivka Vyřešeno

[Architegt]

Ahoj. Nemám žádný problém jen bych se chtěl ujistit že sem čistej . Tak jestli by byl někdo tak hodnej a kouknul mi na to. Moc tomu nerozumím, ale nezdá se mi tam ten IE. Nepoužívám ho mam Operu i Mozillu a střídám tyhle dva, pak se mi ještě nelíbí ICQ, mám QIP a ICQ používám jen na SMS, ale nevím co znmná "extra buttons"... Notebook mám asi 2 měsíce po reinstalaci, mám tam dualboot s Linux Ubuntu. Diky moc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:35, on 27.7.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: BTShellFolder Class - {7418E5F5-0E48-4144-8F92-5CA791C82396} - C:\Program Files\BumpTop\BTShExt.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BTBho Class - {DE713078-8012-4B75-92BA-398D4642A64B} - C:\Program Files\BumpTop\BTShExt.dll
O3 - Toolbar: BumpTop Explorer Bar - {32CA105A-BD6C-4AFC-B4D9-346262E9F483} - C:\Program Files\BumpTop\BTShExt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - C:\Program Files\BumpTop\BTShExt.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7839 bytes


Ještě jednou děkuju

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O13 - Gopher Prefix:


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Pro kontrolu:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Když nebude žádná nákaza , je to všechno.

[Architegt]

Tak je to tady... HJT fixed, pres ATF smazano. Zatim diky

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2524
Windows 6.0.6002 Service Pack 2

28.7.2009 16:54:03
mbam-log-2009-07-28 (16-53-56).txt

Typ skenu: Rychlý sken
Objektu skenováno: 82080
Uplynulý cas: 4 minute(s), 35 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\System32\mpgdec.ax (Backdoor.Bot) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\WINDOWS\System32\mpgdec.ax (Backdoor.Bot) -> No action taken.

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

[Architegt]

RSIT:

info.txt logfile of random's system information tool 1.06 2009-07-29 19:48:21

======Uninstall list======

2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Installer 4.00.B14-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x5
Balíček ovladače systému Windows - Nokia Modem (06/01/2009 4.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_44b2e2d6\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_34a3d799\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
BIOS Configuration for HP ProtectTools-->MsiExec.exe /X{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
BumpTop-->MsiExec.exe /I{1A6915E2-7CCD-4D74-8C4F-183C1DAA6E1B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Device Access Manager for HP ProtectTools-->MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
EASEUS Deleted File Recovery 2.1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{865A8951-8D9A-46CB-84A2-3D67BA38B923}\setup.exe" -l0x9 -removeonly
ESU for Microsoft Vista-->MsiExec.exe /I{E0901C9C-78EE-42CC-8555-5B8F41B69100}
Ext2Fsd 0.46-->"C:\Program Files\Ext2Fsd\unins000.exe"
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{E59A46D4-699C-4DC8-969F-DAC3395B4543}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636}
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Notebook Accessories Product Tour-->MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}
HP ProtectTools Security Manager-->MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.20 G2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0005 -removeonly uninst
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guides 0084-->MsiExec.exe /I{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}
HP Wireless Assistant-->MsiExec.exe /I{0289B18A-F99F-423F-B79F-1150D0F85492}
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Instalátor programu HP Backup & Recovery Manager -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x5 -uninst -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JPEG Resampler Vs 4.7-->"C:\Program Files\JPEG Resampler\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Czech Language Pack-->MsiExec.exe /X{5E65E94D-69F2-4850-9E93-6459C53A0F50}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mike Crash's Vegas Filters Uninstall-->"C:\Program Files\Sony\Filters\uninst-mcvegas.exe"
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite-->C:\ProgramData\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_cze_web.exe
Nokia PC Suite-->MsiExec.exe /I{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PDF Complete-->C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
Pomocník pro přihlášení ke službě Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Registrar Registry Manager 6.02-->"C:\Program Files\Registrar Registry Manager\unins000.exe"
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Vegas Auto Levels Uninstall-->"C:\Program Files\Sony\Filters\uninst-autolevels.exe"
Vegas Ball Uninstall-->"C:\Program Files\Sony\Filters\uninst-vegball.exe"
Vegas Dynamic Noise Reduction Uninstall-->"C:\Program Files\Sony\Filters\uninst-vegdnr.exe"
Vegas Pro 9.0-->MsiExec.exe /X{DC785DB7-D389-48C3-B146-96FE99BF4E2B}
Vista Default Settings-->MsiExec.exe /I{8FD6931B-2E3E-48F9-87C4-D247DB52C7FE}
VLC media player 1.0.0-rc4-->C:\Program Files\VLC\uninstall.exe

=====HijackThis Backups=====

O23 - Service: MySql - Unknown owner - C:/Hearthstone/mysql/bin/mysqld.exe (file missing) [2009-07-27]

======Security center information======

AV: ESET NOD32 Antivirus 4.0
AS: ESET NOD32 Antivirus 4.0
AS: Windows Defender

=====Application event log=====

Computer Name: Dan-NB
Event Code: 223
Message: WinMail (3664) WindowsMail0: Začíná zálohování souboru protokolu (rozsah C:\Users\Dan\AppData\Local\Microsoft\Windows Mail\edb00001.log - C:\Users\Dan\AppData\Local\Microsoft\Windows Mail\edb00001.log).
Record Number: 5
Source Name: ESENT
Time Written: 20090619114441.000000-000
Event Type: Informace
User:

Computer Name: Dan-NB
Event Code: 221
Message: WinMail (3664) WindowsMail0: Končí zálohování souboru C:\Users\Dan\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.
Record Number: 4
Source Name: ESENT
Time Written: 20090619114441.000000-000
Event Type: Informace
User:

Computer Name: Dan-NB
Event Code: 220
Message: WinMail (3664) WindowsMail0: Začíná zálohování souboru C:\Users\Dan\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore (velikost 2 Mb).
Record Number: 3
Source Name: ESENT
Time Written: 20090619114440.000000-000
Event Type: Informace
User:

Computer Name: Dan-NB
Event Code: 210
Message: WinMail (3664) WindowsMail0: Probíhá spouštění úplného zálohování.
Record Number: 2
Source Name: ESENT
Time Written: 20090619114440.000000-000
Event Type: Informace
User:

Computer Name: Dan-NB
Event Code: 102
Message: WinMail (3664) WindowsMail0: Databázový stroj (6.00.6000.0000) spustil novou instanci (0).
Record Number: 1
Source Name: ESENT
Time Written: 20090619114438.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Dan-NB
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: DAN-NB$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0x264
Název procesu: C:\WINDOWS\System32\services.exe

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619114709.481236-000
Event Type: Úspěch auditu
User:

Computer Name: Dan-NB
Event Code: 5032
Message: Bráně Windows Firewall se nepodařilo oznámit uživateli, že zabránila aplikaci přijímat příchozí připojení v síti.

Kód chyby: 2
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619114637.641636-000
Event Type: Selhání auditu
User:

Computer Name: Dan-NB
Event Code: 5032
Message: Bráně Windows Firewall se nepodařilo oznámit uživateli, že zabránila aplikaci přijímat příchozí připojení v síti.

Kód chyby: 2
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619114637.641636-000
Event Type: Selhání auditu
User:

Computer Name: Dan-NB
Event Code: 5032
Message: Bráně Windows Firewall se nepodařilo oznámit uživateli, že zabránila aplikaci přijímat příchozí připojení v síti.

Kód chyby: 2
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090619114637.641636-000
Event Type: Selhání auditu
User:

Computer Name: Dan-NB
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-1726798698-899628137-3414393901-1006
Název účtu: Dan
Název domény: Dan-NB
ID přihlášení: 0x19cf1
Record Number: 1
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090619114431.491036-000
Event Type: Úspěch auditu
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\PC Connectivity Solution;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=BNB
"OnlineServices"=Online Services
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


MBAM našel zase dvě stejný hrozby:

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2524
Windows 6.0.6002 Service Pack 2

29.7.2009 19:47:48
mbam-log-2009-07-29 (19-47-46).txt

Typ skenu: Rychlý sken
Objektu skenováno: 82086
Uplynulý cas: 4 minute(s), 13 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\System32\mpgdec.ax (Backdoor.Bot) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\WINDOWS\System32\mpgdec.ax (Backdoor.Bot) -> No action taken.

[Architegt]

Vyskytl se problém. Dost neuvěřitelnej.Měl jsem vypnutej antivir kvůli těm kontrolám, na ploše mám stáhlej Combofix. Když jsem si odskočil moje cyberkočka ho odmáčkla (nedokážu si to vysvětlit, muselo se jí to zeptat na práva...) a spustil se combofix. Přišel jsem když byl v 5 fázi... Znamená to pro mě problém? Hodím se log... Omlouvám se za komplikace s tímhle sem nepočítal, ale prostě stalo se...

Edit: Tak jsem přišel na první změny: Pozadí plochy se mi změnilo na základní, ale jinak je vše v normálu

ComboFix 09-07-29.03 - Dan 29.07.2009 19:30.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2039.1171 [GMT -7:00]
Spuštěný z: c:\users\Dan\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1491950412-2009852829-4049741679-1006
c:\$recycle.bin\S-1-5-21-1491950412-2009852829-4049741679-1007
c:\$recycle.bin\S-1-5-21-1726798698-899628137-3414393901-1006
c:\windows\Installer\55156d.msi

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-28 do 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 02:36 . 2009-07-30 02:36 -------- d-----w- c:\users\Dan\AppData\Local\temp
2009-07-28 23:47 . 2009-07-28 23:47 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes
2009-07-28 23:47 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 23:47 . 2009-07-28 23:47 -------- d-----w- c:\programdata\Malwarebytes
2009-07-28 23:47 . 2009-07-28 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 23:47 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 23:19 . 2009-07-18 11:35 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-28 23:19 . 2009-07-18 16:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-28 03:25 . 2009-07-28 03:25 -------- d-----w- c:\program files\Trend Micro
2009-07-27 07:14 . 2009-07-27 07:15 -------- d-----w- c:\program files\Unlocker
2009-07-27 05:47 . 2009-07-27 05:53 -------- d-----w- c:\users\Dan\AppData\Roaming\BitTorrent
2009-07-25 06:33 . 2009-07-25 06:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-25 06:32 . 2009-07-25 06:32 -------- d-----w- c:\users\Dan\AppData\Local\Microsoft Help
2009-07-25 06:31 . 2009-07-25 06:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 06:30 . 2009-07-25 06:30 -------- d-----w- c:\program files\Microsoft
2009-07-25 06:00 . 2009-07-25 06:00 -------- d-----w- c:\users\Dan\AppData\Local\WindowsUpdate
2009-07-25 02:26 . 2009-07-25 02:27 -------- d-----w- c:\users\Dan\AppData\Local\Microsoft Games
2009-07-24 19:24 . 2009-07-24 19:24 -------- d-----w- c:\users\Dan\AppData\Roaming\Roxio
2009-07-23 03:17 . 2009-07-23 03:17 -------- d-----w- c:\programdata\Blizzard
2009-07-23 01:19 . 2009-01-20 19:52 31928 ----a-w- c:\windows\system32\rrMon.sys
2009-07-23 01:18 . 2009-07-23 01:20 -------- d-----w- c:\program files\Registrar Registry Manager
2009-07-22 21:56 . 2009-07-25 07:09 -------- d-----w- c:\users\Dan\AppData\Roaming\skypePM
2009-07-22 21:53 . 2009-07-25 07:12 -------- d-----w- c:\users\Dan\AppData\Roaming\Skype
2009-07-22 08:57 . 2009-07-22 08:57 -------- d-----w- c:\users\Dan\AppData\Local\Opera
2009-07-22 08:26 . 2009-07-22 08:26 -------- d-----w- c:\users\Dan\AppData\Local\Mozilla
2009-07-22 08:20 . 2009-07-22 08:20 -------- d-----w- c:\users\Dan\AppData\Roaming\GHISLER
2009-07-22 08:06 . 2009-07-22 08:06 -------- d-----w- c:\users\Dan\AppData\Roaming\Talkback
2009-07-22 08:06 . 2009-07-22 08:06 -------- d-----w- c:\users\Dan\AppData\Local\Thunderbird
2009-07-22 08:06 . 2009-07-22 08:06 -------- d-----w- c:\users\Dan\AppData\Roaming\Thunderbird
2009-07-22 07:59 . 2009-07-22 07:59 116616 ----a-w- c:\users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-22 07:18 . 2009-07-22 07:18 -------- d-----w- c:\program files\EASEUS
2009-07-22 04:25 . 2008-04-26 22:14 58792 ----a-w- c:\windows\system32\wbload.dll
2009-07-22 04:25 . 2008-04-26 22:14 42672 ------w- c:\windows\system32\wbsys.dll
2009-07-22 02:25 . 2009-07-22 02:26 -------- d-----w- c:\program files\QuickTime
2009-07-22 02:25 . 2009-07-22 02:25 -------- d-----w- c:\programdata\Apple Computer
2009-07-22 02:24 . 2009-07-22 02:24 -------- d-----w- c:\program files\Apple Software Update
2009-07-22 02:24 . 2009-07-22 02:24 -------- d-----w- c:\programdata\Apple
2009-07-22 01:41 . 2009-07-22 01:41 -------- d-----w- c:\program files\Opera
2009-07-21 01:02 . 2009-07-21 01:02 -------- d-----w- c:\program files\Domain Tools
2009-07-20 05:45 . 2009-07-20 05:45 -------- d-----w- c:\programdata\Sony
2009-07-20 05:45 . 2009-07-20 06:23 -------- d-----w- c:\program files\Sony
2009-07-18 19:24 . 2009-07-18 19:28 -------- d-----w- c:\program files\ICQ6.5
2009-07-15 03:32 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 03:32 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 03:32 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 03:32 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 03:32 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 03:14 . 2009-07-15 03:16 -------- d-----w- c:\windows\system32\ca-ES
2009-07-15 03:14 . 2009-07-15 03:16 -------- d-----w- c:\windows\system32\eu-ES
2009-07-15 03:14 . 2009-07-15 03:16 -------- d-----w- c:\windows\system32\vi-VN
2009-07-15 02:12 . 2009-07-15 02:12 -------- d-----w- c:\windows\system32\EventProviders
2009-07-15 01:59 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-15 01:59 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-07-15 01:59 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-07-15 01:57 . 2009-04-11 06:28 677376 ----a-w- c:\windows\system32\imapi2fs.dll
2009-07-15 01:56 . 2009-04-11 06:32 3601896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-15 01:55 . 2009-04-11 06:28 120320 ----a-w- c:\windows\system32\EhStorAPI.dll
2009-07-15 01:54 . 2009-04-11 06:28 250368 ----a-w- c:\windows\system32\wevtapi.dll
2009-07-15 01:53 . 2009-04-11 06:28 378368 ----a-w- c:\windows\system32\devmgr.dll
2009-07-15 01:52 . 2009-04-11 06:32 53736 ----a-w- c:\windows\system32\drivers\disk.sys
2009-07-15 01:51 . 2009-04-11 06:28 58880 ----a-w- c:\windows\system32\iasacct.dll
2009-07-15 01:50 . 2009-04-11 06:28 88576 ----a-w- c:\windows\system32\olepro32.dll
2009-07-15 01:48 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-15 01:48 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-15 01:48 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-15 01:48 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-15 01:48 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-15 01:48 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-15 01:48 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-15 01:48 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-15 01:48 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-15 01:48 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-15 01:46 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-12 02:08 . 2009-07-15 05:20 -------- d---a-w- c:\program files\RQ Money
2009-07-06 15:31 . 2009-07-06 15:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-05 21:08 . 2008-10-30 18:57 3851784 ----a-w- c:\windows\d3dx9_39.dll
2009-07-05 21:05 . 2009-07-05 21:12 -------- d-----w- c:\program files\Braid
2009-07-05 20:55 . 2009-07-05 20:55 -------- d-----w- C:\inetpub
2009-07-05 07:45 . 2009-07-05 08:26 -------- d-----w- c:\programdata\AirportMania
2009-07-04 23:14 . 2009-07-04 23:14 -------- d-----w- c:\program files\ReflexiveArcade
2009-07-04 23:08 . 2009-07-04 23:08 -------- d-----w- c:\program files\Total Commander
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\UC.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\RAR.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\LHA.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\ARJ.PIF
2009-07-04 18:41 . 2009-07-04 18:41 -------- d-----w- c:\program files\Jabbim
2009-07-04 05:11 . 2009-07-04 05:11 -------- d-----w- c:\program files\BitTorrent
2009-07-02 01:42 . 2009-07-02 01:42 -------- d-----w- c:\program files\BumpTop

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 01:26 . 2007-01-08 21:10 665930 ----a-w- c:\windows\system32\perfh005.dat
2009-07-30 01:26 . 2007-01-08 21:10 143922 ----a-w- c:\windows\system32\perfc005.dat
2009-07-29 05:50 . 2007-01-22 16:28 1076 ----a-w- c:\windows\bthservsdp.dat
2009-07-25 06:36 . 2007-12-16 23:30 -------- d-----w- c:\programdata\Microsoft Help
2009-07-22 08:52 . 2007-12-16 23:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 03:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-15 03:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-15 02:51 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-01 02:42 . 2009-06-19 11:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-25 08:10 . 2009-06-25 08:10 -------- d-----w- c:\program files\Ext2Fsd
2009-06-21 16:08 . 2009-06-21 16:08 -------- d-----w- c:\program files\TeamViewer
2009-06-21 16:03 . 2009-06-21 16:03 -------- d-----w- c:\program files\Common Files\Skype
2009-06-21 16:03 . 2009-06-21 16:03 -------- d-----r- c:\program files\Skype
2009-06-21 16:03 . 2009-06-21 16:03 -------- d-----w- c:\programdata\Skype
2009-06-21 15:55 . 2009-06-21 15:53 -------- d-----w- c:\program files\UberIcon
2009-06-21 14:50 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-06-21 14:50 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-06-21 14:21 . 2009-06-21 11:53 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 11:52 . 2009-06-21 11:52 -------- d-----w- c:\program files\Microsoft.NET
2009-06-21 11:24 . 2007-12-16 23:34 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-21 09:08 . 2007-12-16 23:44 -------- d-----w- c:\programdata\Roxio
2009-06-21 08:46 . 2009-06-21 08:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-20 11:19 . 2009-06-20 11:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-06-20 11:11 . 2009-06-20 11:08 -------- d-----w- c:\program files\DIFX
2009-06-20 11:09 . 2009-06-20 11:08 -------- d-----w- c:\programdata\PC Suite
2009-06-20 11:08 . 2009-06-20 11:08 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-20 11:08 . 2009-06-20 11:08 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-20 11:08 . 2009-06-20 10:58 -------- d-----w- c:\program files\Nokia
2009-06-20 11:05 . 2009-06-20 11:05 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-20 11:03 . 2009-06-19 13:14 -------- d-----w- c:\program files\Google
2009-06-19 20:56 . 2009-06-19 20:56 -------- d-----w- c:\program files\LSI SoftModem
2009-06-19 15:01 . 2009-06-19 15:01 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-06-19 15:01 . 2009-06-19 15:01 272896 ----a-w- c:\windows\system32\polstore.dll
2009-06-19 15:00 . 2009-06-19 14:59 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-19 14:55 . 2009-06-19 14:55 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-19 14:34 . 2009-06-19 14:34 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-06-19 14:27 . 2009-06-19 14:27 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2009-06-19 14:26 . 2009-06-19 14:26 1965056 ----a-w- c:\windows\system32\NlsData0c1a.dll
2009-06-19 14:24 . 2009-06-19 14:24 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-06-19 14:20 . 2009-06-19 14:20 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-19 14:19 . 2009-06-19 14:19 37888 ----a-w- c:\windows\system32\printcom.dll
2009-06-19 14:15 . 2007-12-16 23:40 -------- d-----w- c:\programdata\Sonic
2009-06-19 13:47 . 2009-06-19 13:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-06-19 13:47 . 2009-06-19 13:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-19 13:47 . 2009-06-19 13:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-19 13:41 . 2007-12-16 23:57 -------- d-----w- c:\programdata\Symantec
2009-06-19 13:41 . 2007-12-16 23:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-19 13:31 . 2009-06-19 13:31 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-06-19 13:19 . 2009-06-19 13:19 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-19 13:14 . 2009-06-19 13:14 95232 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2009-06-19 13:14 . 2009-06-19 13:14 8192 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-19 13:14 . 2009-06-19 13:14 61440 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-19 13:14 . 2009-06-19 13:14 10240 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-19 13:14 . 2009-06-19 13:14 -------- d-----w- c:\programdata\Installations
2009-06-19 13:13 . 2009-06-19 13:13 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-06-19 13:12 . 2009-06-19 13:13 737280 ----a-w- c:\windows\iun6002.exe
2009-06-19 13:11 . 2009-06-19 13:10 -------- d-----w- c:\program files\VLC
2009-06-19 13:07 . 2009-06-19 13:06 -------- d-----w- c:\program files\AVSDVDPlayer
2009-06-19 13:07 . 2009-06-19 13:04 -------- d-----w- c:\program files\QIP Infium
2009-06-19 13:03 . 2009-06-19 13:03 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-06-19 13:03 . 2009-06-19 13:03 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-19 13:03 . 2009-06-19 13:03 -------- d-----w- c:\program files\JPEG Resampler
2009-06-19 13:02 . 2009-06-19 13:02 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-19 13:02 . 2009-06-19 13:02 -------- d-----w- c:\program files\IrfanView
2009-06-19 13:01 . 2009-06-19 13:01 -------- d-----w- c:\program files\MSXML 4.0
2009-06-19 12:59 . 2009-06-19 12:59 72704 ----a-w- c:\windows\system32\admparse.dll
2009-06-19 12:59 . 2009-06-19 12:59 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-06-19 12:58 . 2009-06-19 12:58 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-06-19 12:23 . 2009-06-19 12:23 -------- d-----w- c:\program files\ESET
2009-06-19 12:16 . 2009-06-19 13:18 34557984 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_cze_web.exe
2009-06-19 12:01 . 2009-06-19 12:01 -------- d-----w- c:\program files\7-Zip
2009-06-19 12:00 . 2009-06-19 12:00 -------- d-----w- c:\program files\CCleaner
2009-06-19 11:56 . 2009-06-19 11:56 0 ----a-w- c:\windows\nsreg.dat
2009-06-19 11:52 . 2009-06-19 11:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-19 11:51 . 2007-12-17 00:08 -------- d-----w- c:\program files\Java
2009-06-19 11:48 . 2009-06-19 11:48 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-19 11:48 . 2009-06-19 11:48 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-19 11:48 . 2009-06-19 11:48 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-19 11:48 . 2009-06-19 11:48 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-19 11:47 . 2009-06-19 11:47 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-19 11:47 . 2009-06-19 11:47 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-19 11:47 . 2009-06-19 11:47 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-19 11:47 . 2009-06-19 11:47 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-19 11:47 . 2009-06-19 11:47 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-19 11:42 . 2007-12-16 23:26 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-19 11:39 . 2009-06-19 11:39 -------- d-----w- c:\program files\WIDCOMM
2009-06-19 11:36 . 2009-06-19 11:36 -------- d-----w- c:\program files\Broadcom
2009-06-19 11:36 . 2009-06-19 11:36 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-06-19 11:36 . 2009-06-19 11:36 2895872 ----a-w- c:\windows\system32\bcmihvui.dll
2009-06-19 11:36 . 2009-06-19 11:36 3231744 ----a-w- c:\windows\system32\bcmihvsrv.dll
2009-06-19 11:36 . 2009-06-19 11:36 1044472 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2009-06-19 11:34 . 2009-06-19 11:34 -------- d-----w- c:\program files\Macrovision Corp
2009-06-19 11:30 . 2007-12-16 23:24 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-19 11:30 . 2009-06-19 11:30 0 --sha-r- c:\windows\system32\drivers\103C_HP_bNB_6720s_Y5336AN_0U_QCNU8031CCT_E452408-224_4A_I30D8_SHP_V83.0E_68MDU F.08_T071228_WV2-0_L405_M2039_J160_7Intel_86FD_91.73_#071217_N808610C4_(KE168ES#AKB)_XMOBILE_CN10_Z_2F.08_G80862A12;80862A13.MRK
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-07-18 16:05 . 2009-06-19 11:53 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-06-04 15:43 . 2009-06-19 21:10 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2007-12-17 07:25 . 2007-12-17 07:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 129560]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-19 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 08:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ProjectWhois.lnk]
path=c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ProjectWhois.lnk
backup=c:\windows\pss\ProjectWhois.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):75,e9,84,c9,fb,04,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FA71DF8F-A0C6-4277-BB75-6E307FB42F87}c:\\program files\\qip infium\\infium.exe"= UDP:c:\program files\qip infium\infium.exe:QIP Infium
"UDP Query User{A0ADEA5F-883C-4401-B6F0-CEDE12E4ED60}c:\\program files\\qip infium\\infium.exe"= TCP:c:\program files\qip infium\infium.exe:QIP Infium
"{B376D55A-13C8-4EFA-B3DF-28E299243695}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{40D99863-2F91-4787-9031-60712A4E939D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D14098C2-77FB-4F56-BC8D-BF6228E7E057}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{48FF822B-70C6-412B-89E3-CC8990EC014C}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{27154DA1-27BD-4C77-A980-5054E0665184}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{2BD40166-355F-440D-B5E5-FDA240ED5024}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4D56D006-0DCA-441F-82D4-21283D0A3CB1}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{2728D1E1-E787-4B70-9821-EBA52B7BDCDA}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{57E021D7-A480-4240-9DEC-B6160EB88D1D}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{C08BEFEA-AAAD-433C-B1A8-F8462A2EF99C}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{A2913077-F657-4D13-B5F2-EBD8BB1F4F8E}c:\\program files\\world of warcraft\\launcher.exe"= UDP:c:\program files\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{3004945B-B884-4203-B339-AEDE5E888D20}c:\\program files\\world of warcraft\\launcher.exe"= TCP:c:\program files\world of warcraft\launcher.exe:Blizzard Launcher
"{96C82F2C-97D6-4F6A-A715-978C25C2EFDC}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:Blizzard Downloader
"{B5FF9E27-CADF-4B6A-8B72-2D3A3F832510}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:Blizzard Downloader
"{A5316F42-E3B1-4914-9519-4344EFA0FC4C}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{44E083C9-00E6-436B-910E-654772E3C6D2}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= UDP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld
"UDP Query User{3A7BC161-0E89-4143-AA80-AF62BE6FE112}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= TCP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld
"TCP Query User{D330A96B-E76C-468E-AABC-F89A16B15E89}c:\\hearthstone\\hearthstone-logonserver.exe"= UDP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"UDP Query User{13E62792-224B-4478-BA36-C2D8B6231297}c:\\hearthstone\\hearthstone-logonserver.exe"= TCP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"TCP Query User{F4938649-8C1C-42DC-A92A-A653A2079DCA}c:\\hearthstone\\hearthstone-world.exe"= UDP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"UDP Query User{0003E724-1C4A-4CC5-A235-2A86BDB02475}c:\\hearthstone\\hearthstone-world.exe"= TCP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"TCP Query User{D99A53E1-F08C-4A31-BB73-8747A2D278C3}c:\\hearthstone\\hearthstone-logonserver.exe"= UDP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"UDP Query User{F64F8FBB-970A-409A-8A19-8EDAF3844968}c:\\hearthstone\\hearthstone-logonserver.exe"= TCP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"TCP Query User{F41F04BA-2CCA-49FF-B48C-63F6018C7372}c:\\hearthstone\\hearthstone-world.exe"= UDP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"UDP Query User{F2C909FE-4BCB-4C6D-953E-E1F37A75FF48}c:\\hearthstone\\hearthstone-world.exe"= TCP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"TCP Query User{35345FE5-E0E5-498F-8F49-039277B74176}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= UDP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld
"UDP Query User{51E90280-EBE9-4F21-B9FA-7EF595F6DA68}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= TCP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld
"{97151472-C97A-41E3-9589-EA44654CD4E9}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{43813EBD-DE6B-4B95-A550-2C78F70502B3}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 6:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [14.5.2009 6:49 94360]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\System32\drivers\ext2fsd.sys [25.6.2009 1:10 654480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 6:47 731840]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [16.12.2007 16:38 540448]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2.11.2006 3:25 167936]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [16.12.2007 16:50 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [8.6.2007 1:06 172131]
S4 gupdate1c9f1952808db60;Google Update Service (gupdate1c9f1952808db60);c:\program files\Google\Update\GoogleUpdate.exe [20.6.2009 3:52 133104]
S4 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [16.6.2009 1:48 185640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 10:51]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 10:51]

2009-07-30 c:\windows\Tasks\User_Feed_Synchronization-{BF622AD7-3CDF-4DC1-BC20-DAC935839F0E}.job
- c:\windows\system32\msfeedssync.exe [2009-06-21 07:33]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-WBSrv - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\r61bs8yg.default\
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 19:36
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Hearthstone/mysql/bin/mysqld.exe"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Hearthstone/mysql/bin/mysqld.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-07-30 19:39
ComboFix-quarantined-files.txt 2009-07-30 02:39

Před spuštěním: Volných bajtů: 77 903 626 240
Po spuštění: Volných bajtů: 77 653 065 728

422 --- E O F --- 2009-07-29 05:50

[jaro3]

cyberkočka

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\ezsidmv.dat
c:\windows\bthservsdp.dat
c:\windows\nsreg.dat

Folder::
c:\programdata\Symantec
c:\program files\Common Files\Symantec Shared

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Architegt]

Rád bych dodal že bych se rád zbavil věeho co se týká World of Warcraft, Blizzard, Hearstone, WoW a stím spojené MySQL ...

ComboFix 09-07-29.04 - Dan 30.07.2009 9:03.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2039.1173 [GMT -7:00]
Spuštěný z: c:\users\Dan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Dan\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\bthservsdp.dat"
"c:\windows\nsreg.dat"
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\programdata\Symantec
c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\latest-hub-webauth.sql\LHW.sql.bin
c:\programdata\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\programdata\Symantec\LiveUpdate\Settings.LiveUpdate
c:\windows\bthservsdp.dat
c:\windows\nsreg.dat
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-28 do 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 16:08 . 2009-07-30 16:08 -------- d-----w- c:\users\Dan\AppData\Local\temp
2009-07-30 03:04 . 2009-07-30 03:05 -------- d-----w- c:\users\Dan\AppData\Roaming\Jpeg Resampler
2009-07-30 02:48 . 2009-07-30 02:48 -------- d-----w- C:\rsit
2009-07-28 23:47 . 2009-07-28 23:47 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes
2009-07-28 23:47 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 23:47 . 2009-07-28 23:47 -------- d-----w- c:\programdata\Malwarebytes
2009-07-28 23:47 . 2009-07-28 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 23:47 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 23:19 . 2009-07-18 11:35 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-28 23:19 . 2009-07-18 16:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-28 03:25 . 2009-07-28 03:25 -------- d-----w- c:\program files\Trend Micro
2009-07-27 07:14 . 2009-07-27 07:15 -------- d-----w- c:\program files\Unlocker
2009-07-27 05:47 . 2009-07-27 05:53 -------- d-----w- c:\users\Dan\AppData\Roaming\BitTorrent
2009-07-25 06:33 . 2009-07-25 06:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-25 06:32 . 2009-07-25 06:32 -------- d-----w- c:\users\Dan\AppData\Local\Microsoft Help
2009-07-25 06:31 . 2009-07-25 06:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 06:30 . 2009-07-25 06:30 -------- d-----w- c:\program files\Microsoft
2009-07-25 06:00 . 2009-07-25 06:00 -------- d-----w- c:\users\Dan\AppData\Local\WindowsUpdate
2009-07-25 02:26 . 2009-07-25 02:27 -------- d-----w- c:\users\Dan\AppData\Local\Microsoft Games
2009-07-24 19:24 . 2009-07-30 04:03 -------- d-----w- c:\users\Dan\AppData\Roaming\Roxio
2009-07-23 03:17 . 2009-07-23 03:17 -------- d-----w- c:\programdata\Blizzard
2009-07-23 01:19 . 2009-01-20 19:52 31928 ----a-w- c:\windows\system32\rrMon.sys
2009-07-23 01:18 . 2009-07-23 01:20 -------- d-----w- c:\program files\Registrar Registry Manager
2009-07-22 21:56 . 2009-07-25 07:09 -------- d-----w- c:\users\Dan\AppData\Roaming\skypePM
2009-07-22 21:53 . 2009-07-25 07:12 -------- d-----w- c:\users\Dan\AppData\Roaming\Skype
2009-07-22 08:57 . 2009-07-22 08:57 -------- d-----w- c:\users\Dan\AppData\Local\Opera
2009-07-22 08:26 . 2009-07-22 08:26 -------- d-----w- c:\users\Dan\AppData\Local\Mozilla
2009-07-22 08:20 . 2009-07-22 08:20 -------- d-----w- c:\users\Dan\AppData\Roaming\GHISLER
2009-07-22 08:06 . 2009-07-22 08:06 -------- d-----w- c:\users\Dan\AppData\Roaming\Talkback
2009-07-22 08:06 . 2009-07-22 08:06 -------- d-----w- c:\users\Dan\AppData\Local\Thunderbird
2009-07-22 08:06 . 2009-07-22 08:06 -------- d-----w- c:\users\Dan\AppData\Roaming\Thunderbird
2009-07-22 07:59 . 2009-07-22 07:59 116616 ----a-w- c:\users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-22 07:18 . 2009-07-22 07:18 -------- d-----w- c:\program files\EASEUS
2009-07-22 04:25 . 2008-04-26 22:14 58792 ----a-w- c:\windows\system32\wbload.dll
2009-07-22 04:25 . 2008-04-26 22:14 42672 ------w- c:\windows\system32\wbsys.dll
2009-07-22 02:25 . 2009-07-22 02:26 -------- d-----w- c:\program files\QuickTime
2009-07-22 02:25 . 2009-07-22 02:25 -------- d-----w- c:\programdata\Apple Computer
2009-07-22 02:24 . 2009-07-22 02:24 -------- d-----w- c:\program files\Apple Software Update
2009-07-22 02:24 . 2009-07-22 02:24 -------- d-----w- c:\programdata\Apple
2009-07-22 01:41 . 2009-07-22 01:41 -------- d-----w- c:\program files\Opera
2009-07-21 01:02 . 2009-07-21 01:02 -------- d-----w- c:\program files\Domain Tools
2009-07-20 05:45 . 2009-07-20 05:45 -------- d-----w- c:\programdata\Sony
2009-07-20 05:45 . 2009-07-20 06:23 -------- d-----w- c:\program files\Sony
2009-07-18 19:24 . 2009-07-18 19:28 -------- d-----w- c:\program files\ICQ6.5
2009-07-15 03:32 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 03:32 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 03:32 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 03:32 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 03:32 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 03:14 . 2009-07-15 03:16 -------- d-----w- c:\windows\system32\ca-ES
2009-07-15 03:14 . 2009-07-15 03:16 -------- d-----w- c:\windows\system32\eu-ES
2009-07-15 03:14 . 2009-07-15 03:16 -------- d-----w- c:\windows\system32\vi-VN
2009-07-15 02:12 . 2009-07-15 02:12 -------- d-----w- c:\windows\system32\EventProviders
2009-07-15 01:59 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-15 01:59 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-07-15 01:59 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-07-15 01:57 . 2009-04-11 06:28 677376 ----a-w- c:\windows\system32\imapi2fs.dll
2009-07-15 01:56 . 2009-04-11 06:32 3601896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-15 01:55 . 2009-04-11 06:28 120320 ----a-w- c:\windows\system32\EhStorAPI.dll
2009-07-15 01:54 . 2009-04-11 06:28 250368 ----a-w- c:\windows\system32\wevtapi.dll
2009-07-15 01:53 . 2009-04-11 06:28 378368 ----a-w- c:\windows\system32\devmgr.dll
2009-07-15 01:52 . 2009-04-11 06:32 53736 ----a-w- c:\windows\system32\drivers\disk.sys
2009-07-15 01:51 . 2009-04-11 06:28 58880 ----a-w- c:\windows\system32\iasacct.dll
2009-07-15 01:50 . 2009-04-11 06:28 88576 ----a-w- c:\windows\system32\olepro32.dll
2009-07-15 01:48 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-15 01:48 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-15 01:48 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-15 01:48 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-15 01:48 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-15 01:48 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-15 01:48 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-15 01:48 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-15 01:48 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-15 01:48 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-15 01:46 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-12 02:08 . 2009-07-15 05:20 -------- d---a-w- c:\program files\RQ Money
2009-07-05 21:08 . 2008-10-30 18:57 3851784 ----a-w- c:\windows\d3dx9_39.dll
2009-07-05 21:05 . 2009-07-05 21:12 -------- d-----w- c:\program files\Braid
2009-07-05 20:55 . 2009-07-05 20:55 -------- d-----w- C:\inetpub
2009-07-05 07:45 . 2009-07-05 08:26 -------- d-----w- c:\programdata\AirportMania
2009-07-04 23:14 . 2009-07-04 23:14 -------- d-----w- c:\program files\ReflexiveArcade
2009-07-04 23:08 . 2009-07-04 23:08 -------- d-----w- c:\program files\Total Commander
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\UC.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\RAR.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\LHA.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\ARJ.PIF
2009-07-04 18:41 . 2009-07-04 18:41 -------- d-----w- c:\program files\Jabbim
2009-07-04 05:11 . 2009-07-04 05:11 -------- d-----w- c:\program files\BitTorrent
2009-07-02 01:42 . 2009-07-02 01:42 -------- d-----w- c:\program files\BumpTop

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 15:27 . 2007-01-08 21:10 665930 ----a-w- c:\windows\system32\perfh005.dat
2009-07-30 15:27 . 2007-01-08 21:10 143922 ----a-w- c:\windows\system32\perfc005.dat
2009-07-25 06:36 . 2007-12-16 23:30 -------- d-----w- c:\programdata\Microsoft Help
2009-07-22 08:52 . 2007-12-16 23:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 03:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-15 03:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-15 02:51 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-01 02:42 . 2009-06-19 11:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-25 08:10 . 2009-06-25 08:10 -------- d-----w- c:\program files\Ext2Fsd
2009-06-21 16:08 . 2009-06-21 16:08 -------- d-----w- c:\program files\TeamViewer
2009-06-21 16:03 . 2009-06-21 16:03 -------- d-----w- c:\program files\Common Files\Skype
2009-06-21 16:03 . 2009-06-21 16:03 -------- d-----r- c:\program files\Skype
2009-06-21 16:03 . 2009-06-21 16:03 -------- d-----w- c:\programdata\Skype
2009-06-21 15:55 . 2009-06-21 15:53 -------- d-----w- c:\program files\UberIcon
2009-06-21 14:50 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-06-21 14:50 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-06-21 14:21 . 2009-06-21 11:53 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 11:52 . 2009-06-21 11:52 -------- d-----w- c:\program files\Microsoft.NET
2009-06-21 11:24 . 2007-12-16 23:34 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-21 09:08 . 2007-12-16 23:44 -------- d-----w- c:\programdata\Roxio
2009-06-21 08:46 . 2009-06-21 08:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-20 11:19 . 2009-06-20 11:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-06-20 11:11 . 2009-06-20 11:08 -------- d-----w- c:\program files\DIFX
2009-06-20 11:09 . 2009-06-20 11:08 -------- d-----w- c:\programdata\PC Suite
2009-06-20 11:08 . 2009-06-20 11:08 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-20 11:08 . 2009-06-20 11:08 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-20 11:08 . 2009-06-20 10:58 -------- d-----w- c:\program files\Nokia
2009-06-20 11:05 . 2009-06-20 11:05 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-20 11:03 . 2009-06-19 13:14 -------- d-----w- c:\program files\Google
2009-06-19 20:56 . 2009-06-19 20:56 -------- d-----w- c:\program files\LSI SoftModem
2009-06-19 15:01 . 2009-06-19 15:01 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-06-19 15:01 . 2009-06-19 15:01 272896 ----a-w- c:\windows\system32\polstore.dll
2009-06-19 15:00 . 2009-06-19 14:59 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-19 14:55 . 2009-06-19 14:55 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-19 14:34 . 2009-06-19 14:34 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-06-19 14:27 . 2009-06-19 14:27 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2009-06-19 14:26 . 2009-06-19 14:26 1965056 ----a-w- c:\windows\system32\NlsData0c1a.dll
2009-06-19 14:24 . 2009-06-19 14:24 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-06-19 14:20 . 2009-06-19 14:20 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-19 14:19 . 2009-06-19 14:19 37888 ----a-w- c:\windows\system32\printcom.dll
2009-06-19 14:15 . 2007-12-16 23:40 -------- d-----w- c:\programdata\Sonic
2009-06-19 13:47 . 2009-06-19 13:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-06-19 13:47 . 2009-06-19 13:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-19 13:47 . 2009-06-19 13:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-19 13:31 . 2009-06-19 13:31 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-06-19 13:19 . 2009-06-19 13:19 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-19 13:14 . 2009-06-19 13:14 95232 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2009-06-19 13:14 . 2009-06-19 13:14 8192 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-19 13:14 . 2009-06-19 13:14 61440 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-19 13:14 . 2009-06-19 13:14 10240 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-19 13:14 . 2009-06-19 13:14 -------- d-----w- c:\programdata\Installations
2009-06-19 13:13 . 2009-06-19 13:13 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-06-19 13:12 . 2009-06-19 13:13 737280 ----a-w- c:\windows\iun6002.exe
2009-06-19 13:11 . 2009-06-19 13:10 -------- d-----w- c:\program files\VLC
2009-06-19 13:07 . 2009-06-19 13:06 -------- d-----w- c:\program files\AVSDVDPlayer
2009-06-19 13:07 . 2009-06-19 13:04 -------- d-----w- c:\program files\QIP Infium
2009-06-19 13:03 . 2009-06-19 13:03 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-06-19 13:03 . 2009-06-19 13:03 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-19 13:03 . 2009-06-19 13:03 -------- d-----w- c:\program files\JPEG Resampler
2009-06-19 13:02 . 2009-06-19 13:02 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-19 13:02 . 2009-06-19 13:02 -------- d-----w- c:\program files\IrfanView
2009-06-19 13:01 . 2009-06-19 13:01 -------- d-----w- c:\program files\MSXML 4.0
2009-06-19 12:59 . 2009-06-19 12:59 72704 ----a-w- c:\windows\system32\admparse.dll
2009-06-19 12:59 . 2009-06-19 12:59 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-06-19 12:58 . 2009-06-19 12:58 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-06-19 12:23 . 2009-06-19 12:23 -------- d-----w- c:\program files\ESET
2009-06-19 12:16 . 2009-06-19 13:18 34557984 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_cze_web.exe
2009-06-19 12:01 . 2009-06-19 12:01 -------- d-----w- c:\program files\7-Zip
2009-06-19 12:00 . 2009-06-19 12:00 -------- d-----w- c:\program files\CCleaner
2009-06-19 11:52 . 2009-06-19 11:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-19 11:51 . 2007-12-17 00:08 -------- d-----w- c:\program files\Java
2009-06-19 11:48 . 2009-06-19 11:48 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-19 11:48 . 2009-06-19 11:48 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-19 11:48 . 2009-06-19 11:48 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-19 11:48 . 2009-06-19 11:48 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-19 11:47 . 2009-06-19 11:47 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-19 11:47 . 2009-06-19 11:47 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-19 11:47 . 2009-06-19 11:47 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-19 11:47 . 2009-06-19 11:47 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-19 11:47 . 2009-06-19 11:47 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-19 11:42 . 2007-12-16 23:26 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-19 11:39 . 2009-06-19 11:39 -------- d-----w- c:\program files\WIDCOMM
2009-06-19 11:36 . 2009-06-19 11:36 -------- d-----w- c:\program files\Broadcom
2009-06-19 11:36 . 2009-06-19 11:36 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-06-19 11:36 . 2009-06-19 11:36 2895872 ----a-w- c:\windows\system32\bcmihvui.dll
2009-06-19 11:36 . 2009-06-19 11:36 3231744 ----a-w- c:\windows\system32\bcmihvsrv.dll
2009-06-19 11:36 . 2009-06-19 11:36 1044472 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2009-06-19 11:34 . 2009-06-19 11:34 -------- d-----w- c:\program files\Macrovision Corp
2009-06-19 11:30 . 2007-12-16 23:24 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-19 11:30 . 2009-06-19 11:30 0 --sha-r- c:\windows\system32\drivers\103C_HP_bNB_6720s_Y5336AN_0U_QCNU8031CCT_E452408-224_4A_I30D8_SHP_V83.0E_68MDU F.08_T071228_WV2-0_L405_M2039_J160_7Intel_86FD_91.73_#071217_N808610C4_(KE168ES#AKB)_XMOBILE_CN10_Z_2F.08_G80862A12;80862A13.MRK
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-11 10:47 . 2009-05-11 10:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-07-15 21:16 . 2009-06-19 11:53 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-06-04 15:43 . 2009-06-19 21:10 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2007-12-17 07:25 . 2007-12-17 07:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-07-30_02.36.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-16 23:03 . 2009-07-30 15:22 47774 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-07-30 15:22 82892 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-19 11:44 . 2009-07-30 15:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-19 11:44 . 2009-07-30 01:41 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-19 11:44 . 2009-07-30 01:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-19 11:44 . 2009-07-30 15:59 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-19 11:44 . 2009-07-30 01:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-19 11:44 . 2009-07-30 15:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-22 08:30 . 2009-07-30 15:22 4096 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1491950412-2009852829-4049741679-1008_UserData.bin
- 2009-07-30 01:21 . 2009-07-30 01:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-30 15:20 . 2009-07-30 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-30 15:20 . 2009-07-30 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-30 01:21 . 2009-07-30 01:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-22 08:28 . 2009-07-30 05:05 291056 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-07-30 15:27 653024 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-30 15:27 123992 c:\windows\System32\perfc009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 129560]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-19 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 08:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ProjectWhois.lnk]
path=c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ProjectWhois.lnk
backup=c:\windows\pss\ProjectWhois.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):75,e9,84,c9,fb,04,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FA71DF8F-A0C6-4277-BB75-6E307FB42F87}c:\\program files\\qip infium\\infium.exe"= UDP:c:\program files\qip infium\infium.exe:QIP Infium
"UDP Query User{A0ADEA5F-883C-4401-B6F0-CEDE12E4ED60}c:\\program files\\qip infium\\infium.exe"= TCP:c:\program files\qip infium\infium.exe:QIP Infium
"{B376D55A-13C8-4EFA-B3DF-28E299243695}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{40D99863-2F91-4787-9031-60712A4E939D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D14098C2-77FB-4F56-BC8D-BF6228E7E057}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{48FF822B-70C6-412B-89E3-CC8990EC014C}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{27154DA1-27BD-4C77-A980-5054E0665184}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{2BD40166-355F-440D-B5E5-FDA240ED5024}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4D56D006-0DCA-441F-82D4-21283D0A3CB1}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{2728D1E1-E787-4B70-9821-EBA52B7BDCDA}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{57E021D7-A480-4240-9DEC-B6160EB88D1D}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{C08BEFEA-AAAD-433C-B1A8-F8462A2EF99C}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{A2913077-F657-4D13-B5F2-EBD8BB1F4F8E}c:\\program files\\world of warcraft\\launcher.exe"= UDP:c:\program files\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{3004945B-B884-4203-B339-AEDE5E888D20}c:\\program files\\world of warcraft\\launcher.exe"= TCP:c:\program files\world of warcraft\launcher.exe:Blizzard Launcher
"{96C82F2C-97D6-4F6A-A715-978C25C2EFDC}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:Blizzard Downloader
"{B5FF9E27-CADF-4B6A-8B72-2D3A3F832510}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:Blizzard Downloader
"{A5316F42-E3B1-4914-9519-4344EFA0FC4C}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{44E083C9-00E6-436B-910E-654772E3C6D2}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= UDP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld
"UDP Query User{3A7BC161-0E89-4143-AA80-AF62BE6FE112}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= TCP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld
"TCP Query User{D330A96B-E76C-468E-AABC-F89A16B15E89}c:\\hearthstone\\hearthstone-logonserver.exe"= UDP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"UDP Query User{13E62792-224B-4478-BA36-C2D8B6231297}c:\\hearthstone\\hearthstone-logonserver.exe"= TCP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"TCP Query User{F4938649-8C1C-42DC-A92A-A653A2079DCA}c:\\hearthstone\\hearthstone-world.exe"= UDP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"UDP Query User{0003E724-1C4A-4CC5-A235-2A86BDB02475}c:\\hearthstone\\hearthstone-world.exe"= TCP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"TCP Query User{D99A53E1-F08C-4A31-BB73-8747A2D278C3}c:\\hearthstone\\hearthstone-logonserver.exe"= UDP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"UDP Query User{F64F8FBB-970A-409A-8A19-8EDAF3844968}c:\\hearthstone\\hearthstone-logonserver.exe"= TCP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"TCP Query User{F41F04BA-2CCA-49FF-B48C-63F6018C7372}c:\\hearthstone\\hearthstone-world.exe"= UDP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"UDP Query User{F2C909FE-4BCB-4C6D-953E-E1F37A75FF48}c:\\hearthstone\\hearthstone-world.exe"= TCP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"TCP Query User{35345FE5-E0E5-498F-8F49-039277B74176}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= UDP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld
"UDP Query User{51E90280-EBE9-4F21-B9FA-7EF595F6DA68}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= TCP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld
"{97151472-C97A-41E3-9589-EA44654CD4E9}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{43813EBD-DE6B-4B95-A550-2C78F70502B3}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 6:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [14.5.2009 6:49 94360]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\System32\drivers\ext2fsd.sys [25.6.2009 1:10 654480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 6:47 731840]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [16.12.2007 16:38 540448]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2.11.2006 3:25 167936]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [16.12.2007 16:50 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [8.6.2007 1:06 172131]
S4 gupdate1c9f1952808db60;Google Update Service (gupdate1c9f1952808db60);c:\program files\Google\Update\GoogleUpdate.exe [20.6.2009 3:52 133104]
S4 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [16.6.2009 1:48 185640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 10:51]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 10:51]

2009-07-30 c:\windows\Tasks\User_Feed_Synchronization-{BF622AD7-3CDF-4DC1-BC20-DAC935839F0E}.job
- c:\windows\system32\msfeedssync.exe [2009-06-21 07:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\r61bs8yg.default\
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 09:08
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Hearthstone/mysql/bin/mysqld.exe"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Hearthstone/mysql/bin/mysqld.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-07-30 9:11
ComboFix-quarantined-files.txt 2009-07-30 16:11
ComboFix2.txt 2009-07-30 02:39

Před spuštěním: Volných bajtů: 77 266 845 696
Po spuštění: Volných bajtů: 77 259 067 392

444 --- E O F --- 2009-07-29 05:50





---------------------------------------------------------------......................................................................--------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:13, on 29.7.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dan\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O1 - Hosts: ::1 localhost
O2 - BHO: BTShellFolder Class - {7418E5F5-0E48-4144-8F92-5CA791C82396} - C:\Program Files\BumpTop\BTShExt.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BTBho Class - {DE713078-8012-4B75-92BA-398D4642A64B} - C:\Program Files\BumpTop\BTShExt.dll
O3 - Toolbar: BumpTop Explorer Bar - {32CA105A-BD6C-4AFC-B4D9-346262E9F483} - C:\Program Files\BumpTop\BTShExt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - C:\Program Files\BumpTop\BTShExt.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 6987 bytes

[jaro3]

World of Warcraft, Blizzard, Hearstone, WoW a stím spojené MySQL --zkoušel si odinstalovat?
Někde by měli být odinstalátory, já to můžu udělat smazáním , jen co vidím v logu CF a nevím , jestli je to to pravé ořechové...

[Architegt]

Všechno je odinstalované, smazané, zrušené, zničené...
Smazat všechno do jednoho... WoW (blizzard) v NB nechci, měl ho pujčenej kamarád a jak jsem ho dostal z5 tam bylo tohle. Takže jsem vymazal vše co šlo (a věděl jsem o tom že to nebude mít následky) . WoW šlo hladce, heartstone byla jen složka s nějakými přídavky k wow serveru jestli jsem to pochopil správně, problém byl s MySQL protože tam stále byla zaplá služba která bránila smazání, tak to šlo přes unlocker... Tak i tak mam v registrech furt stopy po blizzard atp. Takže co jde, smazat, i kdyby to měl být menší risk. MySQL nějak souvisí se složkou hearstone a hearstone souvisí s WOW. Vysvětloval mi že dělal svuj wow server.

Kód: Vybrat vše

"TCP Query User{A2913077-F657-4D13-B5F2-EBD8BB1F4F8E}c:\\program files\\world of warcraft\\launcher.exe"= UDP:c:\program files\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{3004945B-B884-4203-B339-AEDE5E888D20}c:\\program files\\world of warcraft\\launcher.exe"= TCP:c:\program files\world of warcraft\launcher.exe:Blizzard Launcher
"{96C82F2C-97D6-4F6A-A715-978C25C2EFDC}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:Blizzard Downloader
"{B5FF9E27-CADF-4B6A-8B72-2D3A3F832510}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:Blizzard Downloader
"{A5316F42-E3B1-4914-9519-4344EFA0FC4C}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{44E083C9-00E6-436B-910E-654772E3C6D2}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= UDP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld
"UDP Query User{3A7BC161-0E89-4143-AA80-AF62BE6FE112}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= TCP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld
"TCP Query User{D330A96B-E76C-468E-AABC-F89A16B15E89}c:\\hearthstone\\hearthstone-logonserver.exe"= UDP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"UDP Query User{13E62792-224B-4478-BA36-C2D8B6231297}c:\\hearthstone\\hearthstone-logonserver.exe"= TCP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"TCP Query User{F4938649-8C1C-42DC-A92A-A653A2079DCA}c:\\hearthstone\\hearthstone-world.exe"= UDP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"UDP Query User{0003E724-1C4A-4CC5-A235-2A86BDB02475}c:\\hearthstone\\hearthstone-world.exe"= TCP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"TCP Query User{D99A53E1-F08C-4A31-BB73-8747A2D278C3}c:\\hearthstone\\hearthstone-logonserver.exe"= UDP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"UDP Query User{F64F8FBB-970A-409A-8A19-8EDAF3844968}c:\\hearthstone\\hearthstone-logonserver.exe"= TCP:c:\hearthstone\hearthstone-logonserver.exe:hearthstone-logonserver
"TCP Query User{F41F04BA-2CCA-49FF-B48C-63F6018C7372}c:\\hearthstone\\hearthstone-world.exe"= UDP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"UDP Query User{F2C909FE-4BCB-4C6D-953E-E1F37A75FF48}c:\\hearthstone\\hearthstone-world.exe"= TCP:c:\hearthstone\hearthstone-world.exe:hearthstone-world
"TCP Query User{35345FE5-E0E5-498F-8F49-039277B74176}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= UDP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld
"UDP Query User{51E90280-EBE9-4F21-B9FA-7EF595F6DA68}c:\\hearthstone\\mysql\\bin\\mysqld.exe"= TCP:c:\hearthstone\mysql\bin\mysqld.exe:mysqld

Nemam poneti co je TCP UDP atp, ale C:\hearstone už neexistuje, wow nemam, nechci, - mysql to same. Planuju se s databazi ucit ale prvne poradek

Edit: Jak jsem psal, logum moc nerozumim ale kdyz se snazim pouzit logiku a dopracovat se k tomu co je mysleno pod "spoustecim bodem v registru" , tak mi vyplývá že když už tam nikdy ten humus nechci tka tam nemusim mit nejakej luncher.exe atp... Vymítit

[jaro3]

TCP
http://cs.wikipedia.org/wiki/TCP

UDP
http://cs.wikipedia.org/wiki/UDP
To co jsi dával do code jsou pravidla pro firewall (vyjímky).

Tak to dáme pryč, co jsem našel …
možná je tam toho víc, na to by bylo potřeba programy DDS nebo spíše OTLisIt..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\programdata\Blizzard
c:\program files\DAEMON Tools Toolbar

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{A2913077-F657-4D13-B5F2-EBD8BB1F4F8E}c:\\program files\\world of warcraft\\launcher.exe"=-
"UDP Query User{3004945B-B884-4203-B339-AEDE5E888D20}c:\\program files\\world of warcraft\\launcher.exe"=-
"{96C82F2C-97D6-4F6A-A715-978C25C2EFDC}"=-
"{B5FF9E27-CADF-4B6A-8B72-2D3A3F832510}"=-
"{A5316F42-E3B1-4914-9519-4344EFA0FC4C}"=-
"TCP Query User{44E083C9-00E6-436B-910E-654772E3C6D2}c:\\hearthstone\\mysql\\bin\\mysqld.exe"=-
"UDP Query User{3A7BC161-0E89-4143-AA80-AF62BE6FE112}c:\\hearthstone\\mysql\\bin\\mysqld.exe"=-
"TCP Query User{D330A96B-E76C-468E-AABC-F89A16B15E89}c:\\hearthstone\\hearthstone-logonserver.exe"=-
"UDP Query User{13E62792-224B-4478-BA36-C2D8B6231297}c:\\hearthstone\\hearthstone-logonserver.exe"=-
"TCP Query User{F4938649-8C1C-42DC-A92A-A653A2079DCA}c:\\hearthstone\\hearthstone-world.exe"=-
"UDP Query User{0003E724-1C4A-4CC5-A235-2A86BDB02475}c:\\hearthstone\\hearthstone-world.exe"=-
"TCP Query User{D99A53E1-F08C-4A31-BB73-8747A2D278C3}c:\\hearthstone\\hearthstone-logonserver.exe"=-
"UDP Query User{F64F8FBB-970A-409A-8A19-8EDAF3844968}c:\\hearthstone\\hearthstone-logonserver.exe"=-
"TCP Query User{F41F04BA-2CCA-49FF-B48C-63F6018C7372}c:\\hearthstone\\hearthstone-world.exe"=-
"UDP Query User{F2C909FE-4BCB-4C6D-953E-E1F37A75FF48}c:\\hearthstone\\hearthstone-world.exe"=-
"TCP Query User{35345FE5-E0E5-498F-8F49-039277B74176}c:\\hearthstone\\mysql\\bin\\mysqld.exe"=-
"UDP Query User{51E90280-EBE9-4F21-B9FA-7EF595F6DA68}c:\\hearthstone\\mysql\\bin\\mysqld.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Architegt]

Jen připomínám že u ESETu mám vyplou rezidentní ochranu(i spyware) když to scanuju... I tak Cf hlásí že je zaplej, ale předpokládám, že to nedělá problémy.
Jestli je potřeba dostahovat nevý odvšivovače není problém. Myslím to DDS nebo OTl.

ComboFix 09-07-29.04 - Dan 31.07.2009 10:34.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2039.1190 [GMT -7:00]
Spuštěný z: c:\users\Dan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Dan\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\programdata\Blizzard
c:\programdata\Blizzard\InstallerReplacements\InstallerReplacement.log

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-28 do 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-31 17:42 . 2009-07-31 17:45 -------- d-----w- c:\users\Dan\AppData\Local\temp
2009-07-31 02:40 . 2009-07-31 02:40 -------- d-----w- c:\users\Dan\METART - Kristzy A - Gerin
2009-07-31 02:39 . 2009-07-31 02:39 -------- d-----w- c:\users\Dan\MET-ART_vad_116_lores
2009-07-30 03:04 . 2009-07-30 03:05 -------- d-----w- c:\users\Dan\AppData\Roaming\Jpeg Resampler
2009-07-30 02:48 . 2009-07-30 02:48 -------- d-----w- C:\rsit
2009-07-28 23:47 . 2009-07-28 23:47 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes
2009-07-28 23:47 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 23:47 . 2009-07-28 23:47 -------- d-----w- c:\programdata\Malwarebytes
2009-07-28 23:47 . 2009-07-28 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 23:47 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 23:19 . 2009-07-18 11:35 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-28 23:19 . 2009-07-18 16:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-28 03:25 . 2009-07-28 03:25 -------- d-----w- c:\program files\Trend Micro
2009-07-27 07:14 . 2009-07-27 07:15 -------- d-----w- c:\program files\Unlocker
2009-07-27 05:47 . 2009-07-27 05:53 -------- d-----w- c:\users\Dan\AppData\Roaming\BitTorrent
2009-07-25 06:33 . 2009-07-25 06:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-25 06:32 . 2009-07-25 06:32 -------- d-----w- c:\users\Dan\AppData\Local\Microsoft Help
2009-07-25 06:31 . 2009-07-31 16:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 06:30 . 2009-07-25 06:30 -------- d-----w- c:\program files\Microsoft
2009-07-25 06:00 . 2009-07-25 06:00 -------- d-----w- c:\users\Dan\AppData\Local\WindowsUpdate
2009-07-25 02:26 . 2009-07-25 02:27 -------- d-----w- c:\users\Dan\AppData\Local\Microsoft Games
2009-07-24 19:24 . 2009-07-30 04:03 -------- d-----w- c:\users\Dan\AppData\Roaming\Roxio
2009-07-23 01:19 . 2009-01-20 19:52 31928 ----a-w- c:\windows\system32\rrMon.sys
2009-07-23 01:18 . 2009-07-23 01:20 -------- d-----w- c:\program files\Registrar Registry Manager
2009-07-22 21:56 . 2009-07-25 07:09 -------- d-----w- c:\users\Dan\AppData\Roaming\skypePM
2009-07-22 21:53 . 2009-07-25 07:12 -------- d-----w- c:\users\Dan\AppData\Roaming\Skype
2009-07-22 08:57 . 2009-07-22 08:57 -------- d-----w- c:\users\Dan\AppData\Local\Opera
2009-07-22 08:26 . 2009-07-22 08:26 -------- d-----w- c:\users\Dan\AppData\Local\Mozilla
2009-07-22 08:20 . 2009-07-22 08:20 -------- d-----w- c:\users\Dan\AppData\Roaming\GHISLER
2009-07-22 08:06 . 2009-07-22 08:06 -------- d-----w- c:\users\Dan\AppData\Roaming\Talkback
2009-07-22 08:06 . 2009-07-22 08:06 -------- d-----w- c:\users\Dan\AppData\Local\Thunderbird
2009-07-22 08:06 . 2009-07-22 08:06 -------- d-----w- c:\users\Dan\AppData\Roaming\Thunderbird
2009-07-22 07:59 . 2009-07-22 07:59 116616 ----a-w- c:\users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-22 07:18 . 2009-07-22 07:18 -------- d-----w- c:\program files\EASEUS
2009-07-22 04:25 . 2008-04-26 22:14 58792 ----a-w- c:\windows\system32\wbload.dll
2009-07-22 04:25 . 2008-04-26 22:14 42672 ------w- c:\windows\system32\wbsys.dll
2009-07-22 02:25 . 2009-07-22 02:26 -------- d-----w- c:\program files\QuickTime
2009-07-22 02:25 . 2009-07-22 02:25 -------- d-----w- c:\programdata\Apple Computer
2009-07-22 02:24 . 2009-07-22 02:24 -------- d-----w- c:\program files\Apple Software Update
2009-07-22 02:24 . 2009-07-22 02:24 -------- d-----w- c:\programdata\Apple
2009-07-22 01:41 . 2009-07-22 01:41 -------- d-----w- c:\program files\Opera
2009-07-21 01:02 . 2009-07-21 01:02 -------- d-----w- c:\program files\Domain Tools
2009-07-20 05:45 . 2009-07-20 05:45 -------- d-----w- c:\programdata\Sony
2009-07-20 05:45 . 2009-07-20 06:23 -------- d-----w- c:\program files\Sony
2009-07-18 19:24 . 2009-07-18 19:28 -------- d-----w- c:\program files\ICQ6.5
2009-07-15 03:32 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 03:32 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 03:32 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 03:32 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 03:32 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 03:14 . 2009-07-15 03:16 -------- d-----w- c:\windows\system32\ca-ES
2009-07-15 03:14 . 2009-07-15 03:16 -------- d-----w- c:\windows\system32\eu-ES
2009-07-15 03:14 . 2009-07-15 03:16 -------- d-----w- c:\windows\system32\vi-VN
2009-07-15 02:12 . 2009-07-15 02:12 -------- d-----w- c:\windows\system32\EventProviders
2009-07-15 01:59 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-15 01:59 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-07-15 01:59 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-07-15 01:57 . 2009-04-11 06:28 677376 ----a-w- c:\windows\system32\imapi2fs.dll
2009-07-15 01:56 . 2009-04-11 06:32 3601896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-15 01:55 . 2009-04-11 06:28 120320 ----a-w- c:\windows\system32\EhStorAPI.dll
2009-07-15 01:54 . 2009-04-11 06:28 250368 ----a-w- c:\windows\system32\wevtapi.dll
2009-07-15 01:53 . 2009-04-11 06:28 378368 ----a-w- c:\windows\system32\devmgr.dll
2009-07-15 01:52 . 2009-04-11 06:32 53736 ----a-w- c:\windows\system32\drivers\disk.sys
2009-07-15 01:51 . 2009-04-11 06:28 58880 ----a-w- c:\windows\system32\iasacct.dll
2009-07-15 01:50 . 2009-04-11 06:28 88576 ----a-w- c:\windows\system32\olepro32.dll
2009-07-15 01:48 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-15 01:48 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-15 01:48 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-15 01:48 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-15 01:48 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-15 01:48 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-15 01:48 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-15 01:48 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-15 01:48 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-15 01:48 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-15 01:46 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-12 02:08 . 2009-07-15 05:20 -------- d---a-w- c:\program files\RQ Money
2009-07-05 21:08 . 2008-10-30 18:57 3851784 ----a-w- c:\windows\d3dx9_39.dll
2009-07-05 21:05 . 2009-07-05 21:12 -------- d-----w- c:\program files\Braid
2009-07-05 20:55 . 2009-07-05 20:55 -------- d-----w- C:\inetpub
2009-07-05 07:45 . 2009-07-05 08:26 -------- d-----w- c:\programdata\AirportMania
2009-07-04 23:14 . 2009-07-04 23:14 -------- d-----w- c:\program files\ReflexiveArcade
2009-07-04 23:08 . 2009-07-04 23:08 -------- d-----w- c:\program files\Total Commander
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\UC.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\RAR.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\LHA.PIF
2009-07-04 23:08 . 2008-08-08 14:04 545 ----a-w- c:\windows\ARJ.PIF
2009-07-04 18:41 . 2009-07-04 18:41 -------- d-----w- c:\program files\Jabbim
2009-07-04 05:11 . 2009-07-04 05:11 -------- d-----w- c:\program files\BitTorrent
2009-07-02 01:42 . 2009-07-02 01:42 -------- d-----w- c:\program files\BumpTop

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 16:37 . 2007-01-08 21:10 665930 ----a-w- c:\windows\system32\perfh005.dat
2009-07-31 16:37 . 2007-01-08 21:10 143922 ----a-w- c:\windows\system32\perfc005.dat
2009-07-25 06:36 . 2007-12-16 23:30 -------- d-----w- c:\programdata\Microsoft Help
2009-07-22 08:52 . 2007-12-16 23:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 03:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-15 03:17 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-15 03:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-15 02:51 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-01 02:42 . 2009-06-19 11:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-25 08:10 . 2009-06-25 08:10 -------- d-----w- c:\program files\Ext2Fsd
2009-06-21 16:08 . 2009-06-21 16:08 -------- d-----w- c:\program files\TeamViewer
2009-06-21 16:03 . 2009-06-21 16:03 -------- d-----w- c:\program files\Common Files\Skype
2009-06-21 16:03 . 2009-06-21 16:03 -------- d-----r- c:\program files\Skype
2009-06-21 16:03 . 2009-06-21 16:03 -------- d-----w- c:\programdata\Skype
2009-06-21 15:55 . 2009-06-21 15:53 -------- d-----w- c:\program files\UberIcon
2009-06-21 14:50 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-06-21 14:50 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-06-21 14:21 . 2009-06-21 11:53 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 11:52 . 2009-06-21 11:52 -------- d-----w- c:\program files\Microsoft.NET
2009-06-21 11:24 . 2007-12-16 23:34 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-21 09:08 . 2007-12-16 23:44 -------- d-----w- c:\programdata\Roxio
2009-06-21 08:46 . 2009-06-21 08:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-20 11:19 . 2009-06-20 11:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-06-20 11:11 . 2009-06-20 11:08 -------- d-----w- c:\program files\DIFX
2009-06-20 11:09 . 2009-06-20 11:08 -------- d-----w- c:\programdata\PC Suite
2009-06-20 11:08 . 2009-06-20 11:08 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-20 11:08 . 2009-06-20 11:08 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-20 11:08 . 2009-06-20 10:58 -------- d-----w- c:\program files\Nokia
2009-06-20 11:05 . 2009-06-20 11:05 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-20 11:03 . 2009-06-19 13:14 -------- d-----w- c:\program files\Google
2009-06-19 20:56 . 2009-06-19 20:56 -------- d-----w- c:\program files\LSI SoftModem
2009-06-19 15:01 . 2009-06-19 15:01 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-06-19 15:01 . 2009-06-19 15:01 272896 ----a-w- c:\windows\system32\polstore.dll
2009-06-19 15:00 . 2009-06-19 14:59 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-19 14:55 . 2009-06-19 14:55 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-19 14:34 . 2009-06-19 14:34 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-06-19 14:27 . 2009-06-19 14:27 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2009-06-19 14:26 . 2009-06-19 14:26 1965056 ----a-w- c:\windows\system32\NlsData0c1a.dll
2009-06-19 14:24 . 2009-06-19 14:24 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-06-19 14:20 . 2009-06-19 14:20 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-19 14:19 . 2009-06-19 14:19 37888 ----a-w- c:\windows\system32\printcom.dll
2009-06-19 14:15 . 2007-12-16 23:40 -------- d-----w- c:\programdata\Sonic
2009-06-19 13:47 . 2009-06-19 13:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-06-19 13:47 . 2009-06-19 13:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-19 13:31 . 2009-06-19 13:31 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-06-19 13:19 . 2009-06-19 13:19 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-19 13:14 . 2009-06-19 13:14 95232 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2009-06-19 13:14 . 2009-06-19 13:14 8192 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-19 13:14 . 2009-06-19 13:14 61440 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-19 13:14 . 2009-06-19 13:14 10240 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-19 13:14 . 2009-06-19 13:14 -------- d-----w- c:\programdata\Installations
2009-06-19 13:13 . 2009-06-19 13:13 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-06-19 13:12 . 2009-06-19 13:13 737280 ----a-w- c:\windows\iun6002.exe
2009-06-19 13:11 . 2009-06-19 13:10 -------- d-----w- c:\program files\VLC
2009-06-19 13:07 . 2009-06-19 13:06 -------- d-----w- c:\program files\AVSDVDPlayer
2009-06-19 13:07 . 2009-06-19 13:04 -------- d-----w- c:\program files\QIP Infium
2009-06-19 13:03 . 2009-06-19 13:03 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-06-19 13:03 . 2009-06-19 13:03 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-19 13:03 . 2009-06-19 13:03 -------- d-----w- c:\program files\JPEG Resampler
2009-06-19 13:02 . 2009-06-19 13:02 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-19 13:02 . 2009-06-19 13:02 -------- d-----w- c:\program files\IrfanView
2009-06-19 13:01 . 2009-06-19 13:01 -------- d-----w- c:\program files\MSXML 4.0
2009-06-19 12:59 . 2009-06-19 12:59 72704 ----a-w- c:\windows\system32\admparse.dll
2009-06-19 12:59 . 2009-06-19 12:59 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-06-19 12:58 . 2009-06-19 12:58 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-06-19 12:23 . 2009-06-19 12:23 -------- d-----w- c:\program files\ESET
2009-06-19 12:16 . 2009-06-19 13:18 34557984 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_cze_web.exe
2009-06-19 12:01 . 2009-06-19 12:01 -------- d-----w- c:\program files\7-Zip
2009-06-19 12:00 . 2009-06-19 12:00 -------- d-----w- c:\program files\CCleaner
2009-06-19 11:52 . 2009-06-19 11:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-19 11:51 . 2007-12-17 00:08 -------- d-----w- c:\program files\Java
2009-06-19 11:48 . 2009-06-19 11:48 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-19 11:48 . 2009-06-19 11:48 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-19 11:48 . 2009-06-19 11:48 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-19 11:48 . 2009-06-19 11:48 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-19 11:47 . 2009-06-19 11:47 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-19 11:47 . 2009-06-19 11:47 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-19 11:47 . 2009-06-19 11:47 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-19 11:47 . 2009-06-19 11:47 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-19 11:47 . 2009-06-19 11:47 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-19 11:42 . 2007-12-16 23:26 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-19 11:39 . 2009-06-19 11:39 -------- d-----w- c:\program files\WIDCOMM
2009-06-19 11:36 . 2009-06-19 11:36 -------- d-----w- c:\program files\Broadcom
2009-06-19 11:36 . 2009-06-19 11:36 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-06-19 11:36 . 2009-06-19 11:36 2895872 ----a-w- c:\windows\system32\bcmihvui.dll
2009-06-19 11:36 . 2009-06-19 11:36 3231744 ----a-w- c:\windows\system32\bcmihvsrv.dll
2009-06-19 11:36 . 2009-06-19 11:36 1044472 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2009-06-19 11:34 . 2009-06-19 11:34 -------- d-----w- c:\program files\Macrovision Corp
2009-06-19 11:30 . 2007-12-16 23:24 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-19 11:30 . 2009-06-19 11:30 0 --sha-r- c:\windows\system32\drivers\103C_HP_bNB_6720s_Y5336AN_0U_QCNU8031CCT_E452408-224_4A_I30D8_SHP_V83.0E_68MDU F.08_T071228_WV2-0_L405_M2039_J160_7Intel_86FD_91.73_#071217_N808610C4_(KE168ES#AKB)_XMOBILE_CN10_Z_2F.08_G80862A12;80862A13.MRK
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-11 10:47 . 2009-05-11 10:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-07-15 21:16 . 2009-06-19 11:53 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-06-04 15:43 . 2009-06-19 21:10 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2007-12-17 07:25 . 2007-12-17 07:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-07-30_02.36.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-16 23:03 . 2009-07-31 17:45 48270 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-07-31 17:45 83000 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-19 11:44 . 2009-07-31 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-19 11:44 . 2009-07-30 01:41 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-19 11:44 . 2009-07-31 17:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-19 11:44 . 2009-07-30 01:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-19 11:44 . 2009-07-30 01:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-19 11:44 . 2009-07-31 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-22 08:30 . 2009-07-31 17:45 4270 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1491950412-2009852829-4049741679-1008_UserData.bin
- 2009-07-30 01:21 . 2009-07-30 01:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-31 17:43 . 2009-07-31 17:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-30 01:21 . 2009-07-30 01:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-31 17:43 . 2009-07-31 17:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-28 19:10 . 2009-07-30 19:15 255618 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-06-22 08:28 . 2009-07-31 06:32 293844 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-07-31 16:37 653202 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-30 01:26 653202 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-30 01:26 124170 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-31 16:37 124170 c:\windows\System32\perfc009.dat
+ 2009-07-31 08:20 . 2009-07-31 08:20 15705600 c:\windows\Installer\3a61aea.msp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 129560]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-19 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 08:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ProjectWhois.lnk]
path=c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ProjectWhois.lnk
backup=c:\windows\pss\ProjectWhois.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):75,e9,84,c9,fb,04,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FA71DF8F-A0C6-4277-BB75-6E307FB42F87}c:\\program files\\qip infium\\infium.exe"= UDP:c:\program files\qip infium\infium.exe:QIP Infium
"UDP Query User{A0ADEA5F-883C-4401-B6F0-CEDE12E4ED60}c:\\program files\\qip infium\\infium.exe"= TCP:c:\program files\qip infium\infium.exe:QIP Infium
"{B376D55A-13C8-4EFA-B3DF-28E299243695}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{40D99863-2F91-4787-9031-60712A4E939D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D14098C2-77FB-4F56-BC8D-BF6228E7E057}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{48FF822B-70C6-412B-89E3-CC8990EC014C}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{27154DA1-27BD-4C77-A980-5054E0665184}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{2BD40166-355F-440D-B5E5-FDA240ED5024}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4D56D006-0DCA-441F-82D4-21283D0A3CB1}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{2728D1E1-E787-4B70-9821-EBA52B7BDCDA}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{57E021D7-A480-4240-9DEC-B6160EB88D1D}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{C08BEFEA-AAAD-433C-B1A8-F8462A2EF99C}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"{97151472-C97A-41E3-9589-EA44654CD4E9}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{43813EBD-DE6B-4B95-A550-2C78F70502B3}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 6:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [14.5.2009 6:49 94360]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\System32\drivers\ext2fsd.sys [25.6.2009 1:10 654480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 6:47 731840]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [16.12.2007 16:38 540448]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2.11.2006 3:25 167936]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [16.12.2007 16:50 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [8.6.2007 1:06 172131]
S4 gupdate1c9f1952808db60;Google Update Service (gupdate1c9f1952808db60);c:\program files\Google\Update\GoogleUpdate.exe [20.6.2009 3:52 133104]
S4 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [16.6.2009 1:48 185640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 10:51]

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 10:51]

2009-07-31 c:\windows\Tasks\User_Feed_Synchronization-{BF622AD7-3CDF-4DC1-BC20-DAC935839F0E}.job
- c:\windows\system32\msfeedssync.exe [2009-06-21 07:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\r61bs8yg.default\
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 10:44
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2964)
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\conime.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\windows\SMINST\Scheduler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\System32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2009-07-31 13:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-31 17:52
ComboFix2.txt 2009-07-30 16:11
ComboFix3.txt 2009-07-30 02:39

Před spuštěním: Volných bajtů: 75 144 638 464
Po spuštění: Volných bajtů: 74 892 414 976

430 --- E O F --- 2009-07-31 08:20





--------------------------------------------------------------------------------------------........................................................................__________________________________________




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:13, on 31.7.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: BTShellFolder Class - {7418E5F5-0E48-4144-8F92-5CA791C82396} - C:\Program Files\BumpTop\BTShExt.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BTBho Class - {DE713078-8012-4B75-92BA-398D4642A64B} - C:\Program Files\BumpTop\BTShExt.dll
O3 - Toolbar: BumpTop Explorer Bar - {32CA105A-BD6C-4AFC-B4D9-346262E9F483} - C:\Program Files\BumpTop\BTShExt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - C:\Program Files\BumpTop\BTShExt.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 6922 bytes