VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

nod blokuje tooldawn.com

https://forum.viry.cz:443/viewtopic.php?t=108314

Stránka 1 z 2

nod blokuje tooldawn.com

Napsal: 09 led 2011 04:25
od kloboucznick
Dobrý den, pravděpodobně po instalaci souboru z http://nebezpecna_stranka.su mi NOD začal opakovaně hlásit zamítnutí připojení k tooldawn.com/.... (IP adresa 64.120.244.196:80) Nalezl jsem podobný problém na vašem fóru http://www.viry.cz/forum/viewtopic.php? ... 22&start=0 , ale raději se zeptám zkušených, než se začnu vrtat v systému.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Matiášek at 2011-01-09 02:56:30
Microsoft Windows 7 Home Premium
System drive C: has 255 GB (55%) free of 462 GB
Total RAM: 4092 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:56:35, on 9.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\SeaMonkey\seamonkey.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\Gfihia.exe
C:\Users\MATIEK~1\AppData\Local\Temp\Gmg.exe
C:\Program Files\trend micro\Matiášek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [JP595IR86O] C:\Users\MATIEK~1\AppData\Local\Temp\Gmg.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13581 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\SysWOW64\svchost.exe -k netsvcs
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"taskhost.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2232
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
"C:\Program Files\Java\jre6\bin\jusched.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\IDT\WDM\sttray64.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
ArcCon.ac 66064 0
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
taskeng.exe {6F8E20D2-C8D1-4910-8B65-67EBB196DC63}
"c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
"c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe"
"C:\Program Files (x86)\SeaMonkey\seamonkey.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe" -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><ID>5565</ID><Title>HP Wireless Assistant</Title><Text>Zařízení WLAN : Vypnuto
Rozhraní Bluetooth(r): Vypnuto</Text><IconPath>C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\images\wireless_off.ico</IconPath><Path>C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe</Path><Parameters>SHOWSTATUS</Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\totalcmd\TOTALCMD.EXE"
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
C:\Windows\splwow64.exe 2
C:\Windows\Gfihia.exe
C:\Users\MATIEK~1\AppData\Local\Temp\Gmg.exe
"C:\Users\Matiášek\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-12 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 2096424]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2009-08-25 610872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-12 171520]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-02-26 2837768]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-03-23 487424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"JP595IR86O"=C:\Users\MATIEK~1\AppData\Local\Temp\Gmg.exe [2011-01-09 226816]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-04 98304]
"HPCam_Menu"=c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-08-20 322104]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2009-09-02 60464]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2010-09-23 38840]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-09-22 640440]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2009-12-12 52272]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-09 02:56:30 ----D---- C:\rsit
2011-01-09 02:56:30 ----D---- C:\Program Files\trend micro
2011-01-09 00:50:33 ----A---- C:\Windows\Gfihia.exe
2011-01-08 23:38:01 ----D---- C:\Users\Matiášek\AppData\Roaming\Babylon
2011-01-03 23:43:48 ----D---- C:\Program Files (x86)\LizardTech
2011-01-03 23:32:17 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-01-03 23:32:17 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-01-03 23:32:17 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-01-03 23:32:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-01-03 23:32:16 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-01-03 23:32:15 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-01-03 23:32:15 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-01-03 23:32:14 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-01-03 23:32:14 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-01-03 23:32:13 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2011-01-03 23:32:13 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-01-03 23:32:12 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-01-03 23:32:12 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-01-03 23:32:11 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-01-03 23:32:11 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-01-03 23:32:11 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-01-03 23:32:11 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-01-03 23:32:11 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-01-03 23:32:11 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-01-03 23:32:11 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-01-03 23:32:10 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-01-03 23:32:10 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2011-01-03 23:32:10 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-01-03 23:32:10 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-01-03 23:32:10 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-01-03 23:32:10 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-01-03 23:32:10 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-01-03 23:32:10 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-01-03 23:32:08 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-01-03 23:32:08 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-01-03 23:32:08 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-01-03 23:32:08 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-01-03 23:32:08 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-01-03 23:32:08 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-01-03 23:32:08 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-01-03 23:32:08 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-01-03 23:32:07 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2011-01-03 23:32:07 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2011-01-03 23:32:07 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2011-01-03 23:32:07 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2011-01-03 23:32:07 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-01-03 23:32:07 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-01-03 23:32:07 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-01-03 23:32:07 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-01-03 23:32:07 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-01-03 23:32:07 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-01-03 23:32:06 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-01-03 23:32:06 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-01-03 23:32:06 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-01-03 23:32:06 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-01-03 23:32:05 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2011-01-03 23:32:05 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-01-03 23:32:04 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2011-01-03 23:32:04 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2011-01-03 23:32:04 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2011-01-03 23:32:04 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2011-01-03 23:32:04 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-01-03 23:32:04 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-01-03 23:32:04 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-01-03 23:32:04 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-01-03 23:32:03 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2011-01-03 23:32:03 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-01-03 23:32:02 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2011-01-03 23:32:02 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-01-03 23:32:01 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2011-01-03 23:32:01 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2011-01-03 23:32:01 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-01-03 23:32:01 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-01-03 23:32:00 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2011-01-03 23:32:00 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-01-03 23:31:59 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2011-01-03 23:31:59 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-01-03 23:31:58 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-01-03 23:31:58 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-01-03 23:31:58 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-01-03 23:31:58 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-01-03 23:31:57 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2011-01-03 23:31:57 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-01-03 23:31:56 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2011-01-03 23:31:56 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2011-01-03 23:31:56 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-01-03 23:31:56 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-01-03 23:31:55 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2011-01-03 23:31:55 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2011-01-03 23:31:55 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-01-03 23:31:55 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-01-03 23:31:54 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2011-01-03 23:31:54 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-01-03 23:31:53 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2011-01-03 23:31:53 ----A---- C:\Windows\system32\xinput1_3.dll
2011-01-03 23:31:52 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2011-01-03 23:31:52 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-01-03 23:31:51 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2011-01-03 23:31:51 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2011-01-03 23:31:51 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-01-03 23:31:51 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-01-03 23:31:50 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2011-01-03 23:31:50 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2011-01-03 23:31:50 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2011-01-03 23:31:50 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-01-03 23:31:50 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-01-03 23:31:50 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-01-03 23:31:49 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2011-01-03 23:31:49 ----A---- C:\Windows\system32\d3dx10.dll
2011-01-03 23:31:48 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2011-01-03 23:31:48 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2011-01-03 23:31:48 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2011-01-03 23:31:48 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-01-03 23:31:48 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-01-03 23:31:48 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-01-03 23:31:47 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2011-01-03 23:31:47 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-01-03 23:31:47 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2011-01-03 23:31:47 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-01-03 23:31:47 ----A---- C:\Windows\system32\xinput1_2.dll
2011-01-03 23:31:47 ----A---- C:\Windows\system32\xinput1_1.dll
2011-01-03 23:31:47 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-01-03 23:31:47 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-01-03 23:31:46 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-01-03 23:31:46 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-01-03 23:31:39 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-01-03 23:31:39 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-01-03 23:31:38 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-01-03 23:31:38 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-01-03 23:31:38 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-01-03 23:31:38 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-01-03 23:31:37 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-01-03 23:31:37 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-01-03 23:31:36 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-01-03 23:31:36 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-01-03 23:31:35 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-01-03 23:31:35 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-01-03 23:31:34 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-01-03 23:31:34 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-01-03 23:31:33 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-01-03 23:31:33 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-01-03 23:31:33 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-01-03 23:31:33 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-01-03 23:16:30 ----D---- C:\Users\Matiášek\AppData\Roaming\LizardTech
2011-01-02 23:45:25 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-01-02 23:45:25 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-01-02 23:45:25 ----A---- C:\Windows\SYSWOW64\java.exe
2011-01-02 23:27:20 ----D---- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-24 22:36:37 ----A---- C:\Windows\ViewNX2.INI
2010-12-24 22:21:22 ----D---- C:\Users\Matiášek\AppData\Roaming\Nikon
2010-12-24 22:20:12 ----HD---- C:\ProgramData\ArcSoft
2010-12-24 22:19:25 ----D---- C:\Program Files (x86)\ArcSoft
2010-12-24 22:18:52 ----D---- C:\Users\Matiášek\AppData\Roaming\ArcSoft
2010-12-24 22:16:47 ----D---- C:\ProgramData\PrintingModule
2010-12-24 22:16:46 ----D---- C:\ProgramData\Ultima_T15
2010-12-24 22:16:46 ----D---- C:\ProgramData\Plugins
2010-12-24 22:16:46 ----D---- C:\ProgramData\Pick Bass
2010-12-24 22:16:46 ----D---- C:\ProgramData\EnterNHelp
2010-12-24 22:16:29 ----D---- C:\Program Files (x86)\Nikon
2010-12-24 22:15:54 ----D---- C:\ProgramData\Apple
2010-12-24 14:04:15 ----D---- C:\Users\Matiášek\AppData\Roaming\Recordpad
2010-12-24 14:03:23 ----D---- C:\Users\Matiášek\AppData\Roaming\NCH Swift Sound
2010-12-24 14:03:23 ----D---- C:\ProgramData\NCH Swift Sound
2010-12-24 14:03:23 ----D---- C:\Program Files (x86)\NCH Swift Sound
2010-12-20 01:26:22 ----D---- C:\Users\Matiášek\AppData\Roaming\ImgBurn
2010-12-20 01:21:32 ----D---- C:\Program Files (x86)\ImgBurn
2010-12-14 20:02:24 ----A---- C:\Windows\system32\consent.exe
2010-12-14 20:02:23 ----A---- C:\Windows\system32\mshtml.dll
2010-12-14 20:02:22 ----A---- C:\Windows\system32\iertutil.dll
2010-12-14 20:02:21 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-14 20:02:21 ----A---- C:\Windows\system32\mstime.dll
2010-12-14 20:02:21 ----A---- C:\Windows\system32\ieframe.dll
2010-12-14 20:02:20 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-14 20:02:18 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-14 20:02:16 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-14 20:02:16 ----A---- C:\Windows\system32\wininet.dll
2010-12-14 20:02:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-14 20:02:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-14 20:02:14 ----A---- C:\Windows\system32\urlmon.dll
2010-12-14 20:02:14 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-14 20:02:13 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\ieui.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\iepeers.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-14 20:02:08 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-14 20:02:08 ----A---- C:\Windows\system32\tzres.dll
2010-12-14 20:02:02 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-14 20:02:02 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-14 20:02:02 ----A---- C:\Windows\system32\taskschd.dll
2010-12-14 20:02:02 ----A---- C:\Windows\system32\taskeng.exe
2010-12-14 20:02:02 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-14 20:02:02 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-14 20:02:01 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-14 20:02:01 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2010-12-14 20:02:01 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2010-12-14 20:02:01 ----A---- C:\Windows\system32\schtasks.exe
2010-12-14 20:01:57 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-14 20:01:57 ----A---- C:\Windows\system32\atmfd.dll
2010-12-14 20:01:56 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-14 20:01:56 ----A---- C:\Windows\system32\atmlib.dll
2010-12-14 20:01:53 ----A---- C:\Windows\system32\win32k.sys
2010-12-14 20:01:51 ----A---- C:\Windows\SYSWOW64\webio.dll
2010-12-14 20:01:51 ----A---- C:\Windows\system32\webio.dll
2010-12-14 19:53:09 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2010-12-14 19:53:09 ----A---- C:\Windows\system32\drivers\sdbus.sys
2010-12-12 17:08:58 ----D---- C:\fleška

======List of files/folders modified in the last 1 months======

2011-01-09 02:56:31 ----D---- C:\Windows\Temp
2011-01-09 02:56:30 ----RD---- C:\Program Files
2011-01-09 02:49:02 ----D---- C:\Windows\Tasks
2011-01-09 02:12:48 ----HD---- C:\ProgramData
2011-01-09 01:40:20 ----D---- C:\Windows\system32\Tasks
2011-01-09 01:15:04 ----D---- C:\Users\Matiášek\AppData\Roaming\BitTorrent
2011-01-09 00:50:33 ----D---- C:\Windows
2011-01-08 23:47:03 ----RD---- C:\Program Files (x86)\Online Services
2011-01-08 23:45:17 ----D---- C:\Windows\Prefetch
2011-01-08 21:20:10 ----A---- C:\ProgramData\HPWALog.txt
2011-01-08 15:22:53 ----D---- C:\Windows\system32\config
2011-01-08 15:14:07 ----D---- C:\Users\Matiášek\AppData\Roaming\dvdcss
2011-01-08 13:45:18 ----D---- C:\Users\Matiášek\AppData\Roaming\XnView
2011-01-08 11:16:21 ----D---- C:\Windows\System32
2011-01-08 11:16:21 ----D---- C:\Windows\inf
2011-01-08 11:16:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-08 11:13:10 ----D---- C:\Program Files (x86)\SeaMonkey
2011-01-07 12:50:51 ----D---- C:\Windows\system32\NDF
2011-01-07 09:47:21 ----D---- C:\Windows\system32\catroot2
2011-01-07 09:47:15 ----SHD---- C:\System Volume Information
2011-01-06 22:48:47 ----SD---- C:\Users\Matiášek\AppData\Roaming\Microsoft
2011-01-06 21:21:24 ----D---- C:\Users\Matiášek\AppData\Roaming\Hewlett-Packard
2011-01-06 15:12:41 ----D---- C:\Windows\system32\DriverStore
2011-01-05 13:34:29 ----D---- C:\Users\Matiášek\AppData\Roaming\Adobe
2011-01-03 23:43:48 ----RD---- C:\Program Files (x86)
2011-01-03 23:43:48 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-01-03 23:32:17 ----D---- C:\Windows\SysWOW64
2011-01-03 23:31:46 ----RSD---- C:\Windows\assembly
2011-01-03 23:31:40 ----D---- C:\Windows\Microsoft.NET
2011-01-03 23:07:48 ----SHD---- C:\Windows\Installer
2011-01-03 23:07:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-01-02 23:45:13 ----D---- C:\Program Files (x86)\Java
2011-01-02 23:31:25 ----D---- C:\Users\Matiášek\AppData\Roaming\hpqlog
2011-01-02 23:31:16 ----D---- C:\Windows\Help
2011-01-02 23:31:12 ----D---- C:\Windows\winsxs
2011-01-02 23:28:16 ----D---- C:\Program Files (x86)\Hewlett-Packard
2010-12-30 17:17:13 ----D---- C:\SwSetup
2010-12-30 17:15:19 ----D---- C:\ProgramData\Hewlett-Packard
2010-12-27 16:40:49 ----D---- C:\Users\Matiášek\AppData\Roaming\vlc
2010-12-24 22:59:33 ----D---- C:\Windows\system32\drivers
2010-12-24 22:59:29 ----D---- C:\Windows\system32\drivers\UMDF
2010-12-24 22:44:47 ----D---- C:\ProgramData\CyberLink
2010-12-24 22:43:48 ----D---- C:\Users\Matiášek\AppData\Roaming\CyberLink
2010-12-24 22:19:25 ----D---- C:\Program Files (x86)\Common Files
2010-12-24 22:16:38 ----A---- C:\Windows\SYSWOW64\ATL71.DLL
2010-12-24 22:16:26 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-23 20:59:58 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-12-16 11:30:41 ----D---- C:\Windows\rescache
2010-12-15 05:59:23 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-15 05:59:23 ----D---- C:\Windows\system32\cs-CZ
2010-12-15 05:59:22 ----D---- C:\Program Files\Windows Mail
2010-12-15 05:59:21 ----D---- C:\Windows\SYSWOW64\migration
2010-12-15 05:59:21 ----D---- C:\Program Files\Internet Explorer
2010-12-15 05:59:21 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-15 05:59:20 ----D---- C:\Windows\system32\migration
2010-12-15 00:06:26 ----D---- C:\ProgramData\Microsoft Help
2010-12-15 00:05:58 ----D---- C:\Windows\system32\catroot
2010-12-15 00:04:35 ----A---- C:\Windows\system32\MRT.exe
2010-12-12 23:10:40 ----D---- C:\Program Files (x86)\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-02-26 139704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-02-26 163888]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-02-26 124760]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-09-21 1484800]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-24 119312]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-05 6038016]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-09-17 21160]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-03-23 505344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 320560]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-09-17 98344]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-09-17 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-05 203264]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-09-04 873248]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-02-26 810120]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-11-15 126520]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2009-07-08 30520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [2010-03-23 247808]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-10-14 751672]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-02-26 42336]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-18 651720]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2009-06-06 250616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1255736]

-----------------EOF-----------------

Re: nod blokuje tooldawn.com

Napsal: 09 led 2011 08:20
od vyosek
Zdravim, pekny den preji a vitam Vas u nas na foru :welcome:

:arrow: No havet si tam krasne zije :arcisit:

:arrow: To co jste stahoval je nejaky crack ci co :o

:arrow: Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

:arrow: Predpokladam ze NOD mate legalni = zakoupena licence

Re: nod blokuje tooldawn.com

Napsal: 09 led 2011 12:50
od kloboucznick
stahoval jsem knihu sto let starou, nod mám samozřejmě legální. Dík za odpověď, připojuji info.txt

info.txt logfile of random's system information tool 1.08 2011-01-09 02:56:37

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Farm Frenzy\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mah Jong Medley\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\StoneLoops of Jurassica\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Super Collapse 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\THE GAME OF LIFE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Families\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\World of Goo\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Yahtzee\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak-->msiexec /I {AC76BA86-1029-4770-7760-000000000004}
Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak-->msiexec /I {AC76BA86-1029-4770-7760-000000000004}
Adobe Acrobat 9.4.1 - CPSID_83708-->msiexec /I {AC76BA86-1029-4770-7760-000000000004}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings-->MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings-->MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files (x86)\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\f8b20556d1012696bf0c5aa377f00a6\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{CCCC386C-0593-4D42-B76A-9ED0D81AA32C}
Adobe Reader 9.2 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A92000000001}
Adobe Setup-->MsiExec.exe /I{2003F9AE-609C-46DA-A3AB-8CE9AE42C2CF}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
AMD USB Filter Driver-->MsiExec.exe /X{5271C0D4-24E4-4C3D-A782-C012033FD3CF}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
ArcSoft Panorama Maker 5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}\Setup.exe" -l0x9
Atheros Driver Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0005
BitTorrent-->"C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /UNINSTALL
Catalyst Control Center - Branding-->MsiExec.exe /I{E0897770-46C9-4322-AD44-8BFA6BE217B2}
CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DVD Menu Pack for HP MediaSmart Video-->"C:\Program Files (x86)\InstallShield Installation Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\setup.exe" /z-uninstall
DVD Menu Pack for HP MediaSmart Video-->"C:\Program Files (x86)\InstallShield Installation Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\setup.exe" /z-uninstall /zMS
ENE CIR Receiver Driver-->C:\PROGRA~1\DIFX\3BD8E4BC84D41A4F\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_amd64_neutral_acae3f801586bfb8\enecir.inf
GIMP 2.6.11-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"
HP 3D DriveGuard-->MsiExec.exe /X{33DBA3CA-4E9D-4087-9911-359E45263D92}
HP Advisor-->MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart Internet TV-->"C:\Program Files (x86)\InstallShield Installation Information\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}\setup.exe" /z-uninstall
HP MediaSmart Internet TV-->"C:\Program Files (x86)\InstallShield Installation Information\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}\setup.exe" /z-uninstall
HP MediaSmart Live TV-->"C:\Program Files (x86)\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\setup.exe" /z-uninstall
HP MediaSmart Live TV-->"C:\Program Files (x86)\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS
HP MediaSmart SmartMenu-->MsiExec.exe /X{88E60521-1E4E-4785-B9F1-1798A4BD0C30}
HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /z
HP Quick Launch Buttons-->"C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0005 uninst
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17B4760F-334B-475D-829F-1A3E94A6A4E6}\setup.exe" -l0x9 -removeonly
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Update-->MsiExec.exe /X{D46D081B-F60E-467E-A7C4-117B70D76731}
HP User Guides 0154-->MsiExec.exe /X{B51605BF-6326-4553-AE96-6D7F1813D5F5}
HP Wireless Assistant-->MsiExec.exe /X{54CC7901-804D-4155-B353-21F0CC9112AB}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"
Java(TM) 6 Update 15 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416015FF}
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java(TM) SE Development Kit 6 Update 15 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0160150}
JMicron Flash Media Controller Driver-->"C:\Program Files (x86)\JMicron\JMCR_DIR\setup.exe" delpkg
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{CC8E94A2-55C7-4460-953C-2A790180578C}
LizardTech ExpressView Browser Plug-in-->"C:\Program Files (x86)\InstallShield Installation Information\{9CD8FC8E-A1CA-4634-96BC-CD6B2D4797CC}\setup.exe" -runfromtemp -l0x0409 -removeonly
Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Movie Theme Pack for HP MediaSmart Video-->"C:\Program Files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\setup.exe" /z-uninstall
Movie Theme Pack for HP MediaSmart Video-->"C:\Program Files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\setup.exe" /z-uninstall /zMS
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nikon File Uploader 2-->MsiExec.exe /X{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}
PDF Settings-->MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
PeaZip 3.2-->"C:\Program Files\PeaZip\unins000.exe"
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}
Realtek 8136 8168 8169 Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Recovery Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
SeaMonkey (2.0.11)-->C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Total Commander (Remove or Repair)-->C:\Program Files (x86)\totalcmd\tcuninst.exe
UFRaw 0.17-->"C:\Program Files (x86)\GIMP-2.0\unins000.exe"
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Outlook 2007 (KB2412171)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7961E819-93A5-40A8-8469-4BE2FBBFACEF}
Update for Outlook 2007 Junk Email Filter (KB2466076)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EE71630C-C756-4343-B620-DB5958609E3D}
VideoPad Video Editor-->C:\Program Files (x86)\NCH Software\VideoPad\uninst.exe
ViewNX 2-->MsiExec.exe /X{DDD62492-32A7-412B-8AF1-2CF032AD42E3}
VLC media player 1.1.0-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WavePad Sound Editor-->C:\Program Files (x86)\NCH Swift Sound\WavePad\uninst.exe
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-win7x64-brcm.inf_amd64_neutral_9f61c0dbf5607025\bcbtums-win7x64-brcm.inf
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-vistax64-brcm.inf_amd64_neutral_669857059b361c7a\bcbtums-vistax64-brcm.inf
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbthid64.inf_amd64_neutral_737f347105a3e66a\bcbthid64.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C454280F-3C3E-4929-B60E-9E6CED5717E7}
Windows Live Messenger-->MsiExec.exe /X{50300123-F8FC-4B50-B449-E847D04F1BA2}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{068B46A0-8858-4CEB-80BC-A4AE787A05FC}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{AB78C965-5C67-409B-8433-D7B5BDB12073}
Windows Live Writer-->MsiExec.exe /X{4264C020-850B-4F08-ACBE-98205D9C336C}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
XnView 1.97.6-->"C:\Program Files (x86)\XnView\unins000.exe"

======System event log======

Computer Name: Matiášek-NB
Event Code: 7036
Message: Stav služby Telefonní subsystém byl změněn na: Zastaveno
Record Number: 2314
Source Name: Service Control Manager
Time Written: 20100616100259.254473-000
Event Type: Informace
User:

Computer Name: Matiášek-NB
Event Code: 7036
Message: Stav služby Služba Plánovač multimédií byl změněn na: Spuštěno
Record Number: 2313
Source Name: Service Control Manager
Time Written: 20100616100133.050347-000
Event Type: Informace
User:

Computer Name: Matiášek-NB
Event Code: 7036
Message: Stav služby Windows Presentation Foundation Font Cache 3.0.0.0 byl změněn na: Spuštěno
Record Number: 2312
Source Name: Service Control Manager
Time Written: 20100616100128.963139-000
Event Type: Informace
User:

Computer Name: Matiášek-NB
Event Code: 7036
Message: Stav služby Telefonní subsystém byl změněn na: Spuštěno
Record Number: 2311
Source Name: Service Control Manager
Time Written: 20100616100056.109482-000
Event Type: Informace
User:

Computer Name: Matiášek-NB
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 2310
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100616100052.630676-000
Event Type: Informace
User: Matiášek-NB\Matiášek

=====Application event log=====

Computer Name: Matiášek-NB
Event Code: 0
Message: Requires:C:\Program Files (x86)\Hewlett-Packard\HP Setup
Record Number: 1464
Source Name: HP Total Care Setup Updater
Time Written: 20100616100103.000000-000
Event Type: Informace
User:

Computer Name: Matiášek-NB
Event Code: 0
Message: Expanded Env:CORESYSTEMPATH
Record Number: 1463
Source Name: HP Total Care Setup Updater
Time Written: 20100616100103.000000-000
Event Type: Informace
User:

Computer Name: Matiášek-NB
Event Code: 0
Message: Current:C:\ProgramData\Hewlett-Packard\HP Setup
Record Number: 1462
Source Name: HP Total Care Setup Updater
Time Written: 20100616100103.000000-000
Event Type: Informace
User:

Computer Name: Matiášek-NB
Event Code: 0
Message: Requires:C:\ProgramData\Hewlett-Packard\HP Setup
Record Number: 1461
Source Name: HP Total Care Setup Updater
Time Written: 20100616100103.000000-000
Event Type: Informace
User:

Computer Name: Matiášek-NB
Event Code: 0
Message: Expanded Env:COREALLUSERPATH
Record Number: 1460
Source Name: HP Total Care Setup Updater
Time Written: 20100616100103.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Matiášek-NB
Event Code: 4616
Message: Systémový čas byl změněn.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Informace o procesu:
ID procesu: 0x394
Název: C:\Windows\System32\svchost.exe

Předchozí čas: ?2010?-?06?-?16T10:26:03.749478700Z
Nový čas: ?2010?-?06?-?16T10:26:03.749000000Z

Tato událost je generována, pokud je změněn systémový čas. Je normální, že systémový čas, který používá systémové oprávnění, se mění pravidelně. Jiné změny systémového času mohou označovat pokusy o manipulaci s počítačem.
Record Number: 521
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100616102603.749000-000
Event Type: Úspěšný audit
User:

Computer Name: Matiášek-NB
Event Code: 4616
Message: Systémový čas byl změněn.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Informace o procesu:
ID procesu: 0x394
Název: C:\Windows\System32\svchost.exe

Předchozí čas: ?2010?-?06?-?16T10:27:57.609428600Z
Nový čas: ?2010?-?06?-?16T10:26:03.746478600Z

Tato událost je generována, pokud je změněn systémový čas. Je normální, že systémový čas, který používá systémové oprávnění, se mění pravidelně. Jiné změny systémového času mohou označovat pokusy o manipulaci s počítačem.
Record Number: 520
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100616102603.747478-000
Event Type: Úspěšný audit
User:

Computer Name: Matiášek-NB
Event Code: 4905
Message: Došlo k pokusu zrušit registraci zdroje události zabezpečení.

Předmět
ID zabezpečení: S-1-5-18
Název účtu: WIN-A1T2BRBN6VO$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Proces:
ID procesu: 0x984
Název procesu: C:\Windows\System32\VSSVC.exe

Zdroj události:
Název zdroje: VSSAudit
ID zdroje události: 0x17bb01
Record Number: 519
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100616100056.156282-000
Event Type: Úspěšný audit
User:

Computer Name: Matiášek-NB
Event Code: 4904
Message: Došlo k pokusu zaregistrovat zdroj události zabezpečení.

Předmět :
ID zabezpečení: S-1-5-18
Název účtu: WIN-A1T2BRBN6VO$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Proces:
ID procesu: 0x984
Název procesu: C:\Windows\System32\VSSVC.exe

Zdroj události:
Název zdroje: VSSAudit
ID zdroje události: 0x17bb01
Record Number: 518
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100616100056.156282-000
Event Type: Úspěšný audit
User:

Computer Name: Matiášek-NB
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-3076793258-3057149288-2333555966-1000
Název účtu: Matiášek
Název domény: Matiášek-NB
ID přihlášení: 0x8df3b
Record Number: 517
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100616100050.743073-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion

-----------------EOF-----------------

Re: nod blokuje tooldawn.com

Napsal: 09 led 2011 13:09
od vyosek
:arrow: Pro jistotu jsem nechal ten odkaz odkud jste tu vec stahl editnou - z bezp. duvodu...

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
  • Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
  • Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
  • RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
  • V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: nod blokuje tooldawn.com

Napsal: 09 led 2011 13:38
od kloboucznick
ComboFix 11-01-08.04 - Matiášek 09.01.2011 13:26:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4092.2851 [GMT 1:00]
Spuštěný z: c:\users\Matiášek\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
/wow section - STAGE 50
Systém nemůže najít soubor LockedB.
Systém nemůže najít soubor lockedB.
Systém nemůže nalézt uvedenou cestu.
Systém nemůže najít soubor LockedB.
Systém nemůže najít soubor LockedB.


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-09 do 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 12:32 . 2011-01-09 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-09 01:56 . 2011-01-09 01:56 -------- d-----w- C:\rsit
2011-01-09 01:56 . 2011-01-09 01:56 -------- d-----w- c:\program files\trend micro
2011-01-08 23:50 . 2011-01-08 23:50 229888 ----a-w- c:\windows\Gfihia.exe
2011-01-08 23:50 . 2011-01-08 23:50 -------- d-----w- c:\users\Matiášek\AppData\Local\ESET
2011-01-08 22:38 . 2011-01-08 22:38 -------- d-----w- c:\users\Matiášek\AppData\Roaming\Babylon
2011-01-07 09:48 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B2BA54D-5469-4030-A3D5-8F2FAAE8DA7A}\mpengine.dll
2011-01-03 22:43 . 2011-01-03 22:43 -------- d-----w- c:\program files (x86)\LizardTech
2011-01-03 22:31 . 2007-07-19 23:57 267112 ----a-w- c:\windows\SysWow64\xactengine2_9.dll
2011-01-03 22:16 . 2011-01-03 22:16 -------- d-----w- c:\users\Matiášek\AppData\Roaming\LizardTech
2011-01-03 22:08 . 2011-01-03 23:12 -------- d-----w- c:\users\Matiášek\AppData\Local\Deployment
2011-01-02 22:27 . 2011-01-02 22:27 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-24 22:29 . 2010-12-24 22:29 -------- d-----w- c:\users\Matiášek\AppData\Local\Programs
2010-12-24 21:21 . 2010-12-24 21:21 -------- d-----w- c:\users\Matiášek\AppData\Roaming\Nikon
2010-12-24 21:21 . 2010-12-24 21:21 -------- d-----w- c:\users\Matiášek\AppData\Local\Nikon
2010-12-24 21:20 . 2010-12-24 22:29 -------- d--h--w- c:\programdata\ArcSoft
2010-12-24 21:20 . 2010-12-24 21:20 -------- d-----w- c:\users\Matiášek\AppData\Local\ArcSoft
2010-12-24 21:19 . 2010-12-24 21:19 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2010-12-24 21:19 . 2010-12-24 21:19 -------- d-----w- c:\program files (x86)\ArcSoft
2010-12-24 21:18 . 2010-12-24 22:29 -------- d-----w- c:\users\Matiášek\AppData\Roaming\ArcSoft
2010-12-24 21:18 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-12-24 21:18 . 2001-09-05 03:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-12-24 21:18 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-12-24 21:18 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-12-24 21:16 . 2010-12-24 21:16 -------- d-----w- c:\programdata\PrintingModule
2010-12-24 21:16 . 2010-12-24 21:16 -------- d-----w- c:\programdata\Ultima_T15
2010-12-24 21:16 . 2010-12-24 21:16 -------- d-----w- c:\programdata\EnterNHelp
2010-12-24 21:16 . 2010-12-24 21:16 -------- d-----w- c:\programdata\Plugins
2010-12-24 21:16 . 2010-12-24 21:16 -------- d-----w- c:\programdata\Pick Bass
2010-12-24 21:16 . 2010-12-24 21:39 -------- d-----w- c:\program files (x86)\Nikon
2010-12-24 21:15 . 2010-12-24 21:15 -------- d-----w- c:\programdata\Apple
2010-12-24 21:15 . 2010-12-24 21:15 -------- d-----w- c:\program files (x86)\Common Files\Apple
2010-12-24 13:04 . 2010-12-24 13:04 -------- d-----w- c:\users\Matiášek\AppData\Roaming\Recordpad
2010-12-24 13:03 . 2010-12-24 22:24 -------- d-----w- c:\program files (x86)\NCH Swift Sound
2010-12-24 13:03 . 2010-12-24 13:20 -------- d-----w- c:\users\Matiášek\AppData\Roaming\NCH Swift Sound
2010-12-24 13:03 . 2010-12-24 13:20 -------- d-----w- c:\programdata\NCH Swift Sound
2010-12-20 00:26 . 2010-12-20 00:26 -------- d-----w- c:\users\Matiášek\AppData\Roaming\ImgBurn
2010-12-20 00:21 . 2010-12-20 00:21 -------- d-----w- c:\program files (x86)\ImgBurn
2010-12-14 19:01 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-14 19:01 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-14 19:01 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-12 22:10 . 2010-12-12 22:10 -------- d-----w- c:\users\Matiášek\AppData\Local\Installer1352
2010-12-12 16:08 . 2010-12-27 15:39 -------- d-----w- C:\fleška

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-24 21:17 . 2010-12-24 21:17 57344 ----a-r- c:\users\Matiášek\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-12-24 21:17 . 2010-12-24 21:17 57344 ----a-r- c:\users\Matiášek\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-12-24 21:16 . 2009-10-02 21:39 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2010-11-12 17:53 . 2010-06-18 13:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-10-27 12:28 . 2010-10-27 12:28 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-02-26 139704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-02-26 163888]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-02-26 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-02-26 124760]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-01-09 c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
- c:\windows\Gfihia.exe [2011-01-08 23:50]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-12 171520]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-26 2837768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 192.168.1.1:3128
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-09 13:36:54
ComboFix-quarantined-files.txt 2011-01-09 12:36

Před spuštěním: Volných bajtů: 267 570 061 312
Po spuštění: Volných bajtů: 269 939 089 408

- - End Of File - - EAC62599D4767760594FDC06034B2C32

Re: nod blokuje tooldawn.com

Napsal: 09 led 2011 13:50
od kloboucznick
Po provedení Vámi popsaného postupu jsem zase zapnul NOD. Našel C:\Windows\Gfihia.exe jako variantu infiltrace win32/Kryptik.JNB trojský kůň a soubor smazal uložením do karantény


Ani po restartu mi už NOD nepíše, že se něco chce někam připojit, vše se zdá být v pořádku. Lze to nějak ověřit?

Re: nod blokuje tooldawn.com

Napsal: 09 led 2011 16:53
od vyosek
:arrow: Jeste docistime log po CF

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    File::
c:\windows\Gfihia.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

Folder::
c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"Adobe Acrobat Speed Launcher"=-
"Acrobat Assistant 8.0"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

DDS::
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 192.168.1.1:3128

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: nod blokuje tooldawn.com

Napsal: 09 led 2011 17:01
od kloboucznick
jenom se zeptám, mám před tím zase vypnout rezidenční ochranu nebo ostatní běžící programy?

Re: nod blokuje tooldawn.com

Napsal: 09 led 2011 17:01
od vyosek
Ano vypnete oboji - rezidenty i programy...

Re: nod blokuje tooldawn.com

Napsal: 09 led 2011 17:21
od kloboucznick
ComboFix 11-01-08.04 - Matiášek 09.01.2011 17:10:32.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4092.2907 [GMT 1:00]
Spuštěný z: c:\users\Matiášek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Matiášek\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\Gfihia.exe"
"c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job"
.
/wow section - STAGE 50
Systém nemůže najít soubor LockedB.
Systém nemůže najít soubor lockedB.
Systém nemůže nalézt uvedenou cestu.
Systém nemůže najít soubor LockedB.
Systém nemůže najít soubor LockedB.


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-09 do 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 16:16 . 2011-01-09 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-09 01:56 . 2011-01-09 01:56 -------- d-----w- C:\rsit
2011-01-09 01:56 . 2011-01-09 01:56 -------- d-----w- c:\program files\trend micro
2011-01-08 23:50 . 2011-01-08 23:50 -------- d-----w- c:\users\Matiášek\AppData\Local\ESET
2011-01-08 22:38 . 2011-01-08 22:38 -------- d-----w- c:\users\Matiášek\AppData\Roaming\Babylon
2011-01-07 09:48 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B2BA54D-5469-4030-A3D5-8F2FAAE8DA7A}\mpengine.dll
2011-01-03 22:43 . 2011-01-03 22:43 -------- d-----w- c:\program files (x86)\LizardTech
2011-01-03 22:31 . 2007-07-19 23:57 267112 ----a-w- c:\windows\SysWow64\xactengine2_9.dll
2011-01-03 22:16 . 2011-01-03 22:16 -------- d-----w- c:\users\Matiášek\AppData\Roaming\LizardTech
2011-01-03 22:08 . 2011-01-03 23:12 -------- d-----w- c:\users\Matiášek\AppData\Local\Deployment
2011-01-02 22:27 . 2011-01-02 22:27 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-24 22:29 . 2010-12-24 22:29 -------- d-----w- c:\users\Matiášek\AppData\Local\Programs
2010-12-24 21:21 . 2010-12-24 21:21 -------- d-----w- c:\users\Matiášek\AppData\Roaming\Nikon
2010-12-24 21:21 . 2010-12-24 21:21 -------- d-----w- c:\users\Matiášek\AppData\Local\Nikon
2010-12-24 21:20 . 2010-12-24 22:29 -------- d--h--w- c:\programdata\ArcSoft
2010-12-24 21:20 . 2010-12-24 21:20 -------- d-----w- c:\users\Matiášek\AppData\Local\ArcSoft
2010-12-24 21:19 . 2010-12-24 21:19 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2010-12-24 21:19 . 2010-12-24 21:19 -------- d-----w- c:\program files (x86)\ArcSoft
2010-12-24 21:18 . 2010-12-24 22:29 -------- d-----w- c:\users\Matiášek\AppData\Roaming\ArcSoft
2010-12-24 21:18 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-12-24 21:18 . 2001-09-05 03:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-12-24 21:18 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-12-24 21:18 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-12-24 21:16 . 2010-12-24 21:16 -------- d-----w- c:\programdata\PrintingModule
2010-12-24 21:16 . 2010-12-24 21:16 -------- d-----w- c:\programdata\Ultima_T15
2010-12-24 21:16 . 2010-12-24 21:16 -------- d-----w- c:\programdata\EnterNHelp
2010-12-24 21:16 . 2010-12-24 21:16 -------- d-----w- c:\programdata\Plugins
2010-12-24 21:16 . 2010-12-24 21:16 -------- d-----w- c:\programdata\Pick Bass
2010-12-24 21:16 . 2010-12-24 21:39 -------- d-----w- c:\program files (x86)\Nikon
2010-12-24 21:15 . 2010-12-24 21:15 -------- d-----w- c:\programdata\Apple
2010-12-24 21:15 . 2010-12-24 21:15 -------- d-----w- c:\program files (x86)\Common Files\Apple
2010-12-24 13:04 . 2010-12-24 13:04 -------- d-----w- c:\users\Matiášek\AppData\Roaming\Recordpad
2010-12-24 13:03 . 2010-12-24 22:24 -------- d-----w- c:\program files (x86)\NCH Swift Sound
2010-12-24 13:03 . 2010-12-24 13:20 -------- d-----w- c:\users\Matiášek\AppData\Roaming\NCH Swift Sound
2010-12-24 13:03 . 2010-12-24 13:20 -------- d-----w- c:\programdata\NCH Swift Sound
2010-12-20 00:26 . 2010-12-20 00:26 -------- d-----w- c:\users\Matiášek\AppData\Roaming\ImgBurn
2010-12-20 00:21 . 2010-12-20 00:21 -------- d-----w- c:\program files (x86)\ImgBurn
2010-12-14 19:01 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-14 19:01 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-14 19:01 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-12 22:10 . 2010-12-12 22:10 -------- d-----w- c:\users\Matiášek\AppData\Local\Installer1352
2010-12-12 16:08 . 2010-12-27 15:39 -------- d-----w- C:\fleška

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-24 21:17 . 2010-12-24 21:17 57344 ----a-r- c:\users\Matiášek\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-12-24 21:17 . 2010-12-24 21:17 57344 ----a-r- c:\users\Matiášek\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-12-24 21:16 . 2009-10-02 21:39 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2010-11-12 17:53 . 2010-06-18 13:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-10-27 12:28 . 2010-10-27 12:28 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-01-09_12.32.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-12 08:37 . 2011-01-09 13:22 48466 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-12-12 08:37 . 2011-01-09 11:45 48466 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-01-09 11:45 60702 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-09 13:22 60702 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-06-16 09:52 . 2011-01-09 12:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-16 09:52 . 2011-01-09 16:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-16 09:52 . 2011-01-09 12:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-16 09:52 . 2011-01-09 16:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-16 09:54 . 2011-01-09 13:22 9232 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3076793258-3057149288-2333555966-1000_UserData.bin
+ 2011-01-09 13:20 . 2011-01-09 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-09 11:43 . 2011-01-09 11:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-09 11:43 . 2011-01-09 11:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-09 13:20 . 2011-01-09 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-01-09 13:48 607190 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-01-09 12:21 607190 c:\windows\system32\perfh009.dat
- 2009-12-12 17:14 . 2011-01-09 12:21 622660 c:\windows\system32\perfh005.dat
+ 2009-12-12 17:14 . 2011-01-09 13:48 622660 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-01-09 12:21 103568 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-01-09 13:48 103568 c:\windows\system32\perfc009.dat
+ 2009-12-12 17:14 . 2011-01-09 13:48 118810 c:\windows\system32\perfc005.dat
- 2009-12-12 17:14 . 2011-01-09 12:21 118810 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2011-01-09 13:19 489800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-01-09 03:37 489800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-01-09 13:55 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-01-09 11:55 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-02-26 139704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-02-26 163888]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-02-26 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-02-26 124760]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-12 171520]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-26 2837768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
.
.
Celkový čas: 2011-01-09 17:18:38
ComboFix-quarantined-files.txt 2011-01-09 16:18
ComboFix2.txt 2011-01-09 12:36

Před spuštěním: Volných bajtů: 269 604 515 840
Po spuštění: Volných bajtů: 269 560 492 032

- - End Of File - - 5C66EF00BA454FB9A76D7E2AD03D2DE3

Re: nod blokuje tooldawn.com

Napsal: 09 led 2011 17:25
od vyosek
Prosim o strpeni, zkonzultuji s kolegy jednu nezvyklou cast logu...Dekuji :wink:

Re: nod blokuje tooldawn.com

Napsal: 09 led 2011 22:20
od vyosek
:arrow: Odinstalujte Combofix
  • Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
  • Napiste ComboFix /Uninstall
  • Stisknete Enter
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za 14 dni

:arrow: Dejte novy log z RSIT a napiste jak se chova PC

Re: nod blokuje tooldawn.com

Napsal: 10 led 2011 00:15
od kloboucznick
Díky, zdá se, že po čištění útrob systém pracuje rychleji i než před virózou. Připojuji log RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Matiášek at 2011-01-10 00:08:47
Microsoft Windows 7 Home Premium
System drive C: has 267 GB (58%) free of 462 GB
Total RAM: 4092 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:08:49, on 10.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\SeaMonkey\seamonkey.exe
C:\Program Files\trend micro\Matiášek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11398 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\IDT\WDM\sttray64.exe"
C:\Windows\SysWOW64\svchost.exe -k netsvcs
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2320
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
ArcCon.ac 131346 0
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
taskeng.exe {7EF7B92D-EC0F-4193-84D6-00904C4C02BC}
"c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
"c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\SeaMonkey\seamonkey.exe"
C:\Windows\splwow64.exe 2
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Matiášek\Desktop\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-12 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 2096424]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2009-08-25 610872]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-02-26 2837768]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-03-23 487424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-04 98304]
"HPCam_Menu"=c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-08-20 322104]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2009-09-02 60464]
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2009-12-12 52272]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-01-10 00:08:47 ----D---- C:\rsit
2011-01-09 23:55:29 ----D---- C:\Program Files (x86)\CCleaner
2011-01-09 23:28:21 ----SHD---- C:\$RECYCLE.BIN
2011-01-09 23:11:09 ----D---- C:\Windows\temp
2011-01-09 02:56:30 ----D---- C:\Program Files\trend micro
2011-01-08 23:38:01 ----D---- C:\Users\Matiášek\AppData\Roaming\Babylon
2011-01-03 23:43:48 ----D---- C:\Program Files (x86)\LizardTech
2011-01-03 23:32:17 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-01-03 23:32:17 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-01-03 23:32:17 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-01-03 23:32:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-01-03 23:32:16 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-01-03 23:32:15 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-01-03 23:32:15 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-01-03 23:32:14 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-01-03 23:32:14 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-01-03 23:32:13 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2011-01-03 23:32:13 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-01-03 23:32:12 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-01-03 23:32:12 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-01-03 23:32:11 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-01-03 23:32:11 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-01-03 23:32:11 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-01-03 23:32:11 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-01-03 23:32:11 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-01-03 23:32:11 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-01-03 23:32:11 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-01-03 23:32:10 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-01-03 23:32:10 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2011-01-03 23:32:10 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-01-03 23:32:10 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-01-03 23:32:10 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-01-03 23:32:10 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-01-03 23:32:10 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-01-03 23:32:10 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-01-03 23:32:09 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-01-03 23:32:09 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-01-03 23:32:08 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-01-03 23:32:08 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-01-03 23:32:08 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-01-03 23:32:08 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-01-03 23:32:08 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-01-03 23:32:08 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-01-03 23:32:08 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-01-03 23:32:08 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-01-03 23:32:07 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2011-01-03 23:32:07 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2011-01-03 23:32:07 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2011-01-03 23:32:07 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2011-01-03 23:32:07 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-01-03 23:32:07 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-01-03 23:32:07 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-01-03 23:32:07 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-01-03 23:32:07 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-01-03 23:32:07 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-01-03 23:32:06 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-01-03 23:32:06 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-01-03 23:32:06 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-01-03 23:32:06 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-01-03 23:32:05 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2011-01-03 23:32:05 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-01-03 23:32:04 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2011-01-03 23:32:04 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2011-01-03 23:32:04 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2011-01-03 23:32:04 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2011-01-03 23:32:04 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-01-03 23:32:04 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-01-03 23:32:04 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-01-03 23:32:04 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-01-03 23:32:03 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2011-01-03 23:32:03 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-01-03 23:32:02 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2011-01-03 23:32:02 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-01-03 23:32:01 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2011-01-03 23:32:01 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2011-01-03 23:32:01 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-01-03 23:32:01 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-01-03 23:32:00 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2011-01-03 23:32:00 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-01-03 23:31:59 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2011-01-03 23:31:59 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-01-03 23:31:58 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-01-03 23:31:58 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-01-03 23:31:58 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-01-03 23:31:58 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-01-03 23:31:57 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2011-01-03 23:31:57 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-01-03 23:31:56 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2011-01-03 23:31:56 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2011-01-03 23:31:56 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-01-03 23:31:56 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-01-03 23:31:55 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2011-01-03 23:31:55 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2011-01-03 23:31:55 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-01-03 23:31:55 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-01-03 23:31:54 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2011-01-03 23:31:54 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-01-03 23:31:53 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2011-01-03 23:31:53 ----A---- C:\Windows\system32\xinput1_3.dll
2011-01-03 23:31:52 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2011-01-03 23:31:52 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-01-03 23:31:51 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2011-01-03 23:31:51 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2011-01-03 23:31:51 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-01-03 23:31:51 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-01-03 23:31:50 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2011-01-03 23:31:50 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2011-01-03 23:31:50 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2011-01-03 23:31:50 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-01-03 23:31:50 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-01-03 23:31:50 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-01-03 23:31:49 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2011-01-03 23:31:49 ----A---- C:\Windows\system32\d3dx10.dll
2011-01-03 23:31:48 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2011-01-03 23:31:48 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2011-01-03 23:31:48 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2011-01-03 23:31:48 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-01-03 23:31:48 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-01-03 23:31:48 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-01-03 23:31:47 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2011-01-03 23:31:47 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-01-03 23:31:47 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2011-01-03 23:31:47 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-01-03 23:31:47 ----A---- C:\Windows\system32\xinput1_2.dll
2011-01-03 23:31:47 ----A---- C:\Windows\system32\xinput1_1.dll
2011-01-03 23:31:47 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-01-03 23:31:47 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-01-03 23:31:46 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-01-03 23:31:46 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-01-03 23:31:39 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-01-03 23:31:39 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-01-03 23:31:38 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-01-03 23:31:38 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-01-03 23:31:38 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-01-03 23:31:38 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-01-03 23:31:37 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-01-03 23:31:37 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-01-03 23:31:36 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-01-03 23:31:36 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-01-03 23:31:35 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-01-03 23:31:35 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-01-03 23:31:34 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-01-03 23:31:34 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-01-03 23:31:33 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-01-03 23:31:33 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-01-03 23:31:33 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-01-03 23:31:33 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-01-03 23:16:30 ----D---- C:\Users\Matiášek\AppData\Roaming\LizardTech
2011-01-02 23:45:25 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-01-02 23:45:25 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-01-02 23:45:25 ----A---- C:\Windows\SYSWOW64\java.exe
2011-01-02 23:27:20 ----D---- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-24 22:36:37 ----A---- C:\Windows\ViewNX2.INI
2010-12-24 22:21:22 ----D---- C:\Users\Matiášek\AppData\Roaming\Nikon
2010-12-24 22:20:12 ----HD---- C:\ProgramData\ArcSoft
2010-12-24 22:19:25 ----D---- C:\Program Files (x86)\ArcSoft
2010-12-24 22:18:52 ----D---- C:\Users\Matiášek\AppData\Roaming\ArcSoft
2010-12-24 22:16:47 ----D---- C:\ProgramData\PrintingModule
2010-12-24 22:16:46 ----D---- C:\ProgramData\Ultima_T15
2010-12-24 22:16:46 ----D---- C:\ProgramData\Plugins
2010-12-24 22:16:46 ----D---- C:\ProgramData\Pick Bass
2010-12-24 22:16:46 ----D---- C:\ProgramData\EnterNHelp
2010-12-24 22:16:29 ----D---- C:\Program Files (x86)\Nikon
2010-12-24 22:15:54 ----D---- C:\ProgramData\Apple
2010-12-24 14:04:15 ----D---- C:\Users\Matiášek\AppData\Roaming\Recordpad
2010-12-24 14:03:23 ----D---- C:\Users\Matiášek\AppData\Roaming\NCH Swift Sound
2010-12-24 14:03:23 ----D---- C:\ProgramData\NCH Swift Sound
2010-12-24 14:03:23 ----D---- C:\Program Files (x86)\NCH Swift Sound
2010-12-20 01:26:22 ----D---- C:\Users\Matiášek\AppData\Roaming\ImgBurn
2010-12-20 01:21:32 ----D---- C:\Program Files (x86)\ImgBurn
2010-12-14 20:02:24 ----A---- C:\Windows\system32\consent.exe
2010-12-14 20:02:23 ----A---- C:\Windows\system32\mshtml.dll
2010-12-14 20:02:22 ----A---- C:\Windows\system32\iertutil.dll
2010-12-14 20:02:21 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-14 20:02:21 ----A---- C:\Windows\system32\mstime.dll
2010-12-14 20:02:21 ----A---- C:\Windows\system32\ieframe.dll
2010-12-14 20:02:20 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-14 20:02:18 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-14 20:02:16 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-14 20:02:16 ----A---- C:\Windows\system32\wininet.dll
2010-12-14 20:02:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-14 20:02:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-14 20:02:14 ----A---- C:\Windows\system32\urlmon.dll
2010-12-14 20:02:14 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-14 20:02:13 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-14 20:02:13 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\ieui.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\iepeers.dll
2010-12-14 20:02:13 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-14 20:02:08 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-14 20:02:08 ----A---- C:\Windows\system32\tzres.dll
2010-12-14 20:02:02 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-14 20:02:02 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-14 20:02:02 ----A---- C:\Windows\system32\taskschd.dll
2010-12-14 20:02:02 ----A---- C:\Windows\system32\taskeng.exe
2010-12-14 20:02:02 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-14 20:02:02 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-14 20:02:01 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-14 20:02:01 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2010-12-14 20:02:01 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2010-12-14 20:02:01 ----A---- C:\Windows\system32\schtasks.exe
2010-12-14 20:01:57 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-14 20:01:57 ----A---- C:\Windows\system32\atmfd.dll
2010-12-14 20:01:56 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-14 20:01:56 ----A---- C:\Windows\system32\atmlib.dll
2010-12-14 20:01:53 ----A---- C:\Windows\system32\win32k.sys
2010-12-14 20:01:51 ----A---- C:\Windows\SYSWOW64\webio.dll
2010-12-14 20:01:51 ----A---- C:\Windows\system32\webio.dll
2010-12-14 19:53:09 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2010-12-14 19:53:09 ----A---- C:\Windows\system32\drivers\sdbus.sys
2010-12-12 17:08:58 ----D---- C:\fleška

======List of files/folders modified in the last 1 months======

2011-01-10 00:08:50 ----D---- C:\Windows\Prefetch
2011-01-10 00:07:23 ----D---- C:\Users\Matiášek\AppData\Roaming\XnView
2011-01-10 00:07:05 ----D---- C:\Windows
2011-01-10 00:00:45 ----D---- C:\Program Files (x86)\SeaMonkey
2011-01-09 23:57:26 ----D---- C:\Windows\debug
2011-01-09 23:55:29 ----RD---- C:\Program Files (x86)
2011-01-09 23:54:30 ----D---- C:\Windows\System32
2011-01-09 23:54:30 ----D---- C:\Windows\inf
2011-01-09 23:54:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-09 23:50:18 ----D---- C:\ProgramData
2011-01-09 23:50:18 ----A---- C:\ProgramData\HPWALog.txt
2011-01-09 23:50:10 ----D---- C:\Windows\system32\config
2011-01-09 23:26:12 ----SHD---- C:\System Volume Information
2011-01-09 23:20:15 ----A---- C:\Windows\system.ini
2011-01-09 23:17:57 ----D---- C:\Windows\SYSWOW64\drivers
2011-01-09 23:17:57 ----D---- C:\Windows\SysWOW64
2011-01-09 23:17:57 ----D---- C:\Windows\system32\drivers
2011-01-09 23:17:57 ----D---- C:\Windows\AppPatch
2011-01-09 23:17:56 ----D---- C:\Program Files\Common Files
2011-01-09 23:17:56 ----D---- C:\Program Files (x86)\Common Files
2011-01-09 13:45:00 ----D---- C:\Windows\Tasks
2011-01-09 13:35:59 ----D---- C:\Windows\system32\Tasks
2011-01-09 02:56:30 ----RD---- C:\Program Files
2011-01-09 01:15:04 ----D---- C:\Users\Matiášek\AppData\Roaming\BitTorrent
2011-01-08 23:47:03 ----RD---- C:\Program Files (x86)\Online Services
2011-01-08 15:14:07 ----D---- C:\Users\Matiášek\AppData\Roaming\dvdcss
2011-01-07 12:50:51 ----D---- C:\Windows\system32\NDF
2011-01-07 09:47:21 ----D---- C:\Windows\system32\catroot2
2011-01-06 22:48:47 ----SD---- C:\Users\Matiášek\AppData\Roaming\Microsoft
2011-01-06 21:21:24 ----D---- C:\Users\Matiášek\AppData\Roaming\Hewlett-Packard
2011-01-06 15:12:41 ----D---- C:\Windows\system32\DriverStore
2011-01-05 13:34:29 ----D---- C:\Users\Matiášek\AppData\Roaming\Adobe
2011-01-03 23:43:48 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-01-03 23:31:46 ----RSD---- C:\Windows\assembly
2011-01-03 23:31:40 ----D---- C:\Windows\Microsoft.NET
2011-01-03 23:07:48 ----SHD---- C:\Windows\Installer
2011-01-03 23:07:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-01-02 23:45:13 ----D---- C:\Program Files (x86)\Java
2011-01-02 23:31:25 ----D---- C:\Users\Matiášek\AppData\Roaming\hpqlog
2011-01-02 23:31:16 ----D---- C:\Windows\Help
2011-01-02 23:31:12 ----D---- C:\Windows\winsxs
2011-01-02 23:28:16 ----D---- C:\Program Files (x86)\Hewlett-Packard
2010-12-30 17:17:13 ----D---- C:\SwSetup
2010-12-30 17:15:19 ----D---- C:\ProgramData\Hewlett-Packard
2010-12-27 16:40:49 ----D---- C:\Users\Matiášek\AppData\Roaming\vlc
2010-12-24 22:59:29 ----D---- C:\Windows\system32\drivers\UMDF
2010-12-24 22:44:47 ----D---- C:\ProgramData\CyberLink
2010-12-24 22:43:48 ----D---- C:\Users\Matiášek\AppData\Roaming\CyberLink
2010-12-24 22:16:38 ----A---- C:\Windows\SYSWOW64\ATL71.DLL
2010-12-24 22:16:26 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-23 20:59:58 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-12-16 11:30:41 ----D---- C:\Windows\rescache
2010-12-15 05:59:23 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-15 05:59:23 ----D---- C:\Windows\system32\cs-CZ
2010-12-15 05:59:22 ----D---- C:\Program Files\Windows Mail
2010-12-15 05:59:21 ----D---- C:\Windows\SYSWOW64\migration
2010-12-15 05:59:21 ----D---- C:\Program Files\Internet Explorer
2010-12-15 05:59:21 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-15 05:59:20 ----D---- C:\Windows\system32\migration
2010-12-15 00:06:26 ----D---- C:\ProgramData\Microsoft Help
2010-12-15 00:05:58 ----D---- C:\Windows\system32\catroot
2010-12-15 00:04:35 ----A---- C:\Windows\system32\MRT.exe
2010-12-12 23:10:40 ----D---- C:\Program Files (x86)\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-02-26 139704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-02-26 163888]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-02-26 124760]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-09-21 1484800]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-24 119312]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-05 6038016]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-09-17 21160]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-03-23 505344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 320560]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-09-17 98344]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-09-17 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-05 203264]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-09-04 873248]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-02-26 810120]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-11-15 126520]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2009-07-08 30520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [2010-03-23 247808]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-10-14 751672]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-02-26 42336]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-18 651720]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2009-06-06 250616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1255736]

-----------------EOF-----------------

Re: nod blokuje tooldawn.com

Napsal: 10 led 2011 10:11
od vyosek
:arrow: Otevrete si poznamkovy blok
  • Start->spustit->notepad
  • Vlozte text nize

  • Kód: Vybrat vše

    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
  • Soubor ulozte jako oprava.reg
  • Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
  • Obrázek
  • Zavrit notepad a spustit dvojklikem oprava.reg
  • Pripadny dotaz na zmenu registru potvrdte
  • Okno jen problikne a opravi regsitry - soubor muzete smazat
:arrow: Jinak log vypada cisty :wink:

Re: nod blokuje tooldawn.com

Napsal: 10 led 2011 20:26
od kloboucznick
Provedeno.

Mnohokráte děkuji za Vaši pomoc a čas. Byl jste úžasně pohotový.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz