BSOD 0xF4 (0x3...) a zalogování ANONYMOUS USERA

[dog.big]

Zdravím,
2 měsíce nazpátek jsem míval problémy s BSODy 0xF4 (0x3...), které negenerovali žádné minidumpy. Poté jsem provedl reklamaci ntbk Dell Inspiron 15r, kdy byl vyměněn HDD,
provedena čistá instalace a problémy ustaly.
Dnes v 11:16 však se BSOD s bugcheckem 0xF4 (0x3...) objevil znova, po provedení série testů včetně HDD a MemTest+ a diskuzí s Dell technickou podporou může jít o SW problém.
Po prohlédnutí eventlogů jsem narazil na znepokojující login uživatele ANONYMOUS USER s ID 4624 kdy obraz visel na obrazovce
Vítejte, poté se přepl do černé plochy s myší a pak BSOD (též jsem zaznamenal "podivnou" HDD aktivitu). Tudíž zde dle mého názoru může jít o nějaký druh rootkitu/spyware/keyloggeru.
Prosím o analýzu níže uvedených reportů a předem děkuji.

Znepokojující poslední záznam v eventlogu před samostným BSOD:

Kód: Vybrat vše

Účet byl úspěšně přihlášen.

Předmět:
	ID zabezpečení:		NULL SID
	Název účtu:		-
	Doména účtu:		-
	ID přihlášení:		0x0

Typ přihlášení:			3

Nové přihlášení:
	ID zabezpečení:		ANONYMOUS LOGON
	Název účtu:		ANONYMOUS LOGON
	Doména účtu:		NT AUTHORITY
	ID přihlášení:		0x2d527
	GUID přihlášení:		{00000000-0000-0000-0000-000000000000}

Informace o procesu:
	ID procesu:		0x0
	Název procesu:		-

Informace o síti:
	Název pracovní stanice:	
	Adresa zdrojové sítě	-
	Zdrojový port:		-

Podrobné informace o ověření:
	Proces přihlášení:		NtLmSsp 
	Balíček ověření:	NTLM
	Přenosové služby:	-
	Název balíčku (pouze NTLM):	NTLM V1
	Délka klíče:		0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
	- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
	- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
	- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
	- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.

RSIT log:

Kód: Vybrat vše

Logfile of random's system information tool 1.08 (written by random/random)
Run by Michal Charvát at 2011-04-06 14:10:44
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 319 GB (46%) free of 698 GB
Total RAM: 4031 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:10:45, on 6.4.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Users\Michal Charvát\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\GIGABYTE\GHOST(6980)\GHOSTOPEN.exe
C:\Program Files (x86)\GIGABYTE\GHOST(6980)\Tilt.exe
C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Michal Charvát.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Michal Charvát\AppData\Roaming\Speckie\Speckie32.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [ghost] C:\Program Files (x86)\GIGABYTE\GHOST(6980)\ghostopen.exe
O4 - HKLM\..\Run: [Tilt] C:\Program Files (x86)\GIGABYTE\GHOST(6980)\Tilt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [TrayStatus] "C:\Program Files (x86)\TrayStatus\TrayStatus.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michal Charvát\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\WINDOWS\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12019 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsm.exe
winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe"
C:\WINDOWS\system32\WLANExt.exe 19924832
\??\C:\WINDOWS\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_0000071c
\??\C:\WINDOWS\system32\conhost.exe
"C:\WINDOWS\system32\Dwm.exe"
C:\WINDOWS\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Dell\QuickSet\quickset.exe" 
"C:\Program Files\IDT\WDM\sttray64.exe" 
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 
"C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE" 
"C:\Program Files (x86)\TrayStatus\TrayStatus.exe" 
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" 
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f68f41cd-3c11-4c1c-a26f-f96c9e54646d -SystemEventPortName:HostProcess-6b4ca6a1-3d0e-49f4-a0dc-174852701f47 -IoCancelEventPortName:HostProcess-63e0be90-4bab-4818-be06-4cf1d41b520a -NonStateChangingEventPortName:HostProcess-64a9d96c-e17f-4781-ad03-6d0595379a80 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e7a79f51-dd9b-41ad-a99f-ee11c4f5394a
"C:\Users\Michal Charvát\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe" /crashhandler
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" 
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\GIGABYTE\GHOST(6980)\GHOSTOPEN.exe" 
"C:\Program Files (x86)\GIGABYTE\GHOST(6980)\Tilt.exe" 
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe" 
"C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_250ms_queue_prefetch/DnsParallelism/parallel_9/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=4680.00990A80.767442560 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_250ms_queue_prefetch/DnsParallelism/parallel_9/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=4680.00A0F600.1850213842 /prefetch:3 --ignored=" --type=renderer "
"C:\WINDOWS\system32\mmc.exe" "C:\WINDOWS\system32\compmgmt.msc" /s
C:\WINDOWS\system32\rundll32.exe "C:\Users\MICHAL~1\AppData\Local\Google\Chrome\APPLIC~1\100648~1.204\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\10.0.648.204\gcswf32.dll" --lang=cs --plugin-data-dir="C:\Users\Michal Charvát\AppData\Local\Google\Chrome\User Data\Default" --channel=4680.0606F600.1754262893 /prefetch:4 --flash-broker=3912
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_250ms_queue_prefetch/DnsParallelism/parallel_9/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=4680.08129D80.1146088920 /prefetch:3
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe" 
\??\C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Users\Michal Charvát\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_250ms_queue_prefetch/DnsParallelism/parallel_9/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=4680.080EE000.2013872308 /prefetch:3
"C:\WINDOWS\System32\taskmgr.exe" 
"C:\WINDOWS\NOTEPAD.EXE" C:\rsit\log.txt
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 532 536 544 65536 540 
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Michal Charvát\Downloads\RSITx64.exe" 
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3847059355-3794568477-1451639886-1000Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3847059355-3794568477-1451639886-1000UA.job
C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
C:\WINDOWS\tasks\SystemToolsDailyTest.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CE7F568-67FA-4432-BA39-F5AFD68E7B8B}]
Speckie - C:\Users\Michal Charvát\AppData\Roaming\Speckie\Speckie64.dll [2011-03-12 164608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-24 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CE7F568-67FA-4432-BA39-F5AFD68E7B8B}]
Speckie - C:\Users\Michal Charvát\AppData\Roaming\Speckie\Speckie32.dll [2011-03-12 125696]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDA57003-0068-4ed2-9D32-4D1EC707D94D}]
Microsoft Web Test Recorder 10.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19 61360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2010-01-06 3179288]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-06-18 487424]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-17 1890088]
"Broadcom Wireless Manager UI"=C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [2010-02-03 5712896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TrayStatus"=C:\Program Files (x86)\TrayStatus\TrayStatus.exe [2010-11-29 204008]
"Google Update"=C:\Users\Michal Charvát\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-03 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-06-24 409744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-01-24 427008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-01-13 2988784]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-06-08 284696]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-02-02 281768]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2011-01-02 1670656]
"ghost"=C:\Program Files (x86)\GIGABYTE\GHOST(6980)\ghostopen.exe [2010-02-08 192000]
"Tilt"=C:\Program Files (x86)\GIGABYTE\GHOST(6980)\Tilt.exe [2009-06-26 724992]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-06-01 98304]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\WINDOWS\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2011-04-06 14:07:16 ----D---- C:\Program Files\trend micro
2011-04-06 13:55:19 ----D---- C:\rsit
2011-04-02 19:42:28 ----D---- C:\Users\Michal Charvát\AppData\Roaming\PrimoPDF
2011-04-02 19:42:06 ----A---- C:\WINDOWS\system32\Primomonnt.dll
2011-04-02 19:42:04 ----D---- C:\Program Files (x86)\Nitro PDF
2011-04-02 10:25:41 ----D---- C:\Program Files (x86)\Burning Mill Advanced
2011-04-02 10:25:41 ----A---- C:\WINDOWS\Burning Mill Advanced Uninstaller.exe
2011-04-02 10:25:05 ----D---- C:\Users\Michal Charvát\AppData\Roaming\InfraRecorder
2011-04-02 10:25:04 ----A---- C:\WINDOWS\Burning Mill Express Uninstaller.exe
2011-04-02 10:25:03 ----D---- C:\Program Files (x86)\Burning Mill Express
2011-04-01 15:23:05 ----D---- C:\Users\Michal Charvát\AppData\Roaming\.minecraft
2011-04-01 15:22:50 ----D---- C:\Users\Michal Charvát\AppData\Roaming\.minecraft – kopie
2011-04-01 14:17:42 ----D---- C:\Users\Michal Charvát\AppData\Roaming\.minecraft BACKUP
2011-04-01 14:08:12 ----D---- C:\Users\Michal Charvát\AppData\Roaming\X
2011-04-01 09:20:14 ----D---- C:\ProgramData\ATI
2011-04-01 09:17:34 ----D---- C:\Program Files\Common Files\ATI Technologies
2011-04-01 09:17:13 ----D---- C:\Program Files (x86)\ATI Technologies
2011-04-01 09:17:07 ----D---- C:\Program Files\ATI Technologies
2011-04-01 09:17:05 ----D---- C:\Program Files\ATI
2011-03-31 12:10:40 ----D---- C:\po
2011-03-31 11:40:12 ----D---- C:\Lazarus
2011-03-30 11:27:02 ----D---- C:\Users\Michal Charvát\AppData\Roaming\Mozilla
2011-03-24 11:54:58 ----D---- C:\ProgramData\Creative
2011-03-24 11:54:57 ----D---- C:\Users\Michal Charvát\AppData\Roaming\Creative
2011-03-24 10:18:17 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2011-03-20 00:44:56 ----D---- C:\Users\Michal Charvát\AppData\Roaming\dvdcss
2011-03-20 00:44:49 ----D---- C:\Users\Michal Charvát\AppData\Roaming\All Free DVD Ripper
2011-03-20 00:44:47 ----A---- C:\WINDOWS\SYSWOW64\NCTWMAFile2.dll
2011-03-20 00:44:46 ----A---- C:\WINDOWS\SYSWOW64\NCTAudioRecord2.dll
2011-03-20 00:44:46 ----A---- C:\WINDOWS\SYSWOW64\NCTAudioPlayer2.dll
2011-03-20 00:44:46 ----A---- C:\WINDOWS\SYSWOW64\NCTAudioInformation2.dll
2011-03-20 00:44:46 ----A---- C:\WINDOWS\SYSWOW64\NCTAudioFile2.dll
2011-03-20 00:44:46 ----A---- C:\WINDOWS\SYSWOW64\msvcr70.dll
2011-03-20 00:44:44 ----D---- C:\Program Files (x86)\All Free DVD Ripper
2011-03-20 00:28:44 ----HD---- C:\Program Files (x86)\InstallJammer Registry
2011-03-20 00:26:51 ----A---- C:\Users\Michal Charvát\AppData\Roaming\pcouffin.sys
2011-03-20 00:26:51 ----A---- C:\Users\Michal Charvát\AppData\Roaming\inst.exe
2011-03-20 00:26:29 ----D---- C:\Users\Michal Charvát\AppData\Roaming\Vso
2011-03-20 00:19:18 ----D---- C:\Users\Michal Charvát\AppData\Roaming\Digiarty
2011-03-20 00:14:28 ----D---- C:\Users\Michal Charvát\AppData\Roaming\HandBrake
2011-03-20 00:14:19 ----D---- C:\Program Files (x86)\Handbrake
2011-03-19 15:19:27 ----D---- C:\Users\Michal Charvát\AppData\Roaming\Speckie
2011-03-18 14:53:11 ----D---- C:\Program Files (x86)\WinSCP
2011-03-12 18:24:32 ----D---- C:\PFiles
2011-03-10 17:43:31 ----D---- C:\Program Files (x86)\GIGABYTE
2011-03-10 11:59:02 ----D---- C:\ProgramData\VS
2011-03-10 11:44:12 ----D---- C:\Program Files (x86)\Microsoft F#
2011-03-10 11:44:01 ----D---- C:\WINDOWS\SYSWOW64\1029
2011-03-08 22:51:10 ----A---- C:\WINDOWS\SYSWOW64\EncDec.dll
2011-03-08 22:51:10 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2011-03-08 22:51:10 ----A---- C:\WINDOWS\system32\EncDec.dll
2011-03-08 22:51:10 ----A---- C:\WINDOWS\system32\CPFilters.dll
2011-03-08 22:51:09 ----A---- C:\WINDOWS\SYSWOW64\sbe.dll
2011-03-08 22:51:09 ----A---- C:\WINDOWS\system32\sbe.dll
2011-03-08 22:51:08 ----A---- C:\WINDOWS\SYSWOW64\DWrite.dll
2011-03-08 22:51:08 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2011-03-08 22:51:08 ----A---- C:\WINDOWS\system32\FntCache.dll
2011-03-08 22:51:08 ----A---- C:\WINDOWS\system32\DWrite.dll
2011-03-08 22:51:08 ----A---- C:\WINDOWS\system32\d2d1.dll
2011-03-08 12:08:35 ----D---- C:\Users\Michal Charvát\AppData\Roaming\Notepad++
2011-03-08 11:48:10 ----D---- C:\Octave

======List of files/folders modified in the last 1 months======

2011-04-06 14:07:16 ----RD---- C:\Program Files
2011-04-06 13:55:22 ----D---- C:\Program Files (x86)\Trend Micro
2011-04-06 13:47:42 ----D---- C:\WINDOWS\Temp
2011-04-06 13:31:40 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2011-04-06 13:06:48 ----D---- C:\WINDOWS\system32\config
2011-04-06 13:06:38 ----D---- C:\Users\Michal Charvát\AppData\Roaming\KeePass
2011-04-06 13:05:29 ----AD---- C:\WINDOWS\System32
2011-04-06 12:26:41 ----D---- C:\WINDOWS\winsxs
2011-04-06 12:20:08 ----D---- C:\WINDOWS\SYSWOW64\directx
2011-04-06 12:20:03 ----HD---- C:\WINDOWS\msdownld.tmp
2011-04-06 12:16:39 ----SHD---- C:\WINDOWS\Installer
2011-04-06 12:16:04 ----SHD---- C:\System Volume Information
2011-04-06 12:15:19 ----D---- C:\Program Files (x86)\Common Files
2011-04-05 22:01:59 ----D---- C:\Users\Michal Charvát\AppData\Roaming\Skype
2011-04-05 22:01:59 ----D---- C:\Users\Michal Charvát\AppData\Roaming\ICQ
2011-04-05 22:01:37 ----D---- C:\Users\Michal Charvát\AppData\Roaming\FileZilla
2011-04-05 18:46:52 ----D---- C:\.netbeans
2011-04-05 14:40:06 ----D---- C:\Users\Michal Charvát\AppData\Roaming\Mumble
2011-04-04 14:07:11 ----HD---- C:\ProgramData
2011-04-04 10:10:41 ----D---- C:\Users\Michal Charvát\AppData\Roaming\gtk-2.0
2011-04-03 12:17:59 ----D---- C:\WINDOWS
2011-04-02 19:42:06 ----A---- C:\WINDOWS\primopdf.ini
2011-04-02 19:42:04 ----RD---- C:\Program Files (x86)
2011-04-02 17:42:24 ----D---- C:\WINDOWS\inf
2011-04-02 17:42:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-01 14:18:54 ----D---- C:\Users\Michal Charvát\AppData\Roaming\minecraft
2011-04-01 09:18:36 ----D---- C:\WINDOWS\system32\catroot
2011-04-01 09:17:34 ----D---- C:\Program Files\Common Files
2011-04-01 09:17:30 ----D---- C:\WINDOWS\system32\DriverStore
2011-04-01 08:58:38 ----D---- C:\WINDOWS\system32\wbem
2011-04-01 08:57:54 ----D---- C:\WINDOWS\Tasks
2011-04-01 08:57:54 ----D---- C:\WINDOWS\SysWOW64
2011-04-01 08:57:54 ----D---- C:\WINDOWS\system32\wfp
2011-04-01 08:57:54 ----D---- C:\WINDOWS\system32\drivers
2011-04-01 08:57:54 ----D---- C:\WINDOWS\system32\CodeIntegrity
2011-04-01 08:57:54 ----D---- C:\WINDOWS\system32\catroot2
2011-04-01 08:57:51 ----D---- C:\WINDOWS\registration
2011-03-31 21:53:45 ----D---- C:\Games
2011-03-28 18:04:38 ----D---- C:\Users\Michal Charvát\AppData\Roaming\X-Chat 2
2011-03-28 14:35:17 ----D---- C:\WINDOWS\Prefetch
2011-03-28 14:34:35 ----RSD---- C:\WINDOWS\Fonts
2011-03-28 10:22:30 ----D---- C:\WINDOWS\rescache
2011-03-27 18:11:36 ----D---- C:\WINDOWS\system32\NDF
2011-03-26 17:34:38 ----D---- C:\Program Files\Internet Explorer
2011-03-26 17:34:38 ----D---- C:\Program Files (x86)\Internet Explorer
2011-03-26 17:31:07 ----D---- C:\WINDOWS\system32\Tasks
2011-03-26 17:27:48 ----D---- C:\WINDOWS\SYSWOW64\migration
2011-03-26 17:27:48 ----D---- C:\WINDOWS\SYSWOW64\en-US
2011-03-26 17:27:48 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2011-03-26 17:27:48 ----D---- C:\WINDOWS\system32\migration
2011-03-26 17:27:48 ----D---- C:\WINDOWS\system32\en-US
2011-03-26 17:27:48 ----D---- C:\WINDOWS\system32\cs-CZ
2011-03-26 17:27:48 ----D---- C:\WINDOWS\PolicyDefinitions
2011-03-26 17:20:43 ----D---- C:\WINDOWS\Downloaded Program Files
2011-03-25 21:02:17 ----A---- C:\WINDOWS\win.ini
2011-03-25 21:01:06 ----D---- C:\ProgramData\PCDr
2011-03-25 20:57:53 ----D---- C:\Program Files\CCleaner
2011-03-24 10:29:37 ----A---- C:\WINDOWS\SYSWOW64\PnkBstrB.exe
2011-03-22 12:36:53 ----D---- C:\WINDOWS\Logs
2011-03-22 12:36:50 ----D---- C:\WINDOWS\servicing
2011-03-20 19:13:15 ----D---- C:\Program Files (x86)\Mumble
2011-03-14 13:14:37 ----RSD---- C:\WINDOWS\assembly
2011-03-14 13:14:37 ----D---- C:\WINDOWS\Microsoft.NET
2011-03-10 12:36:43 ----A---- C:\WINDOWS\SYSWOW64\PerfStringBackup.INI
2011-03-10 12:26:49 ----D---- C:\Program Files\MSBuild
2011-03-10 12:26:44 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2011-03-10 11:59:40 ----D---- C:\Program Files (x86)\Microsoft SDKs
2011-03-10 10:15:21 ----D---- C:\ProgramData\Dell
2011-03-09 23:02:43 ----D---- C:\WINDOWS\debug
2011-03-08 22:54:41 ----D---- C:\ProgramData\Microsoft Help
2011-03-08 22:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2010-06-08 540696]
R0 rdyboost;ReadyBoost; C:\WINDOWS\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-02-02 116568]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-30 28032]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\WINDOWS\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\WINDOWS\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 vwififlt;Virtual WiFi Filter Driver; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-02-02 83120]
R2 TurboB;Turbo Boost UI Monitor driver; C:\WINDOWS\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2010-06-02 6857728]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2010-06-02 264192]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
R3 BCM42RLY;BCM42RLY; C:\WINDOWS\system32\drivers\BCM42RLY.sys [2010-02-03 22520]
R3 BCM43XX;Ovladač pro bezdrátovou síťovou kartu DW WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl664.sys [2010-02-03 3058168]
R3 BcmVWL;Broadcom Virtual Wireless; C:\WINDOWS\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
R3 btusbflt;Bluetooth USB Filter; C:\WINDOWS\system32\drivers\btusbflt.sys [2010-03-30 53800]
R3 btwaudio;Bluetooth Audio Device Service; C:\WINDOWS\system32\drivers\btwaudio.sys [2010-03-30 98344]
R3 btwavdt;Bluetooth AVDT; C:\WINDOWS\system32\DRIVERS\btwavdt.sys [2010-03-30 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\WINDOWS\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]
R3 btwrchid;btwrchid; C:\WINDOWS\system32\DRIVERS\btwrchid.sys [2010-03-30 21160]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
R3 HECIx64;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECIx64.sys [2010-03-17 56344]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [2010-06-18 515584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2010-03-17 301104]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\WINDOWS\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\WINDOWS\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-02-17 33344]
S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]
S3 pciide;pciide; C:\WINDOWS\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2010-12-01 250984]
S3 RTL8167;Realtek 8167 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 TsUsbFlt;TsUsbFlt; C:\WINDOWS\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VSPerfDrv100;Performance Tools Driver 10.0; \??\C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2006-11-01 151656]
S4 RsFx0103;RsFx0103 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2010-06-02 203264]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-02-02 339624]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-03-16 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-02-02 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-29 873248]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-17 268824]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\syswow64\PnkBstrA.exe [2011-02-06 75064]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2010-06-18 258048]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
R2 wltrysvc;DW WLAN Tray Service; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [2010-02-03 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-09-17 154968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-22 403240]
S3 TurboBoost;TurboBoost; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\WINDOWS\system32\Wat\WatAdminSvc.exe [2011-02-02 1255736]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S4 NetMsmqActivator;@c:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[dog.big]

Zdravím,
přikládám tedy log, který vznikl po spuštění ComboFixu:

Kód: Vybrat vše

ComboFix 11-04-05.02 - Michal Charvát 06.04.2011  19:45:43.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.4031.1589 [GMT 2:00]
Spuštěný z: c:\users\Michal Charvát\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5744\Downloads\48edbc2f-6595-43d2-a911-c3713e9b499f.dll
c:\programdata\PCDr\5744\Downloads\86fa80c6-799b-4d0b-a3f5-f7886c10db2c.dll
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2011-03-06 do 2011-04-06  )))))))))))))))))))))))))))))))
.
.
2011-04-06 17:56 . 2011-04-06 17:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-06 16:11 . 2011-04-06 16:11	--------	d-----w-	c:\program files (x86)\ESET
2011-04-06 16:03 . 2011-04-06 16:03	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Malwarebytes
2011-04-06 16:03 . 2011-04-06 16:03	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-06 16:03 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-06 16:03 . 2011-04-06 16:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-06 13:11 . 2010-05-26 08:39	6144	------w-	c:\windows\system32\BF6A.tmp
2011-04-06 13:00 . 2010-05-26 08:39	6144	------w-	c:\windows\system32\393A.tmp
2011-04-06 12:20 . 2011-04-06 16:09	--------	d-----w-	c:\program files (x86)\Sophos
2011-04-06 12:07 . 2011-04-06 12:10	--------	d-----w-	c:\program files\trend micro
2011-04-06 11:55 . 2011-04-06 11:55	--------	d-----w-	C:\rsit
2011-04-06 10:15 . 2011-04-06 10:15	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2011-04-03 17:51 . 2011-04-03 17:51	--------	d-----w-	c:\users\Michal Charvát\pre
2011-04-02 17:42 . 2011-04-04 08:01	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\PrimoPDF
2011-04-02 17:42 . 2011-02-28 22:37	95008	----a-w-	c:\windows\system32\Primomonnt.dll
2011-04-02 17:42 . 2011-04-02 17:42	--------	d-----w-	c:\program files (x86)\Nitro PDF
2011-04-02 08:25 . 2011-04-02 08:25	163325	----a-w-	c:\windows\Burning Mill Advanced Uninstaller.exe
2011-04-02 08:25 . 2011-04-02 08:25	--------	d-----w-	c:\program files (x86)\Burning Mill Advanced
2011-04-02 08:25 . 2011-04-02 08:26	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\InfraRecorder
2011-04-02 08:25 . 2011-04-02 08:25	163262	----a-w-	c:\windows\Burning Mill Express Uninstaller.exe
2011-04-02 08:25 . 2011-04-02 08:25	--------	d-----w-	c:\program files (x86)\Burning Mill Express
2011-04-01 13:23 . 2011-04-02 18:38	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\.minecraft
2011-04-01 13:22 . 2011-04-01 13:22	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\.minecraft – kopie
2011-04-01 12:17 . 2011-04-01 12:18	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\.minecraft BACKUP
2011-04-01 12:08 . 2011-04-01 12:08	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\X
2011-04-01 07:20 . 2011-04-01 07:20	--------	d-----w-	c:\programdata\ATI
2011-04-01 07:17 . 2011-04-01 07:17	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2011-04-01 07:17 . 2011-04-01 07:17	--------	d-----w-	c:\program files (x86)\ATI Technologies
2011-04-01 07:17 . 2011-04-01 07:17	--------	d-----w-	c:\program files\ATI Technologies
2011-04-01 07:17 . 2011-04-01 07:17	--------	d-----w-	c:\program files\ATI
2011-03-31 10:10 . 2011-03-31 10:11	--------	d-----w-	C:\po
2011-03-31 09:45 . 2011-03-31 11:24	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\lazarus
2011-03-31 09:40 . 2011-03-31 10:02	--------	d-----w-	C:\Lazarus
2011-03-30 09:27 . 2011-03-30 09:27	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Mozilla
2011-03-24 10:02 . 2011-03-24 10:02	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\Mozilla
2011-03-24 09:54 . 2011-03-24 09:54	--------	d-----w-	c:\programdata\Creative
2011-03-24 09:54 . 2011-03-24 09:54	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Creative
2011-03-24 08:18 . 2011-03-24 08:18	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2011-03-19 22:47 . 2011-03-19 22:47	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\{17D37B7D-2138-4D3B-A0C3-B31773CFA92E}
2011-03-19 22:44 . 2011-03-19 22:45	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\dvdcss
2011-03-19 22:44 . 2011-03-19 22:44	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\All Free DVD Ripper
2011-03-19 22:44 . 2005-02-24 10:51	348160	----a-w-	c:\windows\SysWow64\NCTWMAFile2.dll
2011-03-19 22:44 . 2005-05-18 10:52	1212416	----a-w-	c:\windows\SysWow64\NCTAudioInformation2.dll
2011-03-19 22:44 . 2005-05-17 11:37	1986560	----a-w-	c:\windows\SysWow64\NCTAudioFile2.dll
2011-03-19 22:44 . 2005-04-25 12:01	458752	----a-w-	c:\windows\SysWow64\NCTAudioRecord2.dll
2011-03-19 22:44 . 2005-04-25 12:01	458752	----a-w-	c:\windows\SysWow64\NCTAudioPlayer2.dll
2011-03-19 22:44 . 2002-01-05 15:37	344064	----a-w-	c:\windows\SysWow64\msvcr70.dll
2011-03-19 22:44 . 2011-03-19 22:44	--------	d-----w-	c:\program files (x86)\All Free DVD Ripper
2011-03-19 22:37 . 2011-03-19 22:37	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\StaxRip
2011-03-19 22:29 . 2011-03-19 22:29	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\Microsoft Games
2011-03-19 22:28 . 2011-03-19 22:29	--------	d--h--w-	c:\program files (x86)\InstallJammer Registry
2011-03-19 22:26 . 2011-03-19 22:26	99384	----a-w-	c:\users\Michal Charvát\AppData\Roaming\inst.exe
2011-03-19 22:26 . 2011-03-19 22:26	82816	----a-w-	c:\users\Michal Charvát\AppData\Roaming\pcouffin.sys
2011-03-19 22:26 . 2011-03-19 22:26	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Vso
2011-03-19 22:19 . 2011-03-19 22:19	--------	d--h--w-	c:\users\Michal Charvát\.dvdcss
2011-03-19 22:19 . 2011-03-19 22:19	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Digiarty
2011-03-19 22:14 . 2011-03-19 22:14	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\HandBrake
2011-03-19 22:14 . 2011-03-19 22:14	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\HandBrake
2011-03-19 22:14 . 2011-03-19 22:15	--------	d-----w-	c:\program files (x86)\Handbrake
2011-03-19 21:25 . 2011-03-19 21:25	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\{4DE86883-FDFF-4679-BA0B-3AFF010F0D71}
2011-03-19 21:24 . 2011-03-19 21:24	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\{F7989577-B4CC-433B-AEF9-CF159A831332}
2011-03-19 13:19 . 2011-03-21 09:13	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Speckie
2011-03-18 13:35 . 2011-03-18 13:36	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\{B46DB41C-5C02-41F5-87EE-9BB9B4FF597F}
2011-03-18 13:35 . 2011-03-18 13:36	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\{F7163FD2-D99A-444E-9F8B-B5197BCC8086}
2011-03-18 12:53 . 2011-03-18 12:53	--------	d-----w-	c:\program files (x86)\WinSCP
2011-03-17 08:03 . 2011-03-17 08:03	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\Diagnostics
2011-03-12 16:24 . 2011-03-12 16:24	--------	d-----w-	C:\PFiles
2011-03-10 15:43 . 2011-03-10 15:43	--------	d-----w-	c:\program files (x86)\GIGABYTE
2011-03-10 09:59 . 2011-03-10 09:59	--------	d-----w-	c:\programdata\VS
2011-03-10 09:46 . 2011-03-10 10:31	2391392	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1029\ResourceCache.dll
2011-03-10 09:44 . 2011-03-10 09:44	--------	d-----w-	c:\program files (x86)\Microsoft F#
2011-03-10 09:44 . 2011-03-10 09:44	--------	d-----w-	c:\windows\SysWow64\1029
2011-03-08 10:08 . 2011-03-08 10:08	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Notepad++
2011-03-08 09:48 . 2011-03-08 09:48	--------	d-----w-	C:\Octave
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 08:29 . 2011-02-06 18:37	234536	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-03-24 08:29 . 2011-02-06 18:33	234536	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-03-20 11:54 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-19 22:26 . 2011-03-19 22:26	99384	----a-w-	c:\users\Michal Charvát\AppData\Roaming\inst.exe
2011-03-19 22:26 . 2011-03-19 22:26	99384	----a-w-	c:\users\Michal Charvát\AppData\Roaming\inst.exe
2011-03-19 22:26 . 2011-03-19 22:26	82816	----a-w-	c:\users\Michal Charvát\AppData\Roaming\pcouffin.sys
2011-03-19 22:26 . 2011-03-19 22:26	82816	----a-w-	c:\users\Michal Charvát\AppData\Roaming\pcouffin.sys
2011-03-10 10:31 . 2011-02-02 20:03	2421120	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-02-24 19:55 . 2010-10-19 06:54	521448	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-23 19:08 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-02-23 19:08 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-02-20 04:04 . 2011-02-20 04:04	65872	----a-w-	c:\windows\SysWow64\VSCover100.dll
2011-02-20 04:04 . 2011-02-20 04:04	145744	----a-w-	c:\windows\system32\VSPerf100.dll
2011-02-20 04:04 . 2011-02-20 04:04	111440	----a-w-	c:\windows\SysWow64\VSPerf100.dll
2011-02-20 01:01 . 2011-02-20 01:01	743760	----a-w-	c:\windows\SysWow64\msvcp100d.dll
2011-02-20 01:01 . 2011-02-20 01:01	1505104	----a-w-	c:\windows\SysWow64\msvcr100d.dll
2011-02-20 00:56 . 2011-02-20 00:56	7124304	----a-w-	c:\windows\SysWow64\mfc100ud.dll
2011-02-20 00:56 . 2011-02-20 00:56	7055696	----a-w-	c:\windows\SysWow64\mfc100d.dll
2011-02-20 00:56 . 2011-02-20 00:56	105296	----a-w-	c:\windows\SysWow64\mfcm100ud.dll
2011-02-20 00:56 . 2011-02-20 00:56	103760	----a-w-	c:\windows\SysWow64\mfcm100d.dll
2011-02-20 00:49 . 2011-02-20 00:49	87888	----a-w-	c:\windows\SysWow64\vcomp100d.dll
2011-02-19 23:49 . 2011-02-19 23:49	9209680	----a-w-	c:\windows\system32\mfc100ud.dll
2011-02-19 23:49 . 2011-02-19 23:49	9132880	----a-w-	c:\windows\system32\mfc100d.dll
2011-02-19 23:49 . 2011-02-19 23:49	1873232	----a-w-	c:\windows\system32\msvcr100d.dll
2011-02-19 23:49 . 2011-02-19 23:49	121168	----a-w-	c:\windows\system32\mfcm100ud.dll
2011-02-19 23:49 . 2011-02-19 23:49	119632	----a-w-	c:\windows\system32\mfcm100d.dll
2011-02-19 23:49 . 2011-02-19 23:49	106832	----a-w-	c:\windows\system32\vcomp100d.dll
2011-02-19 23:49 . 2011-02-19 23:49	1014096	----a-w-	c:\windows\system32\msvcp100d.dll
2011-02-19 22:03 . 2011-02-19 22:03	81744	----a-w-	c:\windows\SysWow64\mfcm100u.dll
2011-02-19 22:03 . 2011-02-19 22:03	81744	----a-w-	c:\windows\SysWow64\mfcm100.dll
2011-02-19 22:03 . 2011-02-19 22:03	64336	----a-w-	c:\windows\SysWow64\mfc100fra.dll
2011-02-19 22:03 . 2011-02-19 22:03	64336	----a-w-	c:\windows\SysWow64\mfc100deu.dll
2011-02-19 22:03 . 2011-02-19 22:03	63824	----a-w-	c:\windows\SysWow64\mfc100esn.dll
2011-02-19 22:03 . 2011-02-19 22:03	62288	----a-w-	c:\windows\SysWow64\mfc100ita.dll
2011-02-19 22:03 . 2011-02-19 22:03	60752	----a-w-	c:\windows\SysWow64\mfc100rus.dll
2011-02-19 22:03 . 2011-02-19 22:03	55120	----a-w-	c:\windows\SysWow64\mfc100enu.dll
2011-02-19 22:03 . 2011-02-19 22:03	51024	----a-w-	c:\windows\SysWow64\vcomp100.dll
2011-02-19 22:03 . 2011-02-19 22:03	4422992	----a-w-	c:\windows\SysWow64\mfc100u.dll
2011-02-19 22:03 . 2011-02-19 22:03	4397384	----a-w-	c:\windows\SysWow64\mfc100.dll
2011-02-19 22:03 . 2011-02-19 22:03	43856	----a-w-	c:\windows\SysWow64\mfc100jpn.dll
2011-02-19 22:03 . 2011-02-19 22:03	43344	----a-w-	c:\windows\SysWow64\mfc100kor.dll
2011-02-19 22:03 . 2011-02-19 22:03	36176	----a-w-	c:\windows\SysWow64\mfc100cht.dll
2011-02-19 22:03 . 2011-02-19 22:03	36176	----a-w-	c:\windows\SysWow64\mfc100chs.dll
2011-02-19 22:03 . 2011-02-19 22:03	138056	----a-w-	c:\windows\SysWow64\atl100.dll
2011-02-19 21:51 . 2011-02-19 21:51	93008	----a-w-	c:\windows\system32\mfcm100u.dll
2011-02-19 21:51 . 2011-02-19 21:51	93008	----a-w-	c:\windows\system32\mfcm100.dll
2011-02-19 21:51 . 2011-02-19 21:51	64336	----a-w-	c:\windows\system32\mfc100fra.dll
2011-02-19 21:51 . 2011-02-19 21:51	64336	----a-w-	c:\windows\system32\mfc100deu.dll
2011-02-19 21:51 . 2011-02-19 21:51	63824	----a-w-	c:\windows\system32\mfc100esn.dll
2011-02-19 21:51 . 2011-02-19 21:51	62288	----a-w-	c:\windows\system32\mfc100ita.dll
2011-02-19 21:51 . 2011-02-19 21:51	608080	----a-w-	c:\windows\system32\msvcp100.dll
2011-02-19 21:51 . 2011-02-19 21:51	60752	----a-w-	c:\windows\system32\mfc100rus.dll
2011-02-19 21:51 . 2011-02-19 21:51	57168	----a-w-	c:\windows\system32\vcomp100.dll
2011-02-19 21:51 . 2011-02-19 21:51	5601616	----a-w-	c:\windows\system32\mfc100u.dll
2011-02-19 21:51 . 2011-02-19 21:51	5574472	----a-w-	c:\windows\system32\mfc100.dll
2011-02-19 21:51 . 2011-02-19 21:51	55120	----a-w-	c:\windows\system32\mfc100enu.dll
2011-02-19 21:51 . 2011-02-19 21:51	43856	----a-w-	c:\windows\system32\mfc100jpn.dll
2011-02-19 21:51 . 2011-02-19 21:51	43344	----a-w-	c:\windows\system32\mfc100kor.dll
2011-02-19 21:51 . 2011-02-19 21:51	36176	----a-w-	c:\windows\system32\mfc100cht.dll
2011-02-19 21:51 . 2011-02-19 21:51	36176	----a-w-	c:\windows\system32\mfc100chs.dll
2011-02-19 21:51 . 2011-02-19 21:51	158536	----a-w-	c:\windows\system32\atl100.dll
2011-02-18 23:52 . 2011-02-18 23:52	829264	----a-w-	c:\windows\system32\msvcr100.dll
2011-02-18 14:42 . 2011-02-18 14:42	388096	----a-r-	c:\users\Michal Charvát\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-18 14:42 . 2011-02-18 14:42	388096	----a-r-	c:\users\Michal Charvát\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-17 17:21 . 2011-02-17 17:21	33344	----a-w-	c:\windows\system32\drivers\hamachi.sys
2011-02-07 07:34 . 2011-02-07 07:34	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-02-06 18:33 . 2011-02-06 18:33	794408	----a-w-	c:\windows\SysWow64\Pbsvc.exe
2011-02-06 18:33 . 2011-02-06 18:33	75064	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-02-03 06:54 . 2011-02-03 06:54	86016	----a-w-	c:\windows\SysWow64\frapsvid.dll
2011-02-03 06:54 . 2011-02-03 06:54	84992	----a-w-	c:\windows\system32\frapsv64.dll
2011-02-02 19:20 . 2011-02-02 19:20	116568	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-02 19:20 . 2011-02-02 19:20	83120	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-01-20 09:39 . 2011-02-02 18:47	7844688	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9AF1343-D3EA-47FE-BA3D-B6CBE06EF533}\mpengine.dll
2011-01-17 11:09 . 2011-02-23 19:04	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-17 05:47 . 2011-02-23 19:04	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2011-01-07 12:17 . 2011-02-23 10:48	475648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-01-07 12:17 . 2011-02-23 10:48	1465344	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-07 12:14 . 2011-02-10 07:56	46080	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 09:51 . 2011-02-10 07:57	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-01-07 09:20 . 2011-02-10 07:56	366592	----a-w-	c:\windows\system32\atmfd.dll
2011-01-07 07:46 . 2011-02-23 10:48	870912	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:46 . 2011-02-23 10:48	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-10 07:56	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2011-01-07 06:01 . 2011-02-10 07:57	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-01-07 05:43 . 2011-02-10 07:56	294400	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8CE7F568-67FA-4432-BA39-F5AFD68E7B8B}]
2011-03-12 14:46	125696	----a-w-	c:\users\Michal Charvát\AppData\Roaming\Speckie\Speckie32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayStatus"="c:\program files (x86)\TrayStatus\TrayStatus.exe" [2010-11-29 204008]
"Google Update"="c:\users\Michal Charvát\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-02-03 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-02-02 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]
"ghost"="c:\program files (x86)\GIGABYTE\GHOST(6980)\ghostopen.exe" [2010-02-08 192000]
"Tilt"="c:\program files (x86)\GIGABYTE\GHOST(6980)\Tilt.exe" [2009-06-26 724992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-01 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
R3 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\BF6A.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-29 28032]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-02-02 339624]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-02-02 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 03:17	302592	----a-w-	c:\windows\System32\cmd.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:44]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:44]
.
2011-04-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-04-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CE7F568-67FA-4432-BA39-F5AFD68E7B8B}]
2011-03-12 14:47	164608	----a-w-	c:\users\Michal Charvát\AppData\Roaming\Speckie\Speckie64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
.
.
------- Asociace souborů -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\BF6A.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Aktuality\V*`]
"Order"=hex:08,00,00,00,02,00,00,00,5e,02,00,00,01,00,00,00,06,00,00,00,58,00,
   00,00,fb,ff,ff,ff,4a,00,31,00,00,00,00,00,42,3e,f0,99,10,00,41,4c,50,31,00,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Aktuality\V*`\ALP1]
"Order"=hex:08,00,00,00,02,00,00,00,8c,00,00,00,01,00,00,00,01,00,00,00,80,00,
   00,00,00,00,00,00,72,00,32,00,b8,00,00,00,29,3e,08,6c,20,00,53,54,52,4e,4b,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\V*`]
"Order"=hex:08,00,00,00,02,00,00,00,5e,02,00,00,01,00,00,00,06,00,00,00,58,00,
   00,00,02,00,00,00,4a,00,31,00,00,00,00,00,42,3e,f0,99,10,00,41,4c,50,31,00,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\V*`\ALP1]
"Order"=hex:08,00,00,00,02,00,00,00,8c,00,00,00,01,00,00,00,01,00,00,00,80,00,
   00,00,00,00,00,00,72,00,32,00,b8,00,00,00,76,3e,d5,54,20,00,53,54,52,4e,4b,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\V*`\MAT1]
"Order"=hex:08,00,00,00,02,00,00,00,e8,01,00,00,01,00,00,00,04,00,00,00,7e,00,
   00,00,00,00,00,00,70,00,32,00,f8,00,00,00,76,3e,d5,54,20,00,46,49,4e,4b,2d,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\V*`\PAU]
"Order"=hex:08,00,00,00,02,00,00,00,90,00,00,00,01,00,00,00,01,00,00,00,84,00,
   00,00,00,00,00,00,76,00,32,00,be,00,00,00,57,3e,02,9d,20,00,53,54,55,44,49,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\V*`]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-04-06  19:59:51
ComboFix-quarantined-files.txt  2011-04-06 17:59
.
Před spuštěním: Volných bajtů: 342 666 682 368
Po spuštění: Volných bajtů: 342 736 932 864
.
- - End Of File - - 9EE09350EB2E3C1C23FDCC16CD39AF29

Díky za pomoc

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\BF6A.tmp
c:\windows\system32\393A.tmp

Driver::
MEMSWEEP2

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pustte. CF se spustí a vykoná příkazy ze skriptu.

[dog.big]

Dobrý večer,
Mohlo tedy jít o závažnější infekci? (vzhledem k tomu, že jsem objevil autorun.inf, které byly odstraněny skrze USBFix nástroj a zřejmě vznikli při přenosu dat z vedlejšího PC). Též podotýkám, že po provedení skriptu se start systému, resp. zalogování dosti zrychlilo. Přidávám logy z ComboFixu a RSIT po provedení výše uvedeného postupu:

ComboFix:

Kód: Vybrat vše

ComboFix 11-04-06.01 - Michal Charvát 06.04.2011  21:39:58.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.4031.2297 [GMT 2:00]
Spuštěný z: c:\users\Michal Charvát\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal Charvát\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\393A.tmp
c:\windows\system32\BF6A.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Ovladače/Služby   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MEMSWEEP2
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2011-03-06 do 2011-04-06  )))))))))))))))))))))))))))))))
.
.
2011-04-06 19:50 . 2011-04-06 19:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-06 18:09 . 2011-04-06 18:20	--------	d-----w-	C:\UsbFix
2011-04-06 16:11 . 2011-04-06 16:11	--------	d-----w-	c:\program files (x86)\ESET
2011-04-06 16:03 . 2011-04-06 16:03	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Malwarebytes
2011-04-06 16:03 . 2011-04-06 16:03	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-06 16:03 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-06 16:03 . 2011-04-06 16:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-06 12:20 . 2011-04-06 16:09	--------	d-----w-	c:\program files (x86)\Sophos
2011-04-06 12:07 . 2011-04-06 12:10	--------	d-----w-	c:\program files\trend micro
2011-04-06 11:55 . 2011-04-06 11:55	--------	d-----w-	C:\rsit
2011-04-06 10:15 . 2011-04-06 10:15	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2011-04-03 17:51 . 2011-04-03 17:51	--------	d-----w-	c:\users\Michal Charvát\pre
2011-04-02 17:42 . 2011-04-04 08:01	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\PrimoPDF
2011-04-02 17:42 . 2011-02-28 22:37	95008	----a-w-	c:\windows\system32\Primomonnt.dll
2011-04-02 17:42 . 2011-04-02 17:42	--------	d-----w-	c:\program files (x86)\Nitro PDF
2011-04-02 08:25 . 2011-04-02 08:25	163325	----a-w-	c:\windows\Burning Mill Advanced Uninstaller.exe
2011-04-02 08:25 . 2011-04-02 08:25	--------	d-----w-	c:\program files (x86)\Burning Mill Advanced
2011-04-02 08:25 . 2011-04-02 08:26	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\InfraRecorder
2011-04-02 08:25 . 2011-04-02 08:25	163262	----a-w-	c:\windows\Burning Mill Express Uninstaller.exe
2011-04-02 08:25 . 2011-04-02 08:25	--------	d-----w-	c:\program files (x86)\Burning Mill Express
2011-04-01 13:23 . 2011-04-02 18:38	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\.minecraft
2011-04-01 13:22 . 2011-04-01 13:22	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\.minecraft – kopie
2011-04-01 12:17 . 2011-04-01 12:18	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\.minecraft BACKUP
2011-04-01 12:08 . 2011-04-01 12:08	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\X
2011-04-01 07:20 . 2011-04-01 07:20	--------	d-----w-	c:\programdata\ATI
2011-04-01 07:17 . 2011-04-01 07:17	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2011-04-01 07:17 . 2011-04-01 07:17	--------	d-----w-	c:\program files (x86)\ATI Technologies
2011-04-01 07:17 . 2011-04-01 07:17	--------	d-----w-	c:\program files\ATI Technologies
2011-04-01 07:17 . 2011-04-01 07:17	--------	d-----w-	c:\program files\ATI
2011-03-31 10:10 . 2011-03-31 10:11	--------	d-----w-	C:\po
2011-03-31 09:45 . 2011-03-31 11:24	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\lazarus
2011-03-31 09:40 . 2011-03-31 10:02	--------	d-----w-	C:\Lazarus
2011-03-30 09:27 . 2011-03-30 09:27	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Mozilla
2011-03-24 10:02 . 2011-03-24 10:02	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\Mozilla
2011-03-24 09:54 . 2011-03-24 09:54	--------	d-----w-	c:\programdata\Creative
2011-03-24 09:54 . 2011-03-24 09:54	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Creative
2011-03-24 08:18 . 2011-03-24 08:18	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2011-03-19 22:47 . 2011-03-19 22:47	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\{17D37B7D-2138-4D3B-A0C3-B31773CFA92E}
2011-03-19 22:44 . 2011-03-19 22:45	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\dvdcss
2011-03-19 22:44 . 2011-03-19 22:44	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\All Free DVD Ripper
2011-03-19 22:44 . 2005-02-24 10:51	348160	----a-w-	c:\windows\SysWow64\NCTWMAFile2.dll
2011-03-19 22:44 . 2005-05-18 10:52	1212416	----a-w-	c:\windows\SysWow64\NCTAudioInformation2.dll
2011-03-19 22:44 . 2005-05-17 11:37	1986560	----a-w-	c:\windows\SysWow64\NCTAudioFile2.dll
2011-03-19 22:44 . 2005-04-25 12:01	458752	----a-w-	c:\windows\SysWow64\NCTAudioRecord2.dll
2011-03-19 22:44 . 2005-04-25 12:01	458752	----a-w-	c:\windows\SysWow64\NCTAudioPlayer2.dll
2011-03-19 22:44 . 2002-01-05 15:37	344064	----a-w-	c:\windows\SysWow64\msvcr70.dll
2011-03-19 22:44 . 2011-03-19 22:44	--------	d-----w-	c:\program files (x86)\All Free DVD Ripper
2011-03-19 22:37 . 2011-03-19 22:37	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\StaxRip
2011-03-19 22:29 . 2011-03-19 22:29	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\Microsoft Games
2011-03-19 22:28 . 2011-03-19 22:29	--------	d--h--w-	c:\program files (x86)\InstallJammer Registry
2011-03-19 22:26 . 2011-03-19 22:26	99384	----a-w-	c:\users\Michal Charvát\AppData\Roaming\inst.exe
2011-03-19 22:26 . 2011-03-19 22:26	82816	----a-w-	c:\users\Michal Charvát\AppData\Roaming\pcouffin.sys
2011-03-19 22:26 . 2011-03-19 22:26	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Vso
2011-03-19 22:19 . 2011-03-19 22:19	--------	d--h--w-	c:\users\Michal Charvát\.dvdcss
2011-03-19 22:19 . 2011-03-19 22:19	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Digiarty
2011-03-19 22:14 . 2011-03-19 22:14	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\HandBrake
2011-03-19 22:14 . 2011-03-19 22:14	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\HandBrake
2011-03-19 22:14 . 2011-03-19 22:15	--------	d-----w-	c:\program files (x86)\Handbrake
2011-03-19 21:25 . 2011-03-19 21:25	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\{4DE86883-FDFF-4679-BA0B-3AFF010F0D71}
2011-03-19 21:24 . 2011-03-19 21:24	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\{F7989577-B4CC-433B-AEF9-CF159A831332}
2011-03-19 13:19 . 2011-03-21 09:13	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Speckie
2011-03-18 13:35 . 2011-03-18 13:36	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\{B46DB41C-5C02-41F5-87EE-9BB9B4FF597F}
2011-03-18 13:35 . 2011-03-18 13:36	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\{F7163FD2-D99A-444E-9F8B-B5197BCC8086}
2011-03-18 12:53 . 2011-03-18 12:53	--------	d-----w-	c:\program files (x86)\WinSCP
2011-03-17 08:03 . 2011-03-17 08:03	--------	d-----w-	c:\users\Michal Charvát\AppData\Local\Diagnostics
2011-03-12 16:24 . 2011-03-12 16:24	--------	d-----w-	C:\PFiles
2011-03-10 15:43 . 2011-03-10 15:43	--------	d-----w-	c:\program files (x86)\GIGABYTE
2011-03-10 09:59 . 2011-03-10 09:59	--------	d-----w-	c:\programdata\VS
2011-03-10 09:46 . 2011-03-10 10:31	2391392	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1029\ResourceCache.dll
2011-03-10 09:44 . 2011-03-10 09:44	--------	d-----w-	c:\program files (x86)\Microsoft F#
2011-03-10 09:44 . 2011-03-10 09:44	--------	d-----w-	c:\windows\SysWow64\1029
2011-03-08 10:08 . 2011-03-08 10:08	--------	d-----w-	c:\users\Michal Charvát\AppData\Roaming\Notepad++
2011-03-08 09:48 . 2011-03-08 09:48	--------	d-----w-	C:\Octave
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 08:29 . 2011-02-06 18:37	234536	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-03-24 08:29 . 2011-02-06 18:33	234536	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-03-20 11:54 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-19 22:26 . 2011-03-19 22:26	99384	----a-w-	c:\users\Michal Charvát\AppData\Roaming\inst.exe
2011-03-19 22:26 . 2011-03-19 22:26	99384	----a-w-	c:\users\Michal Charvát\AppData\Roaming\inst.exe
2011-03-19 22:26 . 2011-03-19 22:26	82816	----a-w-	c:\users\Michal Charvát\AppData\Roaming\pcouffin.sys
2011-03-19 22:26 . 2011-03-19 22:26	82816	----a-w-	c:\users\Michal Charvát\AppData\Roaming\pcouffin.sys
2011-03-10 10:31 . 2011-02-02 20:03	2421120	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-02-24 19:55 . 2010-10-19 06:54	521448	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-23 19:08 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-02-23 19:08 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-02-20 04:04 . 2011-02-20 04:04	65872	----a-w-	c:\windows\SysWow64\VSCover100.dll
2011-02-20 04:04 . 2011-02-20 04:04	145744	----a-w-	c:\windows\system32\VSPerf100.dll
2011-02-20 04:04 . 2011-02-20 04:04	111440	----a-w-	c:\windows\SysWow64\VSPerf100.dll
2011-02-20 01:01 . 2011-02-20 01:01	743760	----a-w-	c:\windows\SysWow64\msvcp100d.dll
2011-02-20 01:01 . 2011-02-20 01:01	1505104	----a-w-	c:\windows\SysWow64\msvcr100d.dll
2011-02-20 00:56 . 2011-02-20 00:56	7124304	----a-w-	c:\windows\SysWow64\mfc100ud.dll
2011-02-20 00:56 . 2011-02-20 00:56	7055696	----a-w-	c:\windows\SysWow64\mfc100d.dll
2011-02-20 00:56 . 2011-02-20 00:56	105296	----a-w-	c:\windows\SysWow64\mfcm100ud.dll
2011-02-20 00:56 . 2011-02-20 00:56	103760	----a-w-	c:\windows\SysWow64\mfcm100d.dll
2011-02-20 00:49 . 2011-02-20 00:49	87888	----a-w-	c:\windows\SysWow64\vcomp100d.dll
2011-02-19 23:49 . 2011-02-19 23:49	9209680	----a-w-	c:\windows\system32\mfc100ud.dll
2011-02-19 23:49 . 2011-02-19 23:49	9132880	----a-w-	c:\windows\system32\mfc100d.dll
2011-02-19 23:49 . 2011-02-19 23:49	1873232	----a-w-	c:\windows\system32\msvcr100d.dll
2011-02-19 23:49 . 2011-02-19 23:49	121168	----a-w-	c:\windows\system32\mfcm100ud.dll
2011-02-19 23:49 . 2011-02-19 23:49	119632	----a-w-	c:\windows\system32\mfcm100d.dll
2011-02-19 23:49 . 2011-02-19 23:49	106832	----a-w-	c:\windows\system32\vcomp100d.dll
2011-02-19 23:49 . 2011-02-19 23:49	1014096	----a-w-	c:\windows\system32\msvcp100d.dll
2011-02-19 22:03 . 2011-02-19 22:03	81744	----a-w-	c:\windows\SysWow64\mfcm100u.dll
2011-02-19 22:03 . 2011-02-19 22:03	81744	----a-w-	c:\windows\SysWow64\mfcm100.dll
2011-02-19 22:03 . 2011-02-19 22:03	64336	----a-w-	c:\windows\SysWow64\mfc100fra.dll
2011-02-19 22:03 . 2011-02-19 22:03	64336	----a-w-	c:\windows\SysWow64\mfc100deu.dll
2011-02-19 22:03 . 2011-02-19 22:03	63824	----a-w-	c:\windows\SysWow64\mfc100esn.dll
2011-02-19 22:03 . 2011-02-19 22:03	62288	----a-w-	c:\windows\SysWow64\mfc100ita.dll
2011-02-19 22:03 . 2011-02-19 22:03	60752	----a-w-	c:\windows\SysWow64\mfc100rus.dll
2011-02-19 22:03 . 2011-02-19 22:03	55120	----a-w-	c:\windows\SysWow64\mfc100enu.dll
2011-02-19 22:03 . 2011-02-19 22:03	51024	----a-w-	c:\windows\SysWow64\vcomp100.dll
2011-02-19 22:03 . 2011-02-19 22:03	4422992	----a-w-	c:\windows\SysWow64\mfc100u.dll
2011-02-19 22:03 . 2011-02-19 22:03	4397384	----a-w-	c:\windows\SysWow64\mfc100.dll
2011-02-19 22:03 . 2011-02-19 22:03	43856	----a-w-	c:\windows\SysWow64\mfc100jpn.dll
2011-02-19 22:03 . 2011-02-19 22:03	43344	----a-w-	c:\windows\SysWow64\mfc100kor.dll
2011-02-19 22:03 . 2011-02-19 22:03	36176	----a-w-	c:\windows\SysWow64\mfc100cht.dll
2011-02-19 22:03 . 2011-02-19 22:03	36176	----a-w-	c:\windows\SysWow64\mfc100chs.dll
2011-02-19 22:03 . 2011-02-19 22:03	138056	----a-w-	c:\windows\SysWow64\atl100.dll
2011-02-19 21:51 . 2011-02-19 21:51	93008	----a-w-	c:\windows\system32\mfcm100u.dll
2011-02-19 21:51 . 2011-02-19 21:51	93008	----a-w-	c:\windows\system32\mfcm100.dll
2011-02-19 21:51 . 2011-02-19 21:51	64336	----a-w-	c:\windows\system32\mfc100fra.dll
2011-02-19 21:51 . 2011-02-19 21:51	64336	----a-w-	c:\windows\system32\mfc100deu.dll
2011-02-19 21:51 . 2011-02-19 21:51	63824	----a-w-	c:\windows\system32\mfc100esn.dll
2011-02-19 21:51 . 2011-02-19 21:51	62288	----a-w-	c:\windows\system32\mfc100ita.dll
2011-02-19 21:51 . 2011-02-19 21:51	608080	----a-w-	c:\windows\system32\msvcp100.dll
2011-02-19 21:51 . 2011-02-19 21:51	60752	----a-w-	c:\windows\system32\mfc100rus.dll
2011-02-19 21:51 . 2011-02-19 21:51	57168	----a-w-	c:\windows\system32\vcomp100.dll
2011-02-19 21:51 . 2011-02-19 21:51	5601616	----a-w-	c:\windows\system32\mfc100u.dll
2011-02-19 21:51 . 2011-02-19 21:51	5574472	----a-w-	c:\windows\system32\mfc100.dll
2011-02-19 21:51 . 2011-02-19 21:51	55120	----a-w-	c:\windows\system32\mfc100enu.dll
2011-02-19 21:51 . 2011-02-19 21:51	43856	----a-w-	c:\windows\system32\mfc100jpn.dll
2011-02-19 21:51 . 2011-02-19 21:51	43344	----a-w-	c:\windows\system32\mfc100kor.dll
2011-02-19 21:51 . 2011-02-19 21:51	36176	----a-w-	c:\windows\system32\mfc100cht.dll
2011-02-19 21:51 . 2011-02-19 21:51	36176	----a-w-	c:\windows\system32\mfc100chs.dll
2011-02-19 21:51 . 2011-02-19 21:51	158536	----a-w-	c:\windows\system32\atl100.dll
2011-02-18 23:52 . 2011-02-18 23:52	829264	----a-w-	c:\windows\system32\msvcr100.dll
2011-02-18 14:42 . 2011-02-18 14:42	388096	----a-r-	c:\users\Michal Charvát\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-18 14:42 . 2011-02-18 14:42	388096	----a-r-	c:\users\Michal Charvát\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-17 17:21 . 2011-02-17 17:21	33344	----a-w-	c:\windows\system32\drivers\hamachi.sys
2011-02-07 07:34 . 2011-02-07 07:34	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-02-06 18:33 . 2011-02-06 18:33	794408	----a-w-	c:\windows\SysWow64\Pbsvc.exe
2011-02-06 18:33 . 2011-02-06 18:33	75064	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-02-03 06:54 . 2011-02-03 06:54	86016	----a-w-	c:\windows\SysWow64\frapsvid.dll
2011-02-03 06:54 . 2011-02-03 06:54	84992	----a-w-	c:\windows\system32\frapsv64.dll
2011-02-02 19:20 . 2011-02-02 19:20	116568	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-02 19:20 . 2011-02-02 19:20	83120	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-01-20 09:39 . 2011-02-02 18:47	7844688	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9AF1343-D3EA-47FE-BA3D-B6CBE06EF533}\mpengine.dll
2011-01-17 11:09 . 2011-02-23 19:04	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-17 05:47 . 2011-02-23 19:04	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2011-01-07 12:17 . 2011-02-23 10:48	475648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-01-07 12:17 . 2011-02-23 10:48	1465344	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-07 12:14 . 2011-02-10 07:56	46080	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 09:51 . 2011-02-10 07:57	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-01-07 09:20 . 2011-02-10 07:56	366592	----a-w-	c:\windows\system32\atmfd.dll
2011-01-07 07:46 . 2011-02-23 10:48	870912	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:46 . 2011-02-23 10:48	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-10 07:56	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2011-01-07 06:01 . 2011-02-10 07:57	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-01-07 05:43 . 2011-02-10 07:56	294400	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-06_17.56.24   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-06 15:31	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-06 19:10	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-06 19:10	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-06 15:31	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-06 15:31	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-06 19:10	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-04-06 19:11	45640              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-02-02 16:08 . 2011-04-06 11:31	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 16:08 . 2011-04-06 19:52	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-02 16:08 . 2011-04-06 11:31	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-02 16:08 . 2011-04-06 19:52	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-06 19:52	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-06 11:31	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-02 19:09 . 2011-04-06 19:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-02 19:09 . 2011-04-06 17:09	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 19:09 . 2011-04-06 19:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-02 19:09 . 2011-04-06 17:09	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-02 12:58 . 2011-04-06 19:11	9218              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3847059355-3794568477-1451639886-1000_UserData.bin
- 2010-10-19 07:33 . 2011-04-06 11:06	3305              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-10-19 07:33 . 2011-04-06 19:51	3305              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-04-06 19:52 . 2011-04-06 19:52	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-06 11:31 . 2011-04-06 11:31	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-06 11:31 . 2011-04-06 11:31	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-06 19:52 . 2011-04-06 19:52	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-04-06 19:51	434572              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-04-06 11:06	434572              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-03 13:27 . 2011-04-06 19:08	6941655              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3847059355-3794568477-1451639886-1000-8192.dat
- 2011-02-03 13:27 . 2011-04-05 20:02	6941655              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3847059355-3794568477-1451639886-1000-8192.dat
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8CE7F568-67FA-4432-BA39-F5AFD68E7B8B}]
2011-03-12 14:46	125696	----a-w-	c:\users\Michal Charvát\AppData\Roaming\Speckie\Speckie32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayStatus"="c:\program files (x86)\TrayStatus\TrayStatus.exe" [2010-11-29 204008]
"Google Update"="c:\users\Michal Charvát\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-02-03 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-02-02 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]
"ghost"="c:\program files (x86)\GIGABYTE\GHOST(6980)\ghostopen.exe" [2010-02-08 192000]
"Tilt"="c:\program files (x86)\GIGABYTE\GHOST(6980)\Tilt.exe" [2009-06-26 724992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-01 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
R3 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-29 28032]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-02-02 339624]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-02-02 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 03:17	302592	----a-w-	c:\windows\System32\cmd.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:44]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:44]
.
2011-04-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-04-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CE7F568-67FA-4432-BA39-F5AFD68E7B8B}]
2011-03-12 14:47	164608	----a-w-	c:\users\Michal Charvát\AppData\Roaming\Speckie\Speckie64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF31420.cfxxe" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Aktuality\V*`]
"Order"=hex:08,00,00,00,02,00,00,00,5e,02,00,00,01,00,00,00,06,00,00,00,58,00,
   00,00,fb,ff,ff,ff,4a,00,31,00,00,00,00,00,42,3e,f0,99,10,00,41,4c,50,31,00,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Aktuality\V*`\ALP1]
"Order"=hex:08,00,00,00,02,00,00,00,8c,00,00,00,01,00,00,00,01,00,00,00,80,00,
   00,00,00,00,00,00,72,00,32,00,b8,00,00,00,29,3e,08,6c,20,00,53,54,52,4e,4b,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\V*`]
"Order"=hex:08,00,00,00,02,00,00,00,5e,02,00,00,01,00,00,00,06,00,00,00,58,00,
   00,00,02,00,00,00,4a,00,31,00,00,00,00,00,42,3e,f0,99,10,00,41,4c,50,31,00,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\V*`\ALP1]
"Order"=hex:08,00,00,00,02,00,00,00,8c,00,00,00,01,00,00,00,01,00,00,00,80,00,
   00,00,00,00,00,00,72,00,32,00,b8,00,00,00,76,3e,d5,54,20,00,53,54,52,4e,4b,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\V*`\MAT1]
"Order"=hex:08,00,00,00,02,00,00,00,e8,01,00,00,01,00,00,00,04,00,00,00,7e,00,
   00,00,00,00,00,00,70,00,32,00,f8,00,00,00,76,3e,d5,54,20,00,46,49,4e,4b,2d,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\V*`\PAU]
"Order"=hex:08,00,00,00,02,00,00,00,90,00,00,00,01,00,00,00,01,00,00,00,84,00,
   00,00,00,00,00,00,76,00,32,00,be,00,00,00,57,3e,02,9d,20,00,53,54,55,44,49,\
.
[HKEY_USERS\S-1-5-21-3847059355-3794568477-1451639886-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\V*`]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2011-04-06  21:57:58 - počítač byl restartován
ComboFix-quarantined-files.txt  2011-04-06 19:57
.
Před spuštěním: Volných bajtů: 342 605 840 384
Po spuštění: Volných bajtů: 342 280 511 488
.
- - End Of File - - CC9D9D2B49D403B5CAF7DF4C3B476CE0
Nahr nˇ probŘhlo ŁspŘçnŘ 

[Rudy]

Log již vypadá čistý. Kdyby to znovu hodilo BSOD, dejte vědět.

[dog.big]

Dobrý den,
Děkuji za pomoc .

[Rudy]

Rádo se stalo!

[dog.big]

Zdravím,
po nějaké době se začal vyskytovat autorun.inf na disku C:\ dle informačního dialogu antviriu Avira:


Jaké navrhujete další postupy? Děkuji za pomoc.

[JaRon]

ahoj,
otvor subor autorun.inf v notepade - jeho obsah vloz sem