preventivna:)

Zpráva

ooToo · #1 Příspěvek od **ooToo** » 07 úno 2011 22:33

Dobry vecer mozete sa mi pozriet na log? Dakujem

Logfile of random's system information tool 1.08 (written by random/random)
Run by vlado at 2011-02-07 22:30:26
Microsoft Windows 7 Home Premium
System drive C: has 44 GB (53%) free of 82 GB
Total RAM: 2927 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:52 PM, on 2/7/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\Program Files\trend micro\vlado.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit pøekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{849ECDC4-6C4F-48A8-8971-4429E01A43EB}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13573 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
winlogon.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system\uArcCapture.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
taskeng.exe {24142B38-9660-4CEE-9B84-DB9CBB7C2B26}
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe" /startup
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{E76415B6-30CC-4515-88E4-C283EC09E510}
{BEF79D14-9CDA-476F-8E3B-0165E52F6027}
{C815EEDF-AB8D-437A-BD0E-48F6A0B7AE42}
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\windows\system32\wuauclt.exe"
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\splwow64.exe 2
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: On</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>169641131</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
"C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" "C:\Users\vlado\Desktop\kapitoly_z_optiky.pdf"
"C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" --channel=3484.0036F4B4.1806801012 --type=renderer "C:\Users\vlado\Desktop\kapitoly_z_optiky.pdf"
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5164.9bcade0.1725974592 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 5164 plugin \\.\pipe\gecko-crash-server-pipe.5164
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9b3fdb33-7d09-4c06-a69f-5c310e0819fc -SystemEventPortName:HostProcess-c55f9e40-a1e9-4411-84e4-6d2600922520 -IoCancelEventPortName:HostProcess-d1dbd075-9f3a-403d-b714-131ea9b00660 -NonStateChangingEventPortName:HostProcess-0854e587-a8b0-4990-8311-c05e68b2c3f2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:77cd8849-6c00-40d6-82d0-b425c557fe38
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\OneTouchAccess.exe"
"C:\windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
C:\windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"C:\Users\vlado\Downloads\RSITx64.exe"
C:\windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\windows\tasks\AWC Startup.job
C:\windows\tasks\HPCeeScheduleForvlado.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 2187528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-12-12 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 1471752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-06-19 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-03-17 487424]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-11-10 166424]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-11-10 390680]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-11-10 410136]
"BTMTrayAgent"=C:\Program Files\Motorola\Bluetooth\btmshell.dll,TrayApp []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [2009-11-19 518656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-09-29 1685048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP 2010\qip.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
C:\Program Files (x86)\Nokia\Nokia Music\NokiaMusic.exe /command:faststart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files (x86)\PDF Complete\pdfsty.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\\Phone\Skype.exe [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"File Sanitizer"=C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2009-12-12 11265536]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-11-10 268800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open -

======List of files/folders created in the last 1 months======

2011-02-07 22:09:59 ----D---- C:\Program Files\trend micro
2011-02-07 22:09:58 ----D---- C:\rsit
2011-02-07 21:28:58 ----D---- C:\Users\vlado\AppData\Roaming\Malwarebytes
2011-02-07 21:28:50 ----D---- C:\ProgramData\Malwarebytes
2011-02-07 21:28:50 ----A---- C:\windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-02-07 21:28:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-07 21:28:46 ----A---- C:\windows\system32\drivers\mbam.sys
2011-02-07 21:13:00 ----D---- C:\Program Files (x86)\CCleaner
2011-02-06 20:17:03 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-02-04 21:39:00 ----A---- C:\windows\vbaddin.ini
2011-02-04 21:38:19 ----A---- C:\windows\ODBC.INI
2011-02-04 21:33:12 ----D---- C:\Program Files (x86)\Microsoft Works
2011-02-04 21:32:40 ----D---- C:\windows\PCHEALTH
2011-02-04 21:30:40 ----D---- C:\Program Files\GIMP-2.0
2011-01-31 15:35:09 ----D---- C:\Program Files (x86)\Maxis Broadband
2011-01-31 14:05:09 ----D---- C:\Program Files (x86)\Mobile Partner
2011-01-31 12:47:08 ----A---- C:\windows\system32\drivers\SWDUMon.sys
2011-01-31 12:47:03 ----D---- C:\Program Files (x86)\SlimDrivers
2011-01-29 12:12:07 ----A---- C:\windows\system32\drivers\VMM.sys
2011-01-25 17:37:52 ----D---- C:\Program Files (x86)\Microsoft Virtual PC
2011-01-25 16:02:51 ----A---- C:\windows\system32\drivers\sptd.sys
2011-01-20 22:10:59 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-01-20 22:10:28 ----D---- C:\ProgramData\Microsoft Help
2011-01-20 22:10:00 ----RHD---- C:\MSOCache
2011-01-19 22:19:37 ----A---- C:\windows\system32\drivers\dtsoftbus01.sys
2011-01-19 22:19:31 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\Users\vlado\AppData\Roaming\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-01-18 17:02:47 ----D---- C:\Program Files (x86)\OnCourt
2011-01-15 20:41:00 ----D---- C:\Program Files (x86)\Veetle
2011-01-12 10:58:19 ----A---- C:\windows\system32\d3d10warp.dll
2011-01-12 10:58:18 ----A---- C:\windows\SYSWOW64\d3d10warp.dll
2011-01-12 10:58:18 ----A---- C:\windows\system32\d2d1.dll
2011-01-12 10:58:17 ----A---- C:\windows\SYSWOW64\d2d1.dll
2011-01-12 10:58:17 ----A---- C:\windows\system32\WMVDECOD.DLL
2011-01-12 10:58:17 ----A---- C:\windows\system32\mf.dll
2011-01-12 10:58:17 ----A---- C:\windows\system32\DWrite.dll
2011-01-12 10:58:16 ----A---- C:\windows\SYSWOW64\DWrite.dll
2011-01-12 10:58:16 ----A---- C:\windows\system32\XpsPrint.dll
2011-01-12 10:58:16 ----A---- C:\windows\system32\FntCache.dll
2011-01-12 10:58:14 ----A---- C:\windows\SYSWOW64\XpsPrint.dll
2011-01-12 10:58:14 ----A---- C:\windows\SYSWOW64\mf.dll
2011-01-12 10:58:14 ----A---- C:\windows\system32\XpsGdiConverter.dll
2011-01-12 10:58:13 ----A---- C:\windows\SYSWOW64\XpsGdiConverter.dll
2011-01-12 10:58:13 ----A---- C:\windows\system32\ExplorerFrame.dll
2011-01-12 10:58:13 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-01-12 10:58:13 ----A---- C:\windows\system32\d3d10_1core.dll
2011-01-12 10:58:12 ----A---- C:\windows\SYSWOW64\WMVDECOD.DLL
2011-01-12 10:58:12 ----A---- C:\windows\SYSWOW64\d3d10_1core.dll
2011-01-12 10:58:12 ----A---- C:\windows\system32\mfreadwrite.dll
2011-01-12 10:58:11 ----A---- C:\windows\SYSWOW64\mfreadwrite.dll
2011-01-12 10:58:11 ----A---- C:\windows\SYSWOW64\ExplorerFrame.dll
2011-01-12 10:58:11 ----A---- C:\windows\system32\XpsRasterService.dll
2011-01-12 10:58:10 ----A---- C:\windows\SYSWOW64\XpsRasterService.dll
2011-01-12 10:58:10 ----A---- C:\windows\SYSWOW64\d3d10_1.dll
2011-01-12 10:58:10 ----A---- C:\windows\system32\mfps.dll
2011-01-12 10:58:10 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-01-12 10:58:10 ----A---- C:\windows\system32\d3d10_1.dll
2011-01-12 10:58:10 ----A---- C:\windows\system32\cdd.dll
2011-01-12 07:05:49 ----A---- C:\windows\system32\odbc32.dll
2011-01-12 07:05:48 ----A---- C:\windows\SYSWOW64\odbc32.dll
2011-01-08 20:19:15 ----D---- C:\ProgramData\Nokia
2011-01-08 15:40:28 ----A---- C:\windows\SYSWOW64\shoA3F0.tmp
2011-01-08 15:38:24 ----D---- C:\Program Files (x86)\PC Connectivity Solution

======List of files/folders modified in the last 1 months======

2011-02-07 22:30:52 ----D---- C:\windows\Temp
2011-02-07 22:09:59 ----D---- C:\Program Files
2011-02-07 21:28:50 ----HD---- C:\ProgramData
2011-02-07 21:28:50 ----D---- C:\windows\SYSWOW64\drivers
2011-02-07 21:28:46 ----D---- C:\windows\system32\drivers
2011-02-07 21:28:46 ----D---- C:\Program Files (x86)
2011-02-07 20:49:00 ----D---- C:\Users\vlado\AppData\Roaming\Skype
2011-02-07 20:48:21 ----D---- C:\Users\vlado\AppData\Roaming\Rynga
2011-02-07 20:37:27 ----D---- C:\windows\system32\config
2011-02-07 20:33:26 ----D---- C:\Users\vlado\AppData\Roaming\skypePM
2011-02-07 19:29:27 ----D---- C:\windows\System32
2011-02-07 19:29:27 ----D---- C:\windows\inf
2011-02-07 19:29:27 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-07 19:24:12 ----D---- C:\ProgramData\HPQLOG
2011-02-07 19:24:09 ----A---- C:\windows\SYSWOW64\log.txt
2011-02-07 09:02:36 ----D---- C:\windows\winsxs
2011-02-06 23:42:50 ----SHD---- C:\windows\Installer
2011-02-06 23:42:15 ----D---- C:\Users\vlado\AppData\Roaming\Nokia
2011-02-06 23:41:18 ----SHD---- C:\System Volume Information
2011-02-06 23:31:29 ----D---- C:\windows\tracing
2011-02-06 20:28:37 ----D---- C:\Users\vlado\AppData\Roaming\LangSoft
2011-02-06 20:28:36 ----D---- C:\Windows
2011-02-06 20:28:36 ----D---- C:\ProgramData\LangSoft
2011-02-06 20:28:36 ----A---- C:\windows\TRNCOM.INI
2011-02-06 20:26:25 ----D---- C:\windows\ShellNew
2011-02-06 20:26:21 ----A---- C:\windows\win.ini
2011-02-06 20:20:07 ----RSD---- C:\windows\assembly
2011-02-06 20:17:20 ----D---- C:\Program Files (x86)\MSBuild
2011-02-06 20:16:40 ----D---- C:\Program Files (x86)\Microsoft Office
2011-02-06 20:16:36 ----RSD---- C:\windows\Fonts
2011-02-06 20:16:24 ----SD---- C:\Users\vlado\AppData\Roaming\Microsoft
2011-02-06 20:16:24 ----SD---- C:\ProgramData\Microsoft
2011-02-06 20:13:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-02-06 20:10:55 ----D---- C:\windows\system32\DriverStore
2011-02-06 20:10:55 ----D---- C:\windows\system32\catroot
2011-02-06 20:10:50 ----D---- C:\windows\Prefetch
2011-02-06 20:10:33 ----D---- C:\Program Files\Common Files
2011-02-06 20:10:27 ----D---- C:\Program Files (x86)\Common Files
2011-02-06 18:58:51 ----D---- C:\Users\vlado\AppData\Roaming\BitTorrent
2011-02-04 22:29:22 ----D---- C:\windows\system32\Tasks
2011-02-04 21:36:59 ----D---- C:\Program Files\Hewlett-Packard
2011-02-04 21:36:59 ----D---- C:\Program Files (x86)\Hewlett-Packard
2011-02-04 21:36:58 ----D---- C:\windows\SysWOW64
2011-02-04 21:32:40 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-02-04 21:32:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-02 19:36:58 ----D---- C:\windows\system32\catroot2
2011-02-02 16:05:41 ----D---- C:\windows\Tasks
2011-02-02 15:16:27 ----D---- C:\Users\vlado\AppData\Roaming\PC Suite
2011-01-31 21:55:34 ----D---- C:\Users\vlado\AppData\Roaming\BSplayer PRO
2011-01-31 12:51:31 ----D---- C:\Program Files\Microsoft Office
2011-01-31 12:51:10 ----D---- C:\Users\vlado\AppData\Roaming\SoftGrid Client
2011-01-30 17:43:39 ----D---- C:\Users\vlado\AppData\Roaming\IObit
2011-01-24 19:51:17 ----D---- C:\windows\system32\NDF
2011-01-21 19:37:09 ----D---- C:\windows\system32\drivers\UMDF
2011-01-20 21:54:27 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-01-20 12:04:52 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2011-01-19 19:43:48 ----D---- C:\Program Files\DIFX
2011-01-19 19:42:56 ----D---- C:\swsetup
2011-01-12 10:58:51 ----A---- C:\windows\system32\MRT.exe
2011-01-08 20:37:00 ----D---- C:\Users\vlado\AppData\Roaming\Nokia Ovi Suite
2011-01-08 15:38:27 ----DC---- C:\windows\system32\DRVSTORE
2011-01-08 15:37:58 ----D---- C:\Program Files (x86)\Nokia
2011-01-08 12:11:19 ----D---- C:\windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2010-07-16 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-12-16 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-12-16 15688]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-01-25 834544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-19 254528]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-12-16 58184]
R1 vmm;Virtual Machine Monitor; \??\C:\windows\system32\Drivers\vmm.sys [2011-01-29 294232]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2010-07-16 43320]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-08-13 1209856]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
R3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2010-06-24 80384]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-11-10 7778176]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-11-10 244736]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2010-06-29 931168]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-02-05 89088]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2010-06-24 552448]
S3 btmaudio;Motorola Bluetooth Audio Service; C:\windows\system32\drivers\btmaud.sys []
S3 BTMCOM;Bluetooth Serial Port; C:\windows\System32\Drivers\btmcom.sys []
S3 BTMMODEM;Bluetooth Modem Device; C:\windows\system32\DRIVERS\btmcom.sys []
S3 BTMNET;Motorola Bluetooth Network Adapter Service; C:\windows\system32\DRIVERS\btmnet.sys []
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2010-07-30 19456]
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2010-07-30 26624]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\windows\system32\drivers\nmwcdnsucx64.sys [2010-07-26 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys [2010-07-26 171008]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\windows\syswow64\pwdspio.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 SWDUMon;SWDUMon; C:\windows\system32\DRIVERS\SWDUMon.sys [2011-01-31 13920]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-07-30 9216]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-07-30 9216]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-03-27 16896]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2009-11-25 462088]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-06-30 121344]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-19 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [2010-03-17 244736]
R2 uArcCapture;ArcCapture; C:\windows\system\uArcCapture.exe [2009-12-04 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-12-16 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-06-25 665656]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2009-12-14 2019120]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-11-15 1255736]

-----------------EOF-----------------

ooToo · #2 Příspěvek od **ooToo** » 07 úno 2011 22:39

O17 - HKLM\System\CCS\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{849ECDC4-6C4F-48A8-8971-4429E01A43EB}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33

Firewallu Es.t mi hlasi pokus o Utok DNS z tychto adries adresy nevedel som kde to mam hladat a co to vlastne je ...no som o nieco mudrejsi z toho logu ale ... I need help

#3 Příspěvek od **motji** » 08 úno 2011 09:38

Hezké dopoledne

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

ooToo · #4 Příspěvek od **ooToo** » 08 úno 2011 10:53

Dakujem aj Vam prajem krasny slnecny dnik

No hned je den krajsi, ked sa zacina takymito slovami

Scan z MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verzia databázy: 5709

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/8/2011 10:52:24 AM
mbam-log-2011-02-08 (10-52-17).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objektov kontrolovaných: 292436
Uplynutý èas: 27 min, 38 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registraèné k¾úèe: 0
Infikované registraèné hodnoty: 0
Infikované položky registraèných dát: 0
Infikované prieèinky: 0
Infikované súbory: 1

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registraèné k¾úèe:
(Škodlivé položky neboli zistené)

Infikované registraèné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registraèných dát:
(Škodlivé položky neboli zistené)

Infikované prieèinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
d:\__programy__\Disk\acr - keygen.exe (Trojan.Dropper.PGen) -> No action taken.

#5 Příspěvek od **motji** » 08 úno 2011 14:26

Ta IP adresa patří http://en.utrace.de/?query=194.228.211.33
a druhá http://en.utrace.de/?query=160.218.161.60

V mbamu smažte vše.

ooToo · #6 Příspěvek od **ooToo** » 08 úno 2011 14:58

#7 Příspěvek od **motji** » 08 úno 2011 15:00

ještě jsme neskončili

-Znáte ty IP adresy?

ooToo · #8 Příspěvek od **ooToo** » 08 úno 2011 18:34

aha

a ja som si myslel, že je to všetko

(Medzi tím som aplikoval ccleaner..)
Používam mobilný internet od spoločnosti O2 slovensko (žeby rovnaký ISP ... hmm) nemám šajnu čo sú to za adresy viem iba to, že sa to u mňa "objavilo" deň po tom ako som svoj mobil začal používať ako modem. Nainštalujem si Zone alarm a uvidíme či mi poskytne dostatok informácii na to aby som zistil pri akej aplikácii alebo navštívenej stránke sa sa tento proces odohráva.

#9 Příspěvek od **motji** » 08 úno 2011 21:01

Dobře, pak se ozvěte

ooToo · #10 Příspěvek od **ooToo** » 09 úno 2011 12:22

Dobrý deň prajem tak ZoneAlarm sa mi na wind7 nepodarilo nainštalovať z dôvodu nejakej chyby:(

K adresám:
čo som sa dočítal aj tu u Vás na fóre tak ten problém s tými adresami bude zrejme na strane poskytovateľa u mňa je to O2.

DNS Resolver(s) Tested:

1. 160.218.161.60 (dnsmob31.o2isp.cz) appears to have GREAT source port randomness and GREAT transaction ID randomness.
2. 194.228.211.33 (dnsmob11.o2isp.cz) appears to have GREAT source port randomness and GREAT transaction ID randomness.

Včera som si všimol to že keď nastane tento proces Detekován útok DNS cache poisoning 194.228.211.33:53 91.191.96.191:59099 UDP (ževraj je to nejaký bug v firewalli Ese*) tak môj modem "spadne" a už sa nemôžem pripojiť na internet z dôvodu že porty sú používane inou aplikáciou(bol som pripojený pomocou bluetooth)...hmm musím použiť USB kábel a vtedy sa to všetko opraví. Chcel som sa bližšie pozrieť na tu sieťovú komunikáciu ale zistil som že wireshark nedokáže sledovať rozhranie Bluetooth:( (možno som to len správne nepochopil).
Neviem či je na tom logu niečo netypické a či sa mám niečoho obávať osobne sa mi tam nepáčia niektoré vec napr:

O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)

Skôr to bude vytrhnuté z kontextu a je to súčasť nejakej aplikácie asi HP protect tools
vidím to prvý krát a určite sa budem v budúcnosti o to zaujímať podrobnejšie(teraz mám málo času na dôkladnejšie štúdium)
prajem krásny dník

#11 Příspěvek od **motji** » 09 úno 2011 13:38

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

ooToo · #12 Příspěvek od **ooToo** » 09 úno 2011 15:06

Zdravím pri skenovaní infikovaných súborov combofix "spadol" skúšal som ho spustiť aj ako administrátor

ooToo · #13 Příspěvek od **ooToo** » 09 úno 2011 15:33

Tak nakoniec som to skusil v safe mode ako tu niekde bolo o tom pisane

bol som strasne sikovny a dopadlo to dobre pretoze som mal zapnuty antivirus a firewall klik sem klik tam a uz nebolo cesty spat:) tu je log
ComboFix 11-02-08.03 - vlado 02/09/2011 15:15:54.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2927.2451 [GMT 1:00]
Running from: c:\users\vlado\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-09 12:41 . 2010-07-09 12:19 21480 ----a-w- c:\windows\system32\drivers\cpuz134_x64.sys
2011-02-09 12:41 . 2011-02-09 12:41 -------- d-----w- c:\program files\CPUID
2011-02-08 21:23 . 2011-02-08 21:26 -------- d-----w- c:\users\vlado\AppData\Roaming\Wireshark
2011-02-08 21:22 . 2011-02-08 21:22 -------- d-----w- c:\program files (x86)\WinPcap
2011-02-08 21:21 . 2011-02-08 21:22 -------- d-----w- c:\program files\Wireshark
2011-02-08 19:03 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-08 18:34 . 2011-02-08 18:34 -------- d-----w- c:\program files (x86)\Zone Labs
2011-02-08 18:34 . 2011-02-08 18:34 -------- d-----w- c:\programdata\CheckPoint
2011-02-08 18:33 . 2011-02-08 18:35 -------- d-----w- c:\windows\Internet Logs
2011-02-07 21:09 . 2011-02-09 10:53 -------- d-----w- c:\program files\trend micro
2011-02-07 21:09 . 2011-02-09 10:53 -------- d-----w- C:\rsit
2011-02-07 20:28 . 2011-02-07 20:28 -------- d-----w- c:\users\vlado\AppData\Roaming\Malwarebytes
2011-02-07 20:28 . 2011-02-07 20:28 -------- d-----w- c:\programdata\Malwarebytes
2011-02-07 20:28 . 2011-02-08 19:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-07 20:28 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-07 20:13 . 2011-02-07 20:13 -------- d-----w- c:\program files (x86)\CCleaner
2011-02-05 17:02 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C699B6A-0EA2-49B0-804F-9FFE91B64009}\mpengine.dll
2011-02-04 21:32 . 2011-02-04 21:32 -------- d-----w- c:\users\vlado\.gimp-2.6
2011-02-04 20:33 . 2011-02-04 20:33 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-02-04 20:32 . 2011-02-04 20:32 -------- d-----w- c:\windows\PCHEALTH
2011-02-04 20:30 . 2011-02-04 20:30 -------- d-----w- c:\program files\GIMP-2.0
2011-01-31 14:35 . 2011-02-04 17:46 -------- d-----w- c:\program files (x86)\Maxis Broadband
2011-01-31 13:05 . 2011-01-31 14:32 -------- d-----w- c:\program files (x86)\Mobile Partner
2011-01-31 11:47 . 2011-01-31 11:48 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-01-31 11:47 . 2011-01-31 11:47 -------- d-----w- c:\users\vlado\AppData\Local\SlimWare Utilities Inc
2011-01-31 11:47 . 2011-01-31 11:52 -------- d-----w- c:\program files (x86)\SlimDrivers
2011-01-29 11:12 . 2011-01-29 11:12 294232 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-01-25 21:15 . 2011-01-31 11:01 -------- d-----w- c:\users\vlado\AppData\Local\PDFC
2011-01-25 16:40 . 2011-02-09 08:18 165232 ---ha-w- c:\users\vlado\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-01-25 16:37 . 2011-01-25 16:37 -------- d-----w- c:\program files (x86)\Microsoft Virtual PC
2011-01-25 15:02 . 2011-01-25 15:02 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-23 10:54 . 2011-01-23 10:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-01-20 21:10 . 2011-01-20 21:11 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-01-20 21:10 . 2011-01-20 21:10 -------- d-----w- c:\users\vlado\AppData\Local\Microsoft Help
2011-01-20 21:10 . 2011-02-09 13:38 -------- d-----w- c:\programdata\Microsoft Help
2011-01-20 21:10 . 2011-01-20 21:10 -------- d-----r- C:\MSOCache
2011-01-20 13:54 . 2011-01-20 13:54 -------- d-----w- c:\users\vlado\AppData\Local\Western Digital
2011-01-19 21:34 . 2011-01-19 21:39 -------- d-----w- c:\users\vlado\AppData\Local\NokiaAccount
2011-01-19 21:19 . 2011-01-19 21:19 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-01-19 21:19 . 2011-01-25 15:02 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-01-19 21:18 . 2011-01-20 21:09 -------- d-----w- c:\users\vlado\AppData\Roaming\DAEMON Tools Lite
2011-01-19 21:18 . 2011-01-19 21:19 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-01-18 16:04 . 2011-01-18 16:04 -------- d-----w- c:\users\vlado\AppData\Local\GHISLER
2011-01-18 16:02 . 2011-01-18 16:32 -------- d-----w- c:\program files (x86)\OnCourt
2011-01-15 19:41 . 2011-01-15 19:41 -------- d-----w- c:\program files (x86)\Veetle
2011-01-12 06:05 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 06:05 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 06:05 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 06:05 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 06:05 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 06:05 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 06:05 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 06:05 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 06:05 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 06:05 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 14:40 . 2011-01-08 14:40 0 ----a-w- c:\windows\SysWow64\shoA3F0.tmp
2010-12-27 08:00 . 2011-01-05 23:32 80896 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2010-12-07 18:40 . 2011-01-05 23:32 183808 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2010-12-07 18:22 . 2011-01-05 23:32 810496 ----a-w- c:\windows\SysWow64\xvidcore.dll
2010-12-04 19:01 . 2010-12-04 19:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-02 13:42 . 2010-09-02 18:21 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2010-11-11 20:37 . 2010-12-21 14:48 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2010-11-11 20:37 . 2010-12-21 14:48 408680 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2010-11-11 20:37 . 2010-01-05 23:39 107624 ----a-w- c:\windows\system32\RTNUninst64.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-18 103992]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 2019120]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMMODEM;Bluetooth Modem Device;c:\windows\system32\DRIVERS\btmcom.sys [x]
R3 BTMNET;Motorola Bluetooth Network Adapter Service;c:\windows\system32\DRIVERS\btmnet.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2010-07-26 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-07-26 171008]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 13280]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-01-31 13920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-15 1255736]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-25 834544]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-19 254528]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-04 506472]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-12-16 704512]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-11-10 244736]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-06-29 931168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2010-02-05 04:09 89088]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-03 c:\windows\Tasks\HPCeeScheduleForvlado.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF27676.cfxxe" [X]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-06-18 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2916584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-10 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-10 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-10 410136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 192.168.2.109:808
IE: E&xportovat do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: {1E76A8FC-627C-45D6-B073-3EE3307BB182} = 160.218.161.60 194.228.211.33
FF - ProfilePath - c:\users\vlado\AppData\Roaming\Mozilla\Firefox\Profiles\plght6fp.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.ftp - 192.168.2.104
FF - prefs.js: network.proxy.ftp_port - 808
FF - prefs.js: network.proxy.gopher - 192.168.2.104
FF - prefs.js: network.proxy.gopher_port - 808
FF - prefs.js: network.proxy.http - 192.168.2.104
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.socks - 192.168.2.104
FF - prefs.js: network.proxy.socks_port - 808
FF - prefs.js: network.proxy.ssl - 192.168.2.104
FF - prefs.js: network.proxy.ssl_port - 808
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Notify-DeviceNP - DeviceNP.dll
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Completion time: 2011-02-09 15:22:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-09 14:22

Pre-Run: 46,145,998,848 bytes free
Post-Run: 45,389,946,880 bytes free

- - End Of File - - 82D40ECB0B8569EC849FF05F010D8440

#14 Příspěvek od **motji** » 09 úno 2011 21:43

Já Vám něco raději opravím přes OTL, combofix v poslední době nějak zlobí.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

ooToo · #15 Příspěvek od **ooToo** » 09 úno 2011 22:43

Zdravím tak tu to mame:)

OTL logfile created on: 2/9/2011 10:25:01 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\vlado\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80.30 Gb Total Space | 43.79 Gb Free Space | 54.53% Space Free | Partition Type: NTFS
Drive D: | 200.50 Gb Total Space | 100.54 Gb Free Space | 50.15% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.50% Space Free | Partition Type: FAT32

Computer Name: HP | User Name: vlado | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/09 22:03:43 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\vlado\Desktop\OTL.exe
PRC - [2010/12/14 21:51:05 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/14 21:51:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/10 12:49:36 | 001,289,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/08/12 22:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/07/07 07:55:10 | 003,687,736 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2010/06/25 21:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/05/11 10:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010/03/01 18:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2009/12/16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/12/16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
PRC - [2009/12/04 13:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\system\uArcCapture.exe
PRC - [2009/11/25 02:57:20 | 000,627,976 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2009/11/18 23:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/11/04 22:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 22:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2007/02/18 08:29:18 | 004,478,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Virtual PC\Virtual PC.exe

========== Modules (SafeList) ==========

MOD - [2011/02/09 22:03:43 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\vlado\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/12 22:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/08/12 22:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/06/19 00:25:12 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2010/04/05 19:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/03/17 13:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/12/16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV:64bit: - [2009/12/16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)
SRV:64bit: - [2009/12/14 19:15:58 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/11/25 02:57:20 | 000,462,088 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 21:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/06/25 21:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 18:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2009/12/14 18:47:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/12/04 13:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\system\uArcCapture.exe -- (uArcCapture)
SRV - [2009/11/18 23:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/11/17 22:39:16 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/11/04 22:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 22:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/31 12:48:48 | 000,013,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2011/01/29 12:12:07 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2011/01/25 16:02:51 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/01/19 22:19:37 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/11/11 21:37:32 | 000,408,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/10 21:53:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/11/10 21:52:59 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/29 23:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/07/30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/07/30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/07/30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/07/29 21:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/07/29 21:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 21:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 21:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/07/29 21:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/07/26 12:24:58 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010/07/26 12:24:54 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010/07/16 23:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 23:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/07/09 13:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/06/29 17:01:38 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/06/25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/04 04:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/12 09:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/05/12 09:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/09 21:17:04 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010/04/09 21:16:58 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010/03/17 13:48:42 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/16 20:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/10 12:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/05 05:09:14 | 000,089,088 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2009/12/04 11:48:18 | 000,032,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2009/10/21 21:37:52 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/13 11:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/01/29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2009/12/16 01:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/12/16 01:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/12/16 01:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/12/16 01:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1345732471-1687573740-328697185-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKU\S-1-5-21-1345732471-1687573740-328697185-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4191
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..network.proxy.backup.ftp: "192.168.2.104"
FF - prefs.js..network.proxy.backup.ftp_port: 808
FF - prefs.js..network.proxy.backup.gopher: "192.168.2.104"
FF - prefs.js..network.proxy.backup.gopher_port: 808
FF - prefs.js..network.proxy.backup.socks: "192.168.2.104"
FF - prefs.js..network.proxy.backup.socks_port: 808
FF - prefs.js..network.proxy.backup.ssl: "192.168.2.104"
FF - prefs.js..network.proxy.backup.ssl_port: 808
FF - prefs.js..network.proxy.ftp: "192.168.2.104"
FF - prefs.js..network.proxy.ftp_port: 808
FF - prefs.js..network.proxy.gopher: "192.168.2.104"
FF - prefs.js..network.proxy.gopher_port: 808
FF - prefs.js..network.proxy.http: "192.168.2.104"
FF - prefs.js..network.proxy.http_port: 808
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.2.104"
FF - prefs.js..network.proxy.socks_port: 808
FF - prefs.js..network.proxy.ssl: "192.168.2.104"
FF - prefs.js..network.proxy.ssl_port: 808
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/09/02 19:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/12/24 15:11:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 21:51:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/04 21:33:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/11/06 03:17:18 | 000,000,000 | ---D | M]

[2010/11/09 22:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vlado\AppData\Roaming\Mozilla\Extensions
[2011/02/09 17:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vlado\AppData\Roaming\Mozilla\Firefox\Profiles\plght6fp.default\extensions
[2010/11/24 21:55:37 | 000,000,000 | ---D | M] (vShare) -- C:\Users\vlado\AppData\Roaming\Mozilla\Firefox\Profiles\plght6fp.default\extensions\vshare@toolbar
[2010/12/04 20:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/04 20:01:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/02 19:43:43 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT
[2010/12/04 20:01:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/27 06:59:39 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/10/27 06:59:39 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/10/27 06:59:39 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/10/27 06:59:39 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/10/27 06:59:39 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/10/27 06:59:39 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll ()
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
O3 - HKU\S-1-5-21-1345732471-1687573740-328697185-1002\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1345732471-1687573740-328697185-1002..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1345732471-1687573740-328697185-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1345732471-1687573740-328697185-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1345732471-1687573740-328697185-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit pøekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Pøeložit &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Pøeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll ()
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1345732471-1687573740-328697185-1002\...exe [@ = exefile] -- Reg Error: Key error. File not found

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/09 22:03:06 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\vlado\Desktop\OTL.exe
[2011/02/09 15:25:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/02/09 15:24:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/02/09 15:22:17 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/02/09 15:19:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/09 14:50:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/02/09 14:50:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/02/09 14:50:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/02/09 14:40:25 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/02/09 14:40:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/09 13:41:41 | 000,021,480 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\cpuz134_x64.sys
[2011/02/09 13:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2011/02/09 13:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011/02/08 22:23:03 | 000,000,000 | ---D | C] -- C:\Users\vlado\AppData\Roaming\Wireshark
[2011/02/08 22:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011/02/08 22:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2011/02/08 22:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2011/02/08 20:03:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/08 20:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/08 19:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/02/08 19:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/02/08 19:33:59 | 000,000,000 | ---D | C] -- C:\windows\Internet Logs
[2011/02/07 22:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/02/07 22:09:58 | 000,000,000 | ---D | C] -- C:\rsit
[2011/02/07 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\vlado\AppData\Roaming\Malwarebytes
[2011/02/07 21:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/07 21:28:46 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/02/07 21:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/07 21:13:12 | 000,000,000 | ---D | C] -- C:\Users\vlado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/02/07 21:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2011/02/06 20:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/02/05 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\vlado\Desktop\wordpress
[2011/02/04 22:32:00 | 000,000,000 | ---D | C] -- C:\Users\vlado\.gimp-2.6
[2011/02/04 22:31:59 | 000,000,000 | ---D | C] -- C:\Users\vlado\Documents\gegl-0.0
[2011/02/04 21:39:41 | 000,000,000 | --SD | C] -- C:\Users\vlado\Documents\Obrazce
[2011/02/04 21:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/02/04 21:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/02/04 21:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/02/04 21:32:40 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2011/02/04 21:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/02/04 21:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011/02/01 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\vlado\Desktop\FIFA 07 Soundtrack [STEELE]
[2011/01/31 15:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis Broadband
[2011/01/31 14:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2011/01/31 12:47:08 | 000,000,000 | ---D | C] -- C:\Users\vlado\AppData\Local\SlimWare Utilities Inc
[2011/01/31 12:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2011/01/29 12:12:07 | 000,294,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\VMM.sys
[2011/01/25 22:15:21 | 000,000,000 | ---D | C] -- C:\Users\vlado\AppData\Local\PDFC
[2011/01/25 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\vlado\Documents\My Virtual Machines
[2011/01/25 17:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Virtual PC
[2011/01/25 16:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/01/20 22:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2011/01/20 22:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/01/20 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\vlado\AppData\Local\Microsoft Help
[2011/01/20 22:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/01/20 22:10:00 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/01/20 21:49:55 | 000,000,000 | ---D | C] -- C:\Users\vlado\Desktop\New folder
[2011/01/20 14:54:36 | 000,000,000 | ---D | C] -- C:\Users\vlado\AppData\Local\Western Digital
[2011/01/19 22:49:13 | 000,000,000 | ---D | C] -- C:\Users\vlado\Documents\Ovi
[2011/01/19 22:34:29 | 000,000,000 | ---D | C] -- C:\Users\vlado\AppData\Local\NokiaAccount
[2011/01/19 22:19:37 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2011/01/19 22:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/01/19 22:18:55 | 000,000,000 | ---D | C] -- C:\Users\vlado\AppData\Roaming\DAEMON Tools Lite
[2011/01/19 22:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/01/18 17:04:35 | 000,000,000 | ---D | C] -- C:\Users\vlado\AppData\Local\GHISLER
[2011/01/18 17:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnCourt
[2011/01/15 20:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2011/01/14 20:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2011/01/12 10:58:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2011/01/12 10:58:18 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d10warp.dll
[2011/01/12 10:58:18 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2011/01/12 10:58:17 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mf.dll
[2011/01/12 10:58:17 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2011/01/12 10:58:17 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2011/01/12 10:58:17 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d2d1.dll
[2011/01/12 10:58:16 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DWrite.dll
[2011/01/12 10:58:16 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2011/01/12 10:58:14 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mf.dll
[2011/01/12 10:58:14 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2011/01/12 10:58:14 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2011/01/12 10:58:13 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ExplorerFrame.dll
[2011/01/12 10:58:13 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2011/01/12 10:58:13 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2011/01/12 10:58:12 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2011/01/12 10:58:12 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll
[2011/01/12 10:58:12 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d10_1core.dll
[2011/01/12 10:58:11 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ExplorerFrame.dll
[2011/01/12 10:58:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll
[2011/01/12 10:58:11 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll
[2011/01/12 10:58:10 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2011/01/12 10:58:10 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfps.dll
[2011/01/12 10:58:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2011/01/12 10:58:10 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d10_1.dll
[2011/01/12 10:58:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2011/01/12 10:58:10 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll
[2011/01/12 07:05:49 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbc32.dll
[2011/01/12 07:05:48 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbc32.dll
[3 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\vlado\Desktop\*.tmp files -> C:\Users\vlado\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/09 22:03:43 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\vlado\Desktop\OTL.exe
[2011/02/09 20:58:23 | 000,625,854 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/02/09 20:58:23 | 000,107,238 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/02/09 20:58:22 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/02/09 20:55:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/02/09 16:44:46 | 000,014,223 | ---- | M] () -- C:\Users\vlado\Desktop\Optické vlákna a ich vlastnosti.docx
[2011/02/09 15:40:31 | 000,000,162 | -H-- | M] () -- C:\Users\vlado\Desktop\~$tické vlákna a ich vlastnosti.docx
[2011/02/09 15:26:58 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/09 15:26:58 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/09 15:19:22 | 3069,632,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/09 14:38:22 | 004,265,718 | R--- | M] () -- C:\Users\vlado\Desktop\ComboFix.exe
[2011/02/09 14:38:18 | 000,000,535 | ---- | M] () -- C:\windows\SysWow64\mapisvc.inf
[2011/02/09 13:46:25 | 000,007,607 | ---- | M] () -- C:\Users\vlado\AppData\Local\Resmon.ResmonCfg
[2011/02/09 13:41:41 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011/02/09 11:12:05 | 000,879,028 | ---- | M] () -- C:\Users\vlado\Desktop\SecurityCheck.exe
[2011/02/08 22:21:58 | 000,001,555 | ---- | M] () -- C:\Users\vlado\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/02/08 20:03:12 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/08 19:33:35 | 046,947,840 | ---- | M] () -- C:\Users\vlado\Desktop\zaSetup_92_102_000_en.exe
[2011/02/07 21:13:12 | 000,000,967 | ---- | M] () -- C:\Users\vlado\Desktop\CCleaner.lnk
[2011/02/07 19:31:31 | 000,029,184 | ---- | M] () -- C:\Users\vlado\Desktop\Optické vlákna a ich vlastnosti.doc
[2011/02/06 23:31:29 | 000,327,680 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2011/02/06 21:06:36 | 000,000,355 | ---- | M] () -- C:\Users\vlado\Desktop\Computer - Shortcut.lnk
[2011/02/06 21:04:01 | 000,417,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/02/06 20:28:36 | 000,002,686 | ---- | M] () -- C:\windows\TRNCOM.INI
[2011/02/05 18:23:52 | 008,161,902 | ---- | M] () -- C:\Users\vlado\Desktop\kapitoly_z_optiky.pdf
[2011/02/04 21:51:02 | 000,000,162 | ---- | M] () -- C:\windows\ODBC.INI
[2011/02/03 12:05:25 | 000,000,332 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForvlado.job
[2011/01/31 21:55:17 | 000,003,584 | ---- | M] () -- C:\Users\vlado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 12:48:48 | 000,013,920 | ---- | M] () -- C:\windows\SysNative\drivers\SWDUMon.sys
[2011/01/30 22:26:24 | 000,000,600 | ---- | M] () -- C:\Users\vlado\PUTTY.RND
[2011/01/29 12:12:07 | 000,294,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\VMM.sys
[2011/01/28 15:54:42 | 000,000,476 | ---- | M] () -- C:\Users\vlado\Desktop\DIPL.ppr
[2011/01/25 23:09:07 | 000,246,557 | ---- | M] () -- C:\Users\vlado\Desktop\Harmonogram_Mgr_10_11.pdf
[2011/01/25 16:02:51 | 000,834,544 | ---- | M] () -- C:\windows\SysNative\drivers\sptd.sys
[2011/01/24 19:52:13 | 000,259,258 | ---- | M] () -- C:\Users\vlado\Desktop\Sucastne a buduce varianty PON.pdf
[2011/01/21 19:37:11 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/01/20 12:04:52 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/01/19 22:19:37 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[3 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\vlado\Desktop\*.tmp files -> C:\Users\vlado\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/09 15:40:31 | 000,000,162 | -H-- | C] () -- C:\Users\vlado\Desktop\~$tické vlákna a ich vlastnosti.docx
[2011/02/09 14:50:43 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/02/09 14:50:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/02/09 14:50:43 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/02/09 14:50:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/02/09 14:50:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/02/09 14:34:23 | 004,265,718 | R--- | C] () -- C:\Users\vlado\Desktop\ComboFix.exe
[2011/02/09 13:41:41 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011/02/09 11:11:30 | 000,879,028 | ---- | C] () -- C:\Users\vlado\Desktop\SecurityCheck.exe
[2011/02/08 22:21:58 | 000,001,555 | ---- | C] () -- C:\Users\vlado\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/02/08 22:21:58 | 000,001,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2011/02/08 20:03:12 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/08 18:32:07 | 046,947,840 | ---- | C] () -- C:\Users\vlado\Desktop\zaSetup_92_102_000_en.exe
[2011/02/07 21:13:12 | 000,000,967 | ---- | C] () -- C:\Users\vlado\Desktop\CCleaner.lnk
[2011/02/07 19:31:31 | 000,029,184 | ---- | C] () -- C:\Users\vlado\Desktop\Optické vlákna a ich vlastnosti.doc
[2011/02/06 21:36:51 | 000,014,223 | ---- | C] () -- C:\Users\vlado\Desktop\Optické vlákna a ich vlastnosti.docx
[2011/02/06 21:06:36 | 000,000,355 | ---- | C] () -- C:\Users\vlado\Desktop\Computer - Shortcut.lnk
[2011/02/05 18:23:52 | 008,161,902 | ---- | C] () -- C:\Users\vlado\Desktop\kapitoly_z_optiky.pdf
[2011/02/04 21:38:19 | 000,000,162 | ---- | C] () -- C:\windows\ODBC.INI
[2011/02/02 16:05:36 | 000,000,332 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForvlado.job
[2011/01/31 21:55:17 | 000,003,584 | ---- | C] () -- C:\Users\vlado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 12:47:08 | 000,013,920 | ---- | C] () -- C:\windows\SysNative\drivers\SWDUMon.sys
[2011/01/30 22:26:24 | 000,000,600 | ---- | C] () -- C:\Users\vlado\PUTTY.RND
[2011/01/25 23:08:51 | 000,246,557 | ---- | C] () -- C:\Users\vlado\Desktop\Harmonogram_Mgr_10_11.pdf
[2011/01/25 17:37:54 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Virtual PC.lnk
[2011/01/25 16:02:51 | 000,834,544 | ---- | C] () -- C:\windows\SysNative\drivers\sptd.sys
[2011/01/24 19:52:13 | 000,259,258 | ---- | C] () -- C:\Users\vlado\Desktop\Sucastne a buduce varianty PON.pdf
[2011/01/21 19:37:11 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/01/06 00:32:33 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011/01/06 00:32:32 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/01/06 00:32:31 | 000,810,496 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/01/06 00:32:31 | 000,183,808 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/01/06 00:32:31 | 000,080,896 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2010/12/14 23:49:37 | 000,007,607 | ---- | C] () -- C:\Users\vlado\AppData\Local\Resmon.ResmonCfg
[2010/12/14 21:55:33 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/28 12:56:20 | 000,001,554 | ---- | C] () -- C:\Users\vlado\AppData\Local\mbt-actwiz.log
[2010/11/08 19:11:01 | 000,002,686 | ---- | C] () -- C:\windows\TRNCOM.INI
[2010/11/07 18:53:03 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\clauth2.dll
[2010/11/07 18:53:03 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\clauth1.dll
[2010/11/07 18:53:03 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\ssprs.dll
[2010/11/07 18:53:03 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\serauth2.dll
[2010/11/07 18:53:03 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\serauth1.dll
[2010/11/07 18:53:03 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\nsprs.dll
[2010/11/07 13:43:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/06 03:21:20 | 000,000,088 | RHS- | C] () -- C:\ProgramData\624B29F03D.sys
[2010/11/06 03:21:14 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/02 20:24:50 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdeeceb.sys
[2010/09/02 19:57:57 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
[2010/09/02 19:48:56 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini
[2010/06/25 18:03:12 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2010/02/20 04:27:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/02/20 04:27:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/12/14 22:26:00 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2009/11/25 02:57:20 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2009/11/25 02:57:20 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2009/11/25 02:57:20 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2009/11/24 21:55:38 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2009/11/24 21:55:20 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2009/11/24 21:55:20 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2009/11/17 22:39:36 | 000,329,272 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2009/09/29 23:25:16 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2011/02/06 18:58:51 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\BitTorrent
[2011/01/31 21:55:34 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\BSplayer PRO
[2011/01/20 22:09:33 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\DAEMON Tools Lite
[2010/11/05 10:04:16 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\DigitalPersona
[2010/11/06 03:18:01 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\ESET
[2011/01/05 23:17:25 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\GHISLER
[2011/01/30 17:43:39 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\IObit
[2011/02/06 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\LangSoft
[2011/02/06 23:42:15 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Nokia
[2011/01/08 20:37:00 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Nokia Ovi Suite
[2010/12/17 15:34:07 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Nseries
[2010/11/06 03:25:32 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Opera
[2011/02/02 15:16:27 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\PC Suite
[2010/11/16 22:31:58 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\QIP
[2011/02/07 20:48:21 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Rynga
[2011/01/31 12:51:10 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\SoftGrid Client
[2010/12/14 21:56:01 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\TP
[2011/02/08 22:26:07 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Wireshark
[2011/02/06 16:52:58 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

VIRY.CZ

preventivna:)

preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)

Re: preventivna:)