VIRY.CZ

Dobrý den,
u NTB se hned po zapnutí spustí procesy běžící na pozadí a dojde ke zvýšení činnosti CPU a spuštění větráčku, který i přes velkou snahu nemůže uchladit NTB.
Prosím o kontrolu logu z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ondřej at 2011-07-13 07:08:38
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 74 GB (48%) free of 153 GB
Total RAM: 3839 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:08:47, on 13.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Lingea\Lexicon5\LexWin.exe
C:\Program Files (x86)\Lingea\Lexicon5\LexWin.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Ondřej.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arrow.nl/jazz/#/jazz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Ondřej\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Ondřej\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe "C:\Program Files (x86)\HP\HP UT\"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [USB Gamepad] C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ondřej\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Lingea Update Center.lnk = C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files (x86)\QIP\qip.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: ESET Uninstaller Service (EsetUninstaller) - ESET - C:\Windows\ESETUninstaller.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\RSoft\bin\smpd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RSoft License Server (rslmd) - Unknown owner - C:\RSoft\bin\rslmd.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13294 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe -run
C:\RSoft\bin\smpd.exe
"C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe"
C:\RSoft\bin\rslmd.exe
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {4235D442-4CB1-4801-B1AE-E03744FC9A82}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE" -Embedding
"C:\Program Files (x86)\ATK Hotkey\Hcontrol.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files\Wireless Console 2\wcourier.exe"
"C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe"
"C:\Program Files (x86)\ATK Hotkey\MsgTranAgt64.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
Atouch64.exe
"C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
ATKOSD.exe
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe"
WDC.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Windows\System32\taskmgr.exe"
"C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_500ms_queue_prefetch/DnsParallelism/parallel_7/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/ --channel=4824.025F2620.1520163693 /prefetch:3 --ignored=" --type=renderer "
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
"C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_500ms_queue_prefetch/DnsParallelism/parallel_7/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/ --channel=4824.0265CD30.1329383924 /prefetch:3
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\rundll32.exe "C:\Users\ONDEJ~1\AppData\Local\Google\Chrome\APPLIC~1\120742~1.112\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\12.0.742.112\gcswf32.dll" --lang=cs --channel=4824.08D50F80.555160147 /prefetch:4 --flash-broker=2012
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe" "C:\Users\Ondřej\Desktop\36 FEL_29_6_11_15_In\36 FEL_29_6_11_15_In\Cenik_info_2011_+.pdf"
"C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
"C:\Program Files (x86)\Lingea\Lexicon5\LexWin.exe"
"C:\Program Files (x86)\Lingea\Lexicon5\LexWin.exe"
"C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_500ms_queue_prefetch/DnsParallelism/parallel_7/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/ --channel=4824.08ED6DE8.973048951 /prefetch:3
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Ondřej\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2024502112-2145055025-2828989588-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2024502112-2145055025-2828989588-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://vshare.toolbarhome.com/?hp=df"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, vshare@toolbar:1.0.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default\extensions\
vshare@toolbar
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default\searchplugins\
web-search.xml
youtube.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Ondřej\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-17 1813288]
""= []
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-10-26 500208]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-07-12 9048392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"=C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe [2010-04-12 181760]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]
"Google Update"=C:\Users\Ondřej\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
"AdobeBridge"= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2009-02-25 37888]
"reset"=regedit /s reset.reg []
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2011-06-07 40376]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-09-22 640440]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"HPUsageTracking"=C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [2009-05-11 24576]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-11-25 98304]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"USB Gamepad"=C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Lingea Update Center.lnk - C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EsetUninstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EsetUninstaller]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-13 07:08:38 ----D---- C:\rsit
2011-07-13 07:08:38 ----D---- C:\Program Files\trend micro
2011-07-12 06:40:06 ----D---- C:\Users\Ondřej\AppData\Roaming\ProfiCAD
2011-07-11 14:49:01 ----D---- C:\Program Files (x86)\ProfiCAD
2011-07-11 09:49:26 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-07-11 09:49:26 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-07-11 09:49:25 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-07-11 09:49:25 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-07-11 09:49:25 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-07-11 09:49:21 ----A---- C:\Windows\system32\tquery.dll
2011-07-11 09:49:21 ----A---- C:\Windows\system32\mssrch.dll
2011-07-11 09:49:20 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-07-11 09:49:20 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-07-11 09:49:19 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-07-11 09:49:19 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-07-11 09:49:18 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-07-11 09:49:18 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-07-11 09:49:18 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-07-11 09:49:17 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-07-11 09:49:17 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-07-11 09:49:17 ----A---- C:\Windows\system32\mssvp.dll
2011-07-11 09:49:17 ----A---- C:\Windows\system32\mssphtb.dll
2011-07-11 09:49:17 ----A---- C:\Windows\system32\mssph.dll
2011-07-11 09:49:16 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-07-11 09:49:16 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-07-11 09:49:16 ----A---- C:\Windows\system32\msscntrs.dll
2011-07-11 09:49:15 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-07-01 14:14:33 ----D---- C:\f84d7b024f49de7591
2011-06-18 11:55:34 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-06-18 11:55:34 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-18 11:55:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-06-18 11:55:33 ----A---- C:\Windows\system32\iertutil.dll
2011-06-18 11:55:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-06-18 11:55:32 ----A---- C:\Windows\system32\jscript9.dll
2011-06-18 11:55:32 ----A---- C:\Windows\system32\ieui.dll
2011-06-18 11:55:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-06-18 11:55:31 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-06-18 11:55:31 ----A---- C:\Windows\system32\jscript.dll
2011-06-18 11:55:30 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-06-18 11:55:30 ----A---- C:\Windows\system32\urlmon.dll
2011-06-18 11:55:29 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-06-18 11:55:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-06-18 11:55:26 ----A---- C:\Windows\system32\mshtml.dll
2011-06-18 11:55:25 ----A---- C:\Windows\system32\ieframe.dll
2011-06-17 07:04:09 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-06-17 07:04:09 ----A---- C:\Windows\system32\d3d10_1.dll
2011-06-17 07:04:06 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-17 07:04:06 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-17 07:04:06 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-17 07:04:03 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-06-17 07:04:03 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-17 07:04:01 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-17 07:04:00 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-06-17 07:03:30 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-17 07:03:29 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-17 07:03:28 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-17 07:03:27 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-17 07:03:27 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-17 07:03:25 ----A---- C:\Windows\system32\win32k.sys
2011-06-15 10:30:54 ----RA---- C:\Windows\system32\AdobePDFUI.dll

======List of files/folders modified in the last 1 month======

2011-07-13 07:08:43 ----D---- C:\Windows\Temp
2011-07-13 07:08:38 ----RD---- C:\Program Files
2011-07-13 06:33:15 ----D---- C:\Windows\system32\catroot
2011-07-13 06:33:13 ----D---- C:\Windows\system32\catroot2
2011-07-13 06:33:00 ----D---- C:\Windows\System32
2011-07-13 06:32:59 ----D---- C:\Windows\inf
2011-07-13 06:32:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-13 06:32:47 ----D---- C:\Windows\winsxs
2011-07-13 06:28:47 ----D---- C:\Windows\system32\config
2011-07-13 06:27:54 ----D---- C:\Windows
2011-07-13 06:27:18 ----D---- C:\Windows\system32\Tasks
2011-07-13 06:26:46 ----D---- C:\Windows\SysWOW64
2011-07-12 16:21:12 ----A---- C:\Windows\SYSWOW64\guard32.dll
2011-07-12 16:21:12 ----A---- C:\Windows\system32\guard64.dll
2011-07-12 15:27:02 ----D---- C:\Windows\system32\FxsTmp
2011-07-12 14:45:46 ----D---- C:\Windows\Microsoft.NET
2011-07-12 14:45:45 ----RSD---- C:\Windows\assembly
2011-07-12 12:20:30 ----D---- C:\Windows\system32\DriverStore
2011-07-12 08:09:31 ----D---- C:\Users\Ondřej\AppData\Roaming\Winamp
2011-07-12 08:08:49 ----D---- C:\Windows\debug
2011-07-12 08:02:50 ----RD---- C:\Windows\Fonts
2011-07-12 06:45:51 ----SHD---- C:\Windows\Installer
2011-07-12 06:35:55 ----SHD---- C:\System Volume Information
2011-07-11 14:49:01 ----D---- C:\Program Files (x86)
2011-07-11 14:45:03 ----D---- C:\SPB_Data
2011-07-11 14:01:47 ----D---- C:\Windows\Prefetch
2011-07-11 09:39:33 ----D---- C:\Windows\Tasks
2011-07-11 09:39:33 ----D---- C:\Windows\system32\wfp
2011-07-11 09:39:28 ----D---- C:\Windows\system32\wbem
2011-07-11 09:37:55 ----D---- C:\Windows\SYSWOW64\wbem
2011-07-11 09:37:55 ----D---- C:\Windows\SYSWOW64\migration
2011-07-11 09:37:54 ----D---- C:\Windows\system32\migration
2011-07-11 09:37:54 ----D---- C:\Windows\system32\drivers
2011-07-11 09:37:28 ----D---- C:\Windows\AppCompat
2011-07-11 09:37:28 ----D---- C:\Users\Ondřej\AppData\Roaming\vlc
2011-07-11 09:37:26 ----D---- C:\ProgramData\P4G
2011-07-11 09:37:26 ----D---- C:\ProgramData\FLEXnet
2011-07-11 09:36:23 ----D---- C:\Windows\registration
2011-07-05 13:44:01 ----D---- C:\Windows\ModemLogs
2011-06-26 11:54:11 ----D---- C:\Program Files (x86)\Adobe
2011-06-24 09:05:49 ----D---- C:\Program Files (x86)\ZWCAD 2009 Csy
2011-06-23 20:06:36 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2011-06-19 14:38:23 ----D---- C:\Program Files\Internet Explorer
2011-06-19 14:38:23 ----D---- C:\Program Files (x86)\Internet Explorer
2011-06-18 12:01:06 ----A---- C:\Windows\system32\MRT.exe
2011-06-18 12:00:59 ----D---- C:\ProgramData\Microsoft Help
2011-06-15 09:26:29 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-04 834544]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-07-12 252344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-07-12 41712]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-07-12 92688]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aksdf;aksdf; C:\Windows\system32\DRIVERS\aksdf.sys [2009-09-21 71040]
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2009-08-20 130816]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2009-03-13 318464]
R2 multikey;Virtual USB MultiKey; C:\Windows\system32\DRIVERS\multikey.sys [2010-09-16 67584]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2009-06-25 67584]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [2009-06-25 55296]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2009-06-25 57856]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2009-12-17 53760]
R3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2009-12-17 25344]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-05-27 264192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-12-03 716872]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service; C:\Windows\system32\DRIVERS\Rockey4.sys [2011-05-01 25600]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-05-20 1799680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-17 286768]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 h647906;DragonRise H647906 AMD64 Driver; C:\Windows\system32\drivers\h647906.sys [2008-08-08 63856]
S3 h648101;DragonRise H648101 AMD64 Driver; C:\Windows\system32\drivers\h648101.sys [2008-08-08 65776]
S3 h648103;DragonRise H648103 AMD64 Driver; C:\Windows\system32\drivers\h648103.sys [2008-08-08 62960]
S3 hid7906;hid7906; C:\Windows\system32\drivers\hid7906.sys []
S3 hid8101;hid8101; C:\Windows\system32\drivers\hid8101.sys []
S3 hid8103;hid8103; C:\Windows\system32\drivers\hid8103.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-05-27 203264]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 864032]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-07-12 2528096]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 hasplms;Sentinel HASP License Manager; C:\Windows\system32\hasplms.exe [2009-12-16 3750400]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab; C:\RSoft\bin\smpd.exe [2005-11-22 1460224]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 rslmd;RSoft License Server; C:\RSoft\bin\rslmd.exe [2007-11-27 932352]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-01-04 1045256]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
S2 spmgr;spmgr; C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 EsetUninstaller;ESET Uninstaller Service; C:\Windows\ESETUninstaller.exe [2010-11-01 512000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-05 1255736]

-----------------EOF-----------------

Zdravim a pekne rano preji

Co budeme delat s tim nelegalnim ESET Smart Security

Je to TRIAL verze, které skončila před 20 dny platnost... Předpokládám, že se nejedná o nelegální software...

A kolikaty jiz trial to tam mate

Ja v logu jasne vidim radky ktere urcuji, ze byl aplikovan crack, tak mi tu neveste buliky na nos

Přiznávám, že jsem ho zkoušel cracknout, ale nešlo mi to... Proto jsem do nedávna postupoval tak, že jsem se každý měsíc zaregistroval u ESETu a získal novou trial verzi resp. nové uživ. jméno a heslo pro aktualizace a nemusel jsem tak přeinstalovávat software, což jsem shledal jako legální postup v rámci studentské nouze...

Tady to kazdomesicni ziskavani trial licence tez odporuje licencnim podminkam
Cituji licencni podminky ESETu (se kterymi jste mimochodem souhlasil pri instalaci produktu)

6. Omezení práv Koncového uživatele.
g) Nesmíte používat Software získaný jako zkušební verze nebo Not-For-Resale (dále jen „NFR“) v rozporu s dobrými mravy za účelem vyhnutí se zaplacení Licenčního poplatku dle článku 17.

18. NFR a zkušební verze.
Software dodaný jako NFR nebo zkušební verze můžete použít výhradně na ověření a testování vlastností Software.

Odinstalujte ESET, odisntalujte Comodo, nainstalujte free Avast ci Aviru

Jste student a mate koupenou licenci na nejvyssi verzi W7 Ultimate a nemate pak par stovek na ESET, trochu divne ne...nebo ty W7 jsou tez cinknute

Přiznávám jsem, vinnen... ESET odinstalován, COMODO je ovšem freeware,ne? Je tedy nutné ho odinstalovat?

Pokud jej pouzivate jen jako firewall tak si jej tam muzete nechat - je ale zbytecny pro bezneho uzivatele - FW na W7 je jiz na dostatecne urovni.

Tu licenci na W7 mate koupenou

Nemohu tedy počítat s Vaší pomocí?

Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava , pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu (zvlaste bezpecnostnich programu) by byla zcela proti logice fora

Dame jej nyni do kupy, ale pokud se bude situace opakovat, bude pomoc odmitnuta...

Dejte mi sem nyni pozadovane logy (novy RSIT a CKScanner)

Na svoji obranu chci podotknout, že mám zakoupenou legální verzi Windows XP a Windows Vista. Bohužel Windows Vista, je tak zpackaný systém, že jsem byl nucen "upgradovat" na W7, protože vrátit tento paskvil po zakoupení nelze...

Každopádně Vám děkuji za pomoc!

Log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ondřej at 2011-07-13 08:55:14
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 74 GB (48%) free of 153 GB
Total RAM: 3839 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:55:17, on 13.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ProfiCAD\ProfiCAD.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Ondřej.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arrow.nl/jazz/#/jazz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Ondřej\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Ondřej\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe "C:\Program Files (x86)\HP\HP UT\"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [USB Gamepad] C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ondřej\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Lingea Update Center.lnk = C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files (x86)\QIP\qip.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\RSoft\bin\smpd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RSoft License Server (rslmd) - Unknown owner - C:\RSoft\bin\rslmd.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12854 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe -run
C:\RSoft\bin\smpd.exe
"C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe"
C:\RSoft\bin\rslmd.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k imgsvc
taskeng.exe {FE587A2D-00E1-4EAC-9B27-08339138FB02}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {BA69DB86-4CE8-4106-A0B3-3755FF2AB0B8}
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE" -Embedding
"C:\Program Files (x86)\ATK Hotkey\Hcontrol.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Program Files\Wireless Console 2\wcourier.exe"
"C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe"
"C:\Program Files (x86)\ATK Hotkey\MsgTranAgt64.exe"
Atouch64.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
"C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe"
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe"
ATKOSD.exe
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
WDC.exe
"C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=cs --force-fieldtest="ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_2 concurrent_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/" --channel=360.01055710.1598380655 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest="ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_2 concurrent_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/" --channel=360.04962F58.1140811902 /prefetch:3
"C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest="ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_2 concurrent_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/" --channel=360.04962DD0.580982229 /prefetch:3
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\ProfiCAD\ProfiCAD.exe"
C:\Windows\system32\rundll32.exe "C:\Users\ONDEJ~1\AppData\Local\Google\Chrome\APPLIC~1\120742~1.112\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\12.0.742.112\gcswf32.dll" --lang=cs --channel=360.08D18000.970353468 /prefetch:4 --flash-broker=324
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\wuauclt.exe"
"C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest="CacheSize/CacheSizeGroup_1/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_2 concurrent_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/" --channel=360.010A0DB0.529981577 /prefetch:3
"C:\Users\Ondřej\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2024502112-2145055025-2828989588-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2024502112-2145055025-2828989588-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://vshare.toolbarhome.com/?hp=df"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, vshare@toolbar:1.0.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default\extensions\
vshare@toolbar
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default\searchplugins\
web-search.xml
youtube.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Ondřej\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-17 1813288]
""= []
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-10-26 500208]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-07-12 9048392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"=C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe [2010-04-12 181760]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]
"Google Update"=C:\Users\Ondřej\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2009-02-25 37888]
"reset"=regedit /s reset.reg []
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2011-06-07 40376]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-09-22 640440]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"HPUsageTracking"=C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [2009-05-11 24576]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-11-25 98304]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"USB Gamepad"=C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Lingea Update Center.lnk - C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-13 08:47:41 ----A---- C:\Windows\ntbtlog.txt
2011-07-13 08:23:41 ----SHD---- C:\Config.Msi
2011-07-13 07:08:38 ----D---- C:\rsit
2011-07-13 07:08:38 ----D---- C:\Program Files\trend micro
2011-07-12 06:40:06 ----D---- C:\Users\Ondřej\AppData\Roaming\ProfiCAD
2011-07-11 14:49:01 ----D---- C:\Program Files (x86)\ProfiCAD
2011-07-11 09:49:26 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-07-11 09:49:26 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-07-11 09:49:25 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-07-11 09:49:25 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-07-11 09:49:25 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-07-11 09:49:21 ----A---- C:\Windows\system32\tquery.dll
2011-07-11 09:49:21 ----A---- C:\Windows\system32\mssrch.dll
2011-07-11 09:49:20 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-07-11 09:49:20 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-07-11 09:49:19 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-07-11 09:49:19 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-07-11 09:49:18 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-07-11 09:49:18 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-07-11 09:49:18 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-07-11 09:49:17 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-07-11 09:49:17 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-07-11 09:49:17 ----A---- C:\Windows\system32\mssvp.dll
2011-07-11 09:49:17 ----A---- C:\Windows\system32\mssphtb.dll
2011-07-11 09:49:17 ----A---- C:\Windows\system32\mssph.dll
2011-07-11 09:49:16 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-07-11 09:49:16 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-07-11 09:49:16 ----A---- C:\Windows\system32\msscntrs.dll
2011-07-11 09:49:15 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-07-01 14:14:33 ----D---- C:\f84d7b024f49de7591
2011-06-18 11:55:34 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-06-18 11:55:34 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-18 11:55:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-06-18 11:55:33 ----A---- C:\Windows\system32\iertutil.dll
2011-06-18 11:55:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-06-18 11:55:32 ----A---- C:\Windows\system32\jscript9.dll
2011-06-18 11:55:32 ----A---- C:\Windows\system32\ieui.dll
2011-06-18 11:55:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-06-18 11:55:31 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-06-18 11:55:31 ----A---- C:\Windows\system32\jscript.dll
2011-06-18 11:55:30 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-06-18 11:55:30 ----A---- C:\Windows\system32\urlmon.dll
2011-06-18 11:55:29 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-06-18 11:55:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-06-18 11:55:26 ----A---- C:\Windows\system32\mshtml.dll
2011-06-18 11:55:25 ----A---- C:\Windows\system32\ieframe.dll
2011-06-17 07:04:09 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-06-17 07:04:09 ----A---- C:\Windows\system32\d3d10_1.dll
2011-06-17 07:04:06 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-17 07:04:06 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-17 07:04:06 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-17 07:04:03 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-06-17 07:04:03 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-17 07:04:01 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-17 07:04:00 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-06-17 07:03:30 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-17 07:03:29 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-17 07:03:28 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-17 07:03:27 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-17 07:03:27 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-17 07:03:25 ----A---- C:\Windows\system32\win32k.sys
2011-06-15 10:30:54 ----RA---- C:\Windows\system32\AdobePDFUI.dll

======List of files/folders modified in the last 1 month======

2011-07-13 08:55:15 ----D---- C:\Windows\Temp
2011-07-13 08:52:20 ----D---- C:\Windows\system32\DriverStore
2011-07-13 08:50:31 ----D---- C:\Windows\system32\Tasks
2011-07-13 08:49:04 ----D---- C:\Windows
2011-07-13 08:41:11 ----D---- C:\Windows\system32\config
2011-07-13 08:24:11 ----SHD---- C:\Windows\Installer
2011-07-13 08:24:04 ----HD---- C:\ProgramData
2011-07-13 08:23:58 ----D---- C:\Windows\system32\catroot
2011-07-13 08:23:57 ----D---- C:\Windows\inf
2011-07-13 07:08:38 ----RD---- C:\Program Files
2011-07-13 06:33:13 ----D---- C:\Windows\system32\catroot2
2011-07-13 06:33:00 ----D---- C:\Windows\System32
2011-07-13 06:32:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-13 06:32:47 ----D---- C:\Windows\winsxs
2011-07-13 06:26:46 ----D---- C:\Windows\SysWOW64
2011-07-12 16:21:12 ----A---- C:\Windows\SYSWOW64\guard32.dll
2011-07-12 16:21:12 ----A---- C:\Windows\system32\guard64.dll
2011-07-12 15:27:04 ----D---- C:\Windows\system32\FxsTmp
2011-07-12 14:45:46 ----D---- C:\Windows\Microsoft.NET
2011-07-12 14:45:45 ----RSD---- C:\Windows\assembly
2011-07-12 08:09:31 ----D---- C:\Users\Ondřej\AppData\Roaming\Winamp
2011-07-12 08:08:49 ----D---- C:\Windows\debug
2011-07-12 08:02:50 ----RD---- C:\Windows\Fonts
2011-07-12 06:35:55 ----SHD---- C:\System Volume Information
2011-07-11 14:49:01 ----D---- C:\Program Files (x86)
2011-07-11 14:45:03 ----D---- C:\SPB_Data
2011-07-11 14:01:47 ----D---- C:\Windows\Prefetch
2011-07-11 09:39:33 ----D---- C:\Windows\Tasks
2011-07-11 09:39:33 ----D---- C:\Windows\system32\wfp
2011-07-11 09:39:28 ----D---- C:\Windows\system32\wbem
2011-07-11 09:37:55 ----D---- C:\Windows\SYSWOW64\wbem
2011-07-11 09:37:55 ----D---- C:\Windows\SYSWOW64\migration
2011-07-11 09:37:54 ----D---- C:\Windows\system32\migration
2011-07-11 09:37:54 ----D---- C:\Windows\system32\drivers
2011-07-11 09:37:28 ----D---- C:\Windows\AppCompat
2011-07-11 09:37:28 ----D---- C:\Users\Ondřej\AppData\Roaming\vlc
2011-07-11 09:37:26 ----D---- C:\ProgramData\P4G
2011-07-11 09:37:26 ----D---- C:\ProgramData\FLEXnet
2011-07-11 09:36:23 ----D---- C:\Windows\registration
2011-07-05 13:44:01 ----D---- C:\Windows\ModemLogs
2011-06-26 11:54:11 ----D---- C:\Program Files (x86)\Adobe
2011-06-24 09:05:49 ----D---- C:\Program Files (x86)\ZWCAD 2009 Csy
2011-06-23 20:06:36 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2011-06-19 14:38:23 ----D---- C:\Program Files\Internet Explorer
2011-06-19 14:38:23 ----D---- C:\Program Files (x86)\Internet Explorer
2011-06-18 12:01:06 ----A---- C:\Windows\system32\MRT.exe
2011-06-18 12:00:59 ----D---- C:\ProgramData\Microsoft Help
2011-06-15 09:26:29 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-04 834544]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-07-12 252344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-07-12 41712]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-07-12 92688]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aksdf;aksdf; C:\Windows\system32\DRIVERS\aksdf.sys [2009-09-21 71040]
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2009-08-20 130816]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2009-03-13 318464]
R2 multikey;Virtual USB MultiKey; C:\Windows\system32\DRIVERS\multikey.sys [2010-09-16 67584]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2009-06-25 67584]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [2009-06-25 55296]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2009-06-25 57856]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2009-12-17 53760]
R3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2009-12-17 25344]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-05-27 264192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-12-03 716872]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service; C:\Windows\system32\DRIVERS\Rockey4.sys [2011-05-01 25600]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-05-20 1799680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-17 286768]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 agystut0;agystut0; C:\Windows\system32\drivers\agystut0.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 h647906;DragonRise H647906 AMD64 Driver; C:\Windows\system32\drivers\h647906.sys [2008-08-08 63856]
S3 h648101;DragonRise H648101 AMD64 Driver; C:\Windows\system32\drivers\h648101.sys [2008-08-08 65776]
S3 h648103;DragonRise H648103 AMD64 Driver; C:\Windows\system32\drivers\h648103.sys [2008-08-08 62960]
S3 hid7906;hid7906; C:\Windows\system32\drivers\hid7906.sys []
S3 hid8101;hid8101; C:\Windows\system32\drivers\hid8101.sys []
S3 hid8103;hid8103; C:\Windows\system32\drivers\hid8103.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-05-27 203264]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 864032]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-07-12 2528096]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 hasplms;Sentinel HASP License Manager; C:\Windows\system32\hasplms.exe [2009-12-16 3750400]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab; C:\RSoft\bin\smpd.exe [2005-11-22 1460224]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 rslmd;RSoft License Server; C:\RSoft\bin\rslmd.exe [2007-11-27 932352]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
S2 spmgr;spmgr; C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-01-04 1045256]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-05 1255736]

-----------------EOF-----------------
Log z CKSkenner:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\matlab\r2008a\toolbox\pde\crackb.m
c:\program files\matlab\r2008a\toolbox\pde\crackg.m
c:\program files\matlab\r2008a\toolbox\pde\ja\crackb.m
c:\program files\matlab\r2008a\toolbox\pde\ja\crackg.m
c:\program files\wolfram research\mathematica\7.0\systemfiles\java\wolframsshkeygen.jar
c:\program files (x86)\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\users\ondřej\favorites\lezeni\bergsteigen.at video parallelojams - crack climbing in indian creek (utah).url
hosts # 127.0.0.1 activate.adobe.com
hosts # 127.0.0.1 activate.adobe.com
scanner sequence 3.ED.11.AQNAMQ
----- EOF -----

A kde je nejake to zabezpeceni - Avast ci Avira

To Comodo mate jen jako firewall

Doinstaloval jsem Aviru. Je nutné udělat scan znovu?

Ne, udelame sken jinou utilitou, ta 64bit OS ukazuje lepe a nasledne mazani pres ni je pohodlne...

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  netsvcs
  drivers32
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  c:\windows\*.* /U
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  /md5start
  adp3132.sys
  AGP440.sys
  ahcix86.sys
  ahcix86s.sys
  atapi.sys
  autochk.exe
  cdrom.sys
  cngaudit.dll
  cryptsvc.dll
  eNetHook.dll
  eventlog.dll
  explorer.exe
  hal.dll
  Changer.sys
  iaStor.sys
  iastorv.sys
  IdeChnDr.sys
  isapnp.sys
  JakNDis.sys
  KR10N.sys
  logevent.dll
  lsass.exe
  mv61xx.sys
  ndis.sys
  netlogon.dll
  ntelogon.dll
  nvata.sys
  nvatabus.sys
  nvgts.sys
  nvraid.sys
  nvrd32.sys
  nvstor.sys
  nvstor32.sys
  scecli.dll
  sceclt.dll
  smss.exe
  svchost.exe
  symmpi.sys
  tcpip.sys
  userinit.exe
  vaxscsi.sys
  viamraid.sys
  viasraid.sys
  ViPrt.sys
  winlogon.exe
  ws2_32.dll
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  CREATERESTOREPOINT

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

OTL PART1:

OTL logfile created on: 13.7.2011 10:51:24 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Ondřej\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,75 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 49,20% Memory free
7,50 Gb Paging File | 5,24 Gb Available in Paging File | 69,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 69,48 Gb Free Space | 46,62% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 15,70 Gb Free Space | 11,27% Space Free | Partition Type: NTFS

Computer Name: ONDŘEJ-PC | User Name: Ondřej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011.07.13 10:49:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ondřej\Desktop\OTL.exe
PRC - [2011.07.13 10:34:31 | 056,039,816 | ---- | M] () -- C:\Users\Ondřej\Desktop\avira_antivir_personal_en.exe
PRC - [2011.06.28 21:54:16 | 002,972,672 | ---- | M] (www.proficad.com) -- C:\Program Files (x86)\ProfiCAD\ProfiCAD.exe
PRC - [2011.06.17 12:36:52 | 000,667,304 | ---- | M] (Avira GmbH) -- C:\Users\Ondřej\AppData\Local\Temp\RarSFX0\setup.exe
PRC - [2011.06.17 12:36:21 | 000,442,024 | ---- | M] (Avira GmbH) -- c:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2011.06.17 12:36:20 | 000,223,912 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
PRC - [2011.06.17 12:36:17 | 000,361,128 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.exe
PRC - [2011.06.17 12:36:15 | 000,389,288 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:53:47 | 000,588,456 | ---- | M] (Avira GmbH) -- C:\Users\Ondřej\AppData\Local\Temp\RarSFX0\presetup.exe
PRC - [2011.04.21 07:53:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.19 16:54:18 | 000,275,736 | ---- | M] (Lingea) -- C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010.04.12 18:28:50 | 000,181,760 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe
PRC - [2009.07.01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.02.25 23:26:00 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2007.11.28 18:39:42 | 002,465,792 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.28 18:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files (x86)\ATK Hotkey\HControl.exe
PRC - [2007.11.28 16:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\Atouch64.exe
PRC - [2007.11.04 20:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.08.15 12:38:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\WDC.exe
PRC - [2007.07.04 14:01:56 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.07.04 14:01:36 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (SafeList) ==========

MOD - [2011.07.13 10:49:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ondřej\Desktop\OTL.exe
MOD - [2011.07.12 16:21:12 | 000,285,256 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.07.12 16:20:36 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010.05.27 18:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.12.16 17:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.21 07:53:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.04 22:23:42 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2007.11.27 12:00:00 | 000,932,352 | ---- | M] () [Auto | Running] -- C:\RSoft\bin\rslmd.exe -- (rslmd)
SRV - [2005.11.22 12:00:00 | 001,460,224 | ---- | M] () [Auto | Running] -- C:\RSoft\bin\smpd.exe -- (mpich2_smpd)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.06.17 12:37:07 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.17 12:37:07 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.01 19:51:32 | 000,025,600 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rockey4.sys -- (ROCKEYNT)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.16 22:30:48 | 000,067,584 | ---- | M] (Chingachguk & Denger2k (Elite & SP edition)) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\multikey.sys -- (multikey)
DRV:64bit: - [2010.07.15 14:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.07.04 14:16:14 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.05.27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.05.27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.27 18:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.12.17 07:10:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2009.12.17 07:10:34 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2009.12.03 16:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.21 09:07:26 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009.08.20 08:02:06 | 000,130,816 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2009.08.17 12:15:44 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.01 12:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 12:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 12:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.20 16:11:06 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.04.07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.03.13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2008.08.08 15:31:26 | 000,062,960 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h648103.sys -- (h648103)
DRV:64bit: - [2008.08.08 15:31:22 | 000,065,776 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h648101.sys -- (h648101)
DRV:64bit: - [2008.08.08 15:31:20 | 000,063,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h647906.sys -- (h647906)
DRV:64bit: - [2007.08.09 01:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2008.08.08 15:31:18 | 000,043,192 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8101.sys -- (hid8101)
DRV - [2008.08.08 15:31:18 | 000,040,856 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8103.sys -- (hid8103)
DRV - [2008.08.08 15:31:16 | 000,041,272 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid7906.sys -- (hid7906)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arrow.nl/jazz/#/jazz/
IE - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Ondřej\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ondřej\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ondřej\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.12 15:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.26 11:54:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.06.23 20:06:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.07.13 08:24:02 | 000,000,000 | ---D | M]

[2010.09.05 18:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ondřej\AppData\Roaming\Mozilla\Extensions
[2010.07.04 16:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ondřej\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.03 20:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default\extensions
[2010.12.26 17:37:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.17 16:59:51 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.03.01 22:52:08 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default\extensions\vshare@toolbar
[2011.03.01 22:52:19 | 000,001,583 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default\searchplugins\web-search.xml
[2010.09.21 19:58:26 | 000,004,140 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\frf8mbx0.default\searchplugins\youtube.xml
[2011.05.03 20:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.07.04 00:23:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 19:20:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.08 09:51:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.28 09:27:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\ONDřEJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FRF8MBX0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\USERS\ONDřEJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FRF8MBX0.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}
File not found (No name found) -- C:\USERS\ONDřEJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FRF8MBX0.DEFAULT\EXTENSIONS\VSHARE@TOOLBAR
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.23 02:28:35 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.07.23 02:28:35 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2010.07.23 02:28:35 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2010.07.23 02:28:35 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.07.23 02:28:35 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.08.04 21:18:38 | 000,000,830 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Ondřej\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [reset] C:\Windows\reset.reg ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB Gamepad] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001..\Run: [QIP Internet Guardian] C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Ondřej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lingea Update Center.lnk = C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe (Lingea)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2024502112-2145055025-2828989588-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.218 192.168.1.171
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06de3d50-7d3c-11e0-85ce-8fb905c8f053}\Shell - "" = AutoRun
O33 - MountPoints2\{06de3d50-7d3c-11e0-85ce-8fb905c8f053}\Shell\AutoRun\command - "" = G:\ShelExec.exe @EXEDRV@\Start.pdf
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 7 Days ==========

[2011.07.13 10:49:31 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Ondřej\Desktop\OTL.exe
[2011.07.13 10:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.07.13 10:44:01 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.13 10:44:01 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.07.13 10:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.07.13 10:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.07.13 08:23:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.07.13 07:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.13 07:08:38 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.13 06:38:47 | 000,000,000 | ---D | C] -- C:\Users\Ondřej\Desktop\36 FEL_29_6_11_15_In
[2011.07.13 06:37:50 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ondřej\Desktop\esetsmartinstaller_csy.exe
[2011.07.12 06:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProfiCAD
[2011.07.12 06:40:07 | 000,000,000 | ---D | C] -- C:\Users\Ondřej\Documents\schémata
[2011.07.12 06:40:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\proficad library
[2011.07.12 06:40:06 | 000,000,000 | ---D | C] -- C:\Users\Ondřej\AppData\Roaming\ProfiCAD
[2011.07.11 14:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProfiCAD
[2011.07.11 09:49:26 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011.07.11 09:49:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011.07.11 09:49:21 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011.07.11 09:49:21 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011.07.11 09:49:20 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011.07.11 09:49:19 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011.07.11 09:49:19 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011.07.11 09:49:18 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011.07.11 09:49:17 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011.07.11 09:49:17 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011.07.11 09:49:17 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011.07.11 09:49:17 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011.07.11 09:49:17 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011.07.11 09:49:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011.07.11 09:49:16 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011.07.11 09:49:15 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011.07.08 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Ondřej\Desktop\Waveguide fabrication using proton beam writing
[2011.07.07 14:15:38 | 000,000,000 | ---D | C] -- C:\Users\Ondřej\Desktop\PON
[2010.07.24 18:19:05 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe2E4.dll

========== Files - Modified Within 7 Days ==========

[2011.07.13 10:49:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ondřej\Desktop\OTL.exe
[2011.07.13 10:45:01 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.13 10:44:12 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.07.13 10:34:31 | 056,039,816 | ---- | M] () -- C:\Users\Ondřej\Desktop\avira_antivir_personal_en.exe
[2011.07.13 10:34:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2024502112-2145055025-2828989588-1001UA.job
[2011.07.13 09:45:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.13 09:00:37 | 000,459,264 | ---- | M] () -- C:\Users\Ondřej\Desktop\CKScanner (1).exe
[2011.07.13 08:57:46 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 08:57:46 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 08:50:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.13 08:50:00 | 3019,227,136 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.13 07:08:01 | 000,935,175 | ---- | M] () -- C:\Users\Ondřej\Desktop\RSITx64.exe
[2011.07.13 06:37:51 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Ondřej\Desktop\esetsmartinstaller_csy.exe
[2011.07.13 06:35:39 | 046,229,660 | ---- | M] () -- C:\Users\Ondřej\Desktop\36 FEL_29_6_11_15_In.zip
[2011.07.13 06:33:00 | 000,639,986 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.07.13 06:33:00 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.13 06:33:00 | 000,126,866 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.07.13 06:33:00 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.13 06:32:59 | 001,497,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.12 16:21:12 | 000,363,560 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2011.07.12 16:21:12 | 000,285,256 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2011.07.12 16:21:10 | 000,016,016 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011.07.12 15:28:31 | 000,002,004 | -H-- | M] () -- C:\Users\Ondřej\Documents\Default.rdp
[2011.07.12 08:04:25 | 004,942,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.12 06:40:45 | 000,000,971 | ---- | M] () -- C:\Users\Ondřej\Desktop\ProfiCAD.lnk
[2011.07.12 06:40:19 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2024502112-2145055025-2828989588-1001Core.job
[2011.07.11 10:25:44 | 000,280,580 | ---- | M] () -- C:\Users\Ondřej\Desktop\Vyukovy_material_SDH.pdf
[2011.07.08 14:47:01 | 000,144,380 | ---- | M] () -- C:\Users\Ondřej\Desktop\res12.pdf
[2011.07.08 11:24:01 | 011,585,321 | ---- | M] () -- C:\Users\Ondřej\Desktop\merit_nano.pdf
[2011.07.08 08:34:02 | 002,070,591 | ---- | M] () -- C:\Users\Ondřej\Desktop\Carl Friedrich Gauss.pdf

========== Files Created - No Company Name ==========

[2011.07.13 10:44:12 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.07.13 10:31:41 | 056,039,816 | ---- | C] () -- C:\Users\Ondřej\Desktop\avira_antivir_personal_en.exe
[2011.07.13 09:00:41 | 000,459,264 | ---- | C] () -- C:\Users\Ondřej\Desktop\CKScanner (1).exe
[2011.07.13 07:08:02 | 000,935,175 | ---- | C] () -- C:\Users\Ondřej\Desktop\RSITx64.exe
[2011.07.13 06:34:51 | 046,229,660 | ---- | C] () -- C:\Users\Ondřej\Desktop\36 FEL_29_6_11_15_In.zip
[2011.07.12 06:40:45 | 000,000,971 | ---- | C] () -- C:\Users\Ondřej\Desktop\ProfiCAD.lnk
[2011.07.11 10:25:55 | 000,280,580 | ---- | C] () -- C:\Users\Ondřej\Desktop\Vyukovy_material_SDH.pdf
[2011.07.08 14:47:01 | 000,144,380 | ---- | C] () -- C:\Users\Ondřej\Desktop\res12.pdf
[2011.07.08 11:23:56 | 011,585,321 | ---- | C] () -- C:\Users\Ondřej\Desktop\merit_nano.pdf
[2011.07.08 11:23:33 | 002,070,591 | ---- | C] () -- C:\Users\Ondřej\Desktop\Carl Friedrich Gauss.pdf
[2011.06.04 10:27:27 | 000,000,132 | ---- | C] () -- C:\Users\Ondřej\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
[2011.04.27 23:07:31 | 000,003,584 | ---- | C] () -- C:\Users\Ondřej\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.08 11:38:45 | 000,000,132 | ---- | C] () -- C:\Users\Ondřej\AppData\Roaming\Adobe Formát BMP CS5 – předvolby
[2011.03.02 15:15:04 | 000,001,248 | ---- | C] () -- C:\Users\Ondřej\AppData\Local\SRDownloader.err
[2011.03.02 14:54:57 | 000,000,880 | ---- | C] () -- C:\Users\Ondřej\AppData\Local\SRDownloader.nast
[2011.02.21 23:36:49 | 000,000,132 | ---- | C] () -- C:\Users\Ondřej\AppData\Roaming\Filtr IIIExport Adobe CS5 – předvolby
[2011.02.16 15:22:30 | 000,000,154 | ---- | C] () -- C:\Users\Ondřej\AppData\Roaming\gnuplot_history
[2011.02.01 23:21:27 | 000,000,437 | ---- | C] () -- C:\Windows\Marias.ini
[2011.01.30 23:56:03 | 000,000,132 | ---- | C] () -- C:\Users\Ondřej\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2011.01.04 10:15:35 | 000,002,186 | ---- | C] () -- C:\Windows\print3d.dat
[2010.12.17 09:56:29 | 000,004,522 | ---- | C] () -- C:\Windows\scad3.INI
[2010.12.02 21:52:09 | 000,000,013 | ---- | C] () -- C:\Windows\MC10demo.INI
[2010.11.25 10:27:38 | 000,016,719 | ---- | C] () -- C:\ProgramData\mayura.ini
[2010.11.23 13:57:09 | 000,000,337 | ---- | C] () -- C:\Users\Ondřej\AppData\Local\Perfmon.PerfmonCfg
[2010.11.23 13:15:56 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2010.11.02 19:29:38 | 000,024,709 | ---- | C] () -- C:\Windows\cscmondump.bin
[2010.09.27 10:27:56 | 000,000,146 | ---- | C] () -- C:\Windows\Capture.INI
[2010.09.25 12:29:27 | 000,007,609 | ---- | C] () -- C:\Users\Ondřej\AppData\Local\Resmon.ResmonCfg
[2010.07.24 18:59:42 | 000,000,094 | ---- | C] () -- C:\Users\Ondřej\AppData\Local\fusioncache.dat
[2010.07.24 18:39:04 | 001,497,316 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.06 15:15:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.04 16:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.04 14:04:35 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.07.04 01:55:22 | 000,026,112 | ---- | C] () -- C:\Windows\LgUninst.exe
[2010.07.04 00:17:14 | 000,000,781 | ---- | C] () -- C:\Windows\wincmd.ini
[2010.07.03 22:53:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.29 17:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.03 01:47:56 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\LFC.exe
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.02.07 11:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll

========== LOP Check ==========

[2010.10.26 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\AWR
[2010.09.13 22:53:03 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\BSplayer
[2010.09.13 14:48:30 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\BSplayer Pro
[2011.05.01 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Chinaweal Longteng
[2011.01.30 23:02:55 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\CrashReport
[2010.07.04 14:23:44 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\DAEMON Tools Lite
[2011.02.04 11:56:54 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Design Science
[2010.11.01 21:18:31 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\ESET
[2011.01.18 20:59:13 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\GrindEQ
[2011.02.03 23:48:36 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\gtk-2.0
[2011.01.31 02:48:51 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\inkscape
[2010.07.04 10:20:55 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Jpeg Resampler
[2011.07.12 07:08:07 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\ProfiCAD
[2011.01.04 10:17:13 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\progeSOFT
[2010.07.04 01:35:54 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\QIP
[2010.07.04 01:41:00 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\QipGuard
[2011.01.19 11:31:44 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Shared
[2010.12.07 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.08 13:27:50 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\SumatraPDF
[2010.07.04 16:48:37 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Thunderbird
[2010.11.25 11:04:06 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\uTorrent
[2010.07.04 00:23:26 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\VitySoft
[2011.01.24 15:31:03 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Word-to-Latex
[2011.02.16 00:06:39 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\ZWSoft
[2011.02.14 08:57:46 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"QIP Internet Guardian" = C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe -- [2010.04.12 18:28:50 | 000,181,760 | ---- | M] ()
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.07.04 14:01:36 | 000,148,776 | ---- | M] (Nero AG)
"Google Update" = "C:\Users\Ondřej\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010.07.19 22:11:53 | 000,136,176 | ---- | M] (Google Inc.)
"AdobeBridge" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.04.18 13:22:54 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Adobe
[2010.12.07 21:26:08 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Adobe Mini Bridge CS5
[2010.07.05 18:47:46 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Ahead
[2010.07.03 23:42:43 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\ATI
[2010.10.26 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\AWR
[2010.09.13 22:53:03 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\BSplayer
[2010.09.13 14:48:30 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\BSplayer Pro
[2011.05.01 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Chinaweal Longteng
[2011.01.30 23:02:55 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\CrashReport
[2010.07.04 14:23:44 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\DAEMON Tools Lite
[2011.02.04 11:56:54 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Design Science
[2010.07.04 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Download Manager
[2011.03.24 23:23:24 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\dvdcss
[2010.11.01 21:18:31 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\ESET
[2011.01.18 20:59:13 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\GrindEQ
[2011.02.03 23:48:36 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\gtk-2.0
[2010.07.03 23:02:19 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Identities
[2011.01.31 02:48:51 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\inkscape
[2010.12.27 22:24:38 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\InstallShield
[2010.07.04 10:20:55 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Jpeg Resampler
[2010.07.04 01:04:41 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Macromedia
[2010.07.13 11:59:42 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Mathematica
[2010.07.06 10:57:35 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\MathWorks
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Media Center Programs
[2011.04.28 03:20:26 | 000,000,000 | --SD | M] -- C:\Users\Ondřej\AppData\Roaming\Microsoft
[2011.02.25 01:11:58 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\MiKTeX
[2010.07.03 23:07:55 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Mozilla
[2011.07.12 07:08:07 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\ProfiCAD
[2011.01.04 10:17:13 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\progeSOFT
[2010.07.04 01:35:54 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\QIP
[2010.07.04 01:41:00 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\QipGuard
[2011.01.19 11:31:44 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Shared
[2011.06.06 21:31:55 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Skype
[2011.06.06 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\skypePM
[2010.12.07 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.08 13:27:50 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\SumatraPDF
[2010.07.04 16:48:37 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Thunderbird
[2010.11.25 11:04:06 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\uTorrent
[2010.07.04 00:23:26 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\VitySoft
[2011.07.11 09:37:28 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\vlc
[2011.07.12 08:09:31 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Winamp
[2010.07.04 00:04:20 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\WinRAR
[2011.01.24 15:31:03 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\Word-to-Latex
[2011.02.16 00:06:39 | 000,000,000 | ---D | M] -- C:\Users\Ondřej\AppData\Roaming\ZWSoft

< %APPDATA%\*.exe /s >
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2009.11.14 19:11:36 | 000,113,152 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2009.11.14 19:33:40 | 000,357,888 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2009.11.14 19:11:36 | 000,136,704 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.02.23 16:00:42 | 000,042,288 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2010.10.05 14:00:27 | 000,028,672 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\progeSOFT\progeCAD\R10\Professional - English\pdf2dxf.exe
[2010.10.05 14:00:26 | 000,020,480 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\progeSOFT\progeCAD\R10\Professional - English\fonts\FontSetup.exe
[2010.04.12 18:28:50 | 000,181,760 | ---- | M] () -- C:\Users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe