VIRY.CZ

Zdravim,

obavam se, ze me pc bylo infikovano a bohuzel uz zakladnimi cestami nevim jak dale.

Dnes se mi v procesech zacal samovolne i po killnuti objevovat iexplore.exe, ktery si nekde lital po webu. To jsem alespon nahrubo vyresil tim, ze jsem iecko odinstaloval, nicmene obavam se, ze to nestaci. Pak mam i dalsi problemy, napr. vyhledavani na googlu a pri logovani se je hlaseno neduveryhodne pripojeni. Jednou za cas se objevi plugincontainer32.exe, ktery se nachazi ve firefox adresari a zere jedno cpu. To same se mi stalo s rundll32.exe, ktery se vsak nenechazel v system32:/

Chtel bych se zeptat, jestli tyhle problemy pujde nejak sotisfikovane poresit (a byl bych za to vdecen), nebo ne.

Diky za rady, zde prikladam log z RSIT:

-----------------------------------------------------------------------------------------------

Logfile of random's system information tool 1.09 (written by random/random)
Run by Josik at 2012-08-01 23:27:01
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 57 GB (10%) free of 588 GB
Total RAM: 6056 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:27:07, on 1.8.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Pepovka\Programy\Firefox\firefox.exe
C:\Pepovka\Programy\Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files\trend micro\Josik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Pepovka\Programy\Visual Studio 10 Ultimate\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Pepovka\Programy\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [LicenseValidator] C:\Users\Josik\AppData\Roaming\Identities\{41698541-A99D-4686-AEFD-155C90467EFA}\LicenseValidator.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-568802358-3452293301-1550574988-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-568802358-3452293301-1550574988-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Pepovka\Hraj\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Pepovka\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12389 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 28072304
\??\C:\windows\system32\conhost.exe "-1156422529129632195012887591421652209685683147957-1388207114-1513679861786065537
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Pepovka\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe"
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe"
C:\windows\SysWOW64\vmnat.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\windows\SysWOW64\svchost.exe -k netsvcs
WLIDSvcM.exe 1272
"C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe"
C:\windows\SysWOW64\vmnetdhcp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Windows\WindowsMobile\wmdc.exe"
C:\windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
taskeng.exe {53B8E45F-B270-47FE-89E0-69E849E6579F}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe"
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe" /h
"C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe" hide
C:\windows\system32\igfxext.exe -Embedding
C:\windows\system32\igfxsrvc.exe -Embedding
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
"C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe"
"C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe"
"C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe"
"C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe"
"C:\Pepovka\Programy\Firefox\firefox.exe"
"C:\Pepovka\Programy\Firefox\plugin-container.exe" --channel=6416.efb9a80.1294193137 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll" 7D304B5AC410AB36 -greomni "C:\Pepovka\Programy\Firefox\omni.ja" 6416 "\\.\pipe\gecko-crash-server-pipe.6416" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe" --proxy-stub-channel=Flash6004.6C13EE30.41 --host-broker-channel=Flash6004.6C13EE30.18467 --host-pid=6004 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe" --channel=5768.0038F1BC.1940296400 --proxy-stub-channel=Flash6004.6C13EE30.41 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll" --host-npapi-version=27 --type=renderer
"C:\Users\Josik\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default

prefs.js - "browser.startup.homepage" - "http://www.ceskatelevize.cz/loh/zive/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Pepovka\Programy\Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Pepovka\Programy\Firefox\components\
binary.manifest
browsercomps.dll

C:\Pepovka\Programy\Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-15 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA609D72-8482-4076-8991-8CDAE5B93BCB}]
Samsung BHO Class - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-10-25 1973760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-15 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDA57003-0068-4ed2-9D32-4D1EC707D94D}]
Microsoft Web Test Recorder 10.0 Helper - C:\Pepovka\Programy\Visual Studio 10 Ultimate\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19 61360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-17 11613288]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2010-08-31 2581384]
"Windows Mobile Device Center"=C:\windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15 499608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Pepovka\Programy\Alcohol 120\axcmd.exe [2009-09-18 205976]
"AdobeBridge"= []
"Voobly"= []
"LicenseValidator"=C:\Users\Josik\AppData\Roaming\Identities\{41698541-A99D-4686-AEFD-155C90467EFA}\LicenseValidator.exe [2012-08-01 264192]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5.5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-11-29 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-08-01 22:43:28 ----D---- C:\rsit
2012-08-01 22:43:28 ----D---- C:\Program Files\trend micro
2012-08-01 20:42:15 ----D---- C:\Users\Josik\AppData\Roaming\Malwarebytes
2012-08-01 20:42:07 ----D---- C:\ProgramData\Malwarebytes
2012-08-01 20:42:06 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-01 20:15:52 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-08-01 20:15:52 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-01 18:08:22 ----D---- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-08-01 15:30:21 ----D---- C:\Users\Josik\AppData\Roaming\Help
2012-08-01 15:09:45 ----D---- C:\Users\Josik\AppData\Roaming\TeamViewer
2012-08-01 15:09:45 ----D---- C:\Users\Josik\AppData\Roaming\Dropbox
2012-07-31 18:33:00 ----D---- C:\Program Files (x86)\GamersFirst
2012-07-28 21:58:11 ----AH---- C:\windows\system32\hamachi.sys
2012-07-20 21:45:05 ----A---- C:\windows\system32\drivers\atksgt.sys
2012-07-20 21:44:51 ----A---- C:\windows\system32\drivers\lirsgt.sys
2012-07-16 03:11:37 ----A---- C:\windows\system32\win32k.sys
2012-07-16 03:11:00 ----A---- C:\windows\system32\browserchoice.exe
2012-07-11 10:10:35 ----A---- C:\windows\SYSWOW64\msxml6.dll
2012-07-11 10:10:35 ----A---- C:\windows\system32\msxml6.dll
2012-07-11 10:10:35 ----A---- C:\windows\system32\msxml3.dll
2012-07-11 10:10:34 ----A---- C:\windows\SYSWOW64\msxml3r.dll
2012-07-11 10:10:34 ----A---- C:\windows\SYSWOW64\msxml3.dll
2012-07-11 10:10:34 ----A---- C:\windows\system32\shell32.dll
2012-07-11 10:10:34 ----A---- C:\windows\system32\msxml3r.dll
2012-07-11 10:10:33 ----A---- C:\windows\SYSWOW64\shell32.dll
2012-07-11 10:10:31 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2012-07-11 10:10:31 ----A---- C:\windows\system32\schannel.dll
2012-07-11 10:10:31 ----A---- C:\windows\system32\ncrypt.dll
2012-07-11 10:10:31 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2012-07-11 10:10:31 ----A---- C:\windows\system32\drivers\cng.sys
2012-07-11 10:10:30 ----A---- C:\windows\SYSWOW64\sspicli.dll
2012-07-11 10:10:30 ----A---- C:\windows\SYSWOW64\schannel.dll
2012-07-11 10:10:30 ----A---- C:\windows\SYSWOW64\secur32.dll
2012-07-11 10:10:30 ----A---- C:\windows\SYSWOW64\cdosys.dll
2012-07-11 10:10:30 ----A---- C:\windows\system32\drivers\ksecdd.sys
2012-07-11 10:10:29 ----A---- C:\windows\system32\cdosys.dll
2012-07-03 23:15:36 ----D---- C:\Program Files (x86)\Conduit

======List of files/folders modified in the last 1 month======

2012-08-01 23:27:02 ----D---- C:\windows\Temp
2012-08-01 23:03:10 ----RD---- C:\Program Files
2012-08-01 23:03:10 ----D---- C:\windows\Tasks
2012-08-01 23:03:10 ----D---- C:\windows\system32\Tasks
2012-08-01 23:03:09 ----HD---- C:\ProgramData
2012-08-01 23:03:01 ----D---- C:\windows\system32\drivers
2012-08-01 23:00:30 ----SHD---- C:\windows\Installer
2012-08-01 22:59:57 ----SHD---- C:\System Volume Information
2012-08-01 22:55:55 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-08-01 22:55:35 ----D---- C:\windows\system32\catroot2
2012-08-01 22:54:43 ----D---- C:\windows\Prefetch
2012-08-01 22:54:42 ----D---- C:\Program Files (x86)
2012-08-01 22:35:00 ----D---- C:\Windows
2012-08-01 22:34:59 ----D---- C:\windows\inf
2012-08-01 22:29:03 ----D---- C:\windows\system32\config
2012-08-01 22:22:15 ----D---- C:\Program Files (x86)\Common Files
2012-08-01 22:18:40 ----D---- C:\windows\SoftwareDistribution
2012-08-01 22:17:31 ----A---- C:\windows\SYSWOW64\log.txt
2012-08-01 22:17:29 ----D---- C:\windows\Panther
2012-08-01 22:15:43 ----D---- C:\windows\winsxs
2012-08-01 22:15:27 ----D---- C:\ProgramData\VMware
2012-08-01 22:14:09 ----D---- C:\windows\SysWOW64
2012-08-01 22:14:09 ----D---- C:\windows\System32
2012-08-01 22:14:09 ----D---- C:\Program Files\Internet Explorer
2012-08-01 22:14:09 ----D---- C:\Program Files (x86)\Internet Explorer
2012-08-01 20:46:21 ----D---- C:\Users\Josik\AppData\Roaming\Identities
2012-08-01 20:36:11 ----D---- C:\windows\system32\drivers\etc
2012-08-01 18:51:56 ----D---- C:\windows\Logs
2012-08-01 18:51:56 ----D---- C:\windows\debug
2012-08-01 17:25:39 ----D---- C:\Users\Josik\AppData\Roaming\uTorrent
2012-07-26 11:28:43 ----D---- C:\Users\Josik\AppData\Roaming\VMware
2012-07-21 02:37:05 ----SD---- C:\Users\Josik\AppData\Roaming\Microsoft
2012-07-20 21:25:56 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-18 17:41:21 ----RSD---- C:\windows\assembly
2012-07-16 03:11:40 ----D---- C:\windows\system32\catroot
2012-07-16 03:11:35 ----D---- C:\ProgramData\Microsoft Help
2012-07-16 03:08:52 ----A---- C:\windows\system32\MRT.exe
2012-07-11 01:08:07 ----D---- C:\windows\system32\NDF
2012-07-04 16:46:30 ----D---- C:\Users\Josik\AppData\Roaming\Skype
2012-07-04 15:42:08 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-09-13 437272]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-15 28992]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-06-02 503352]
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
R1 VBoxDrv;VirtualBox Service; C:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
R2 cpuz135;cpuz135; \??\C:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 hcmon;VMware hcmon; \??\C:\windows\system32\drivers\hcmon.sys [2009-10-22 38960]
R2 TurboB;Turbo Boost UI Monitor driver; C:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
R2 vmci;VMware vmci; \??\C:\windows\system32\drivers\vmci.sys [2009-10-22 80944]
R2 VMnetBridge;VMware Bridge Protocol; C:\windows\system32\DRIVERS\vmnetbridge.sys [2009-10-22 45104]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\windows\system32\drivers\vmnetuserif.sys [2009-10-22 30256]
R2 vmx86;VMware vmx86; \??\C:\windows\system32\drivers\vmx86.sys [2009-10-22 68144]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [2009-10-12 32816]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-07-29 3065408]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 31088]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-08-31 118664]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-11-29 12252192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-11-17 2556776]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-03 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-03 181248]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 vmkbd;VMware kbd; \??\C:\windows\system32\drivers\VMkbd.sys [2009-10-22 29744]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\windows\system32\DRIVERS\vmnetadapter.sys [2009-10-22 20016]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
R3 WinDriver6;WinDriver6; C:\windows\system32\drivers\windrvr6.sys [2010-08-31 254976]
R4 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys []
S2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2012-07-20 303616]
S2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2012-07-20 35328]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2010-09-21 348712]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-08-21 106536]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2010-09-15 138280]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-09-15 21416]
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 rtport;rtport; \??\C:\windows\SysWOW64\drivers\rtport.sys [2011-05-06 15144]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmusb;VMware USB Client Driver; C:\windows\System32\Drivers\vmusb.sys [2009-10-22 37680]
S3 VSPerfDrv100;Performance Tools Driver 10.0; \??\C:\Pepovka\Programy\Visual Studio 10 Ultimate\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
S4 RsFx0103;RsFx0103 Driver; C:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-10-22 953632]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-06 325656]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-12-01 244904]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 StarWindServiceAE;StarWind AE Service; C:\Pepovka\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [2009-10-22 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\windows\syswow64\vmnetdhcp.exe [2009-10-22 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R2 VMware NAT Service;VMware NAT Service; C:\windows\syswow64\vmnat.exe [2009-10-22 395824]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R2 wmcmgc;Windows Management Configuration; C:\windows\System32\svchost.exe [2009-07-14 27136]
R4 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Pepovka\Hraj\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Samsung UPD Service;Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-06-30 529232]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
S3 ufad-ws60;VMware Agent Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [2009-10-12 191024]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-06-03 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Zdravim a pekny den preji

Odinstalujte Spybot - Search & Destroy - uz ma davno nejlepsi leta za sebou a neni schopen celit aktualnim hrozbam

Tez odinstalujte Emsisoft Anti-Malware - ne moc duveryhodny SW

Vidim nainstalovany MBAM - pokud jste delal sken, tak na zalozce Protokoly jsou nejake logy, ty is sem vlozte

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Dekuji za odpoved a take preji dobry den.

Prvni tri odrazky jsem splnil uz pred prohlizenim pres hijackthis, nicmene me prekvapuje, ze se nekde stale ty programy drzi. Instaloval jsem je ponekud splasene, abych pripadne podchytil lehce detekovatelne hrozby, ale uz jsou pryc, tudiz bohuzel nemuzu poskytnout ani log. Jedine co jsem si vsiml, ze mi spybot nadelal nejakou paseku do hostu, kde presmerovaval nejakych x zvlastnich webu na localhosta, tak jsem to smazl, ackoliv to tam asi vzniklo z ochrannych ucelu.

Zde prikladam log z roguekillera a jeste jednou dekuji za ochotu:

--------------------------------------------------------------------------------------

Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v: Normální režim
Uživatel: Josik [Práva správce]
Mód: Kontrola -- Datum: 08/02/2012 09:53:35

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : LicenseValidator (C:\Users\Josik\AppData\Roaming\Identities\{41698541-A99D-4686-AEFD-155C90467EFA}\LicenseValidator.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-568802358-3452293301-1550574988-1001[...]\Run : LicenseValidator (C:\Users\Josik\AppData\Roaming\Identities\{41698541-A99D-4686-AEFD-155C90467EFA}\LicenseValidator.exe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM641JI +++++
--- User ---
[MBR] 67b0a8fa8b3260c439a20b1f87487b43
[BSP] 9f3cec20139123c01fbbfa6d93be2e32 : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 587767 Mo
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1203953664 | Size: 22610 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

• C:\Users\Josik\AppData\Roaming\Identities\{41698541-A99D-4686-AEFD-155C90467EFA}\LicenseValidator.exe
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

Vysledek testu je zde

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Prvni log po smazani:

------------------------------------------------------------------------------------------------------------------

Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v: Normální režim
Uživatel: Josik [Práva správce]
Mód: Odebrat -- Datum: 08/02/2012 14:18:48

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 11 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : LicenseValidator (C:\Users\Josik\AppData\Roaming\Identities\{41698541-A99D-4686-AEFD-155C90467EFA}\LicenseValidator.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : LicenseValidator (C:\Users\Josik\AppData\Roaming\Identities\{869BDDE4-033F-454D-B489-0F4F87A921A3}\LicenseValidator.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : UpgradeChecker (C:\Users\Josik\AppData\Roaming\TeamViewer\{67331E94-31E7-4C1C-BA62-064EFCC3AB00}\UpgradeChecker.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : UpgradeChecker (C:\Users\Josik\AppData\Roaming\Google Inc.\{7F5F7BF6-9375-4787-8E66-04150EF27108}\UpgradeChecker.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : Upgrade (C:\Users\Josik\AppData\Roaming\Opera\{870E4A9A-0ADC-4DB4-8847-E8AC1839051B}\Upgrade.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : Validator (C:\Users\Josik\AppData\Roaming\Sun\{3D86B689-E371-4109-9ACD-77611FA46D0B}\Validator.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : LicenseValidator (C:\Users\Josik\AppData\Roaming\Windows Desktop Search\{F81C1CAA-2D72-48B2-8759-1FEBCC260B39}\LicenseValidator.exe) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM641JI +++++
--- User ---
[MBR] 67b0a8fa8b3260c439a20b1f87487b43
[BSP] 9f3cec20139123c01fbbfa6d93be2e32 : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 587767 Mo
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1203953664 | Size: 22610 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Druhy log po oprave host:

------------------------------------------------------------------------------------------------------------------

Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v: Normální režim
Uživatel: Josik [Práva správce]
Mód: Oprava HOSTS -- Datum: 08/02/2012 14:20:58

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Fajn, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Zde je log z combofixu, jen me znepokokuje, ze hlasi, ze byl spusten windows defender - moc se ve windowsech nepohybuju, tak jsem o tom bohuzel nevedel a co jsem zkoukl, tam jsem ho pusteny nevidel. Tak snad to nevadilo.

--------------------------------------------------------------------------------------------------------------------

ComboFix 12-07-31.03 - Josik 02.08.2012 14:35:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6055.4289 [GMT 2:00]
Spuštěný z: c:\users\Josik\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Josik\AppData\Local\assembly\tmp
c:\users\Josik\AppData\Roaming\Help\coredb\storage
c:\users\Josik\AppData\Roaming\Identities\{41698541-A99D-4686-AEFD-155C90467EFA}\LicenseValidator.exe
c:\users\Josik\AppData\Roaming\Identities\{869BDDE4-033F-454D-B489-0F4F87A921A3}\LicenseValidator.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-02 do 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 12:40 . 2012-08-02 12:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-02 12:40 . 2012-08-02 12:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 12:18 . 2012-08-02 12:18 -------- d-----w- c:\users\Josik\AppData\Roaming\Windows Desktop Search
2012-08-02 12:18 . 2012-08-02 12:18 -------- d-----w- c:\users\Josik\AppData\Roaming\Google Inc
2012-08-02 07:44 . 2012-08-02 07:44 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95D02C98-5287-4D78-9881-BE9834460D16}\offreg.dll
2012-08-01 20:43 . 2012-08-01 21:27 -------- d-----w- c:\program files\trend micro
2012-08-01 20:43 . 2012-08-01 20:43 -------- d-----w- C:\rsit
2012-08-01 18:42 . 2012-08-01 18:42 -------- d-----w- c:\users\Josik\AppData\Roaming\Malwarebytes
2012-08-01 18:42 . 2012-08-01 18:42 -------- d-----w- c:\programdata\Malwarebytes
2012-08-01 18:15 . 2012-08-01 21:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-01 13:09 . 2012-08-02 12:18 -------- d-----w- c:\users\Josik\AppData\Roaming\TeamViewer
2012-08-01 13:09 . 2012-08-01 13:09 -------- d-----w- c:\users\Josik\AppData\Roaming\Dropbox
2012-08-01 00:11 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95D02C98-5287-4D78-9881-BE9834460D16}\mpengine.dll
2012-07-31 16:33 . 2012-07-31 16:33 -------- d-----w- c:\program files (x86)\GamersFirst
2012-07-28 19:58 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-07-20 19:45 . 2012-07-20 19:45 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-07-20 19:44 . 2012-07-20 19:44 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-07-20 19:34 . 2004-07-15 22:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-07-20 19:34 . 2004-07-15 22:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-07-20 19:34 . 2004-07-15 22:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-07-20 19:34 . 2004-07-15 22:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-07-20 19:34 . 2012-07-20 19:34 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-07-20 19:34 . 2012-07-20 19:34 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-07-20 19:34 . 2004-07-15 22:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-07-18 16:09 . 2012-07-18 16:16 -------- d-----w- c:\users\Josik\AppData\Local\Ubisoft Game Launcher
2012-07-16 01:11 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 01:11 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-13 01:04 . 2012-08-02 12:39 -------- d-----w- c:\users\Josik\AppData\Local\assembly
2012-07-11 00:51 . 2012-07-11 00:51 -------- d-----w- c:\users\Josik\VSWebCache
2012-07-04 23:35 . 2012-07-04 23:35 -------- d-----w- c:\users\Josik\AppData\Local\Macromedia
2012-07-03 21:15 . 2012-07-03 21:15 -------- d-----w- c:\users\Josik\AppData\Local\Google
2012-07-03 21:15 . 2012-07-03 21:15 -------- d-----w- c:\users\Josik\AppData\Local\CRE
2012-07-03 21:15 . 2012-07-03 21:15 -------- d-----w- c:\program files (x86)\Conduit
2012-07-03 21:15 . 2012-08-01 20:54 -------- d-----w- c:\users\Josik\AppData\Local\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 22:02 . 2012-04-06 06:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 22:02 . 2011-06-02 00:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 18:59 . 2011-09-28 14:53 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-31 18:50 . 2011-09-28 14:53 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-16 01:08 . 2011-06-02 08:26 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-06 15:02 . 2012-06-02 00:47 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-02 22:19 . 2012-06-21 11:44 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:45 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:45 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:44 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:45 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:44 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:44 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 11:44 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 08:10 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 08:10 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-25 21:19 . 2012-05-25 21:19 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 04:01 . 2012-06-13 12:06 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 12:06 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 12:06 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\pepovka\Programy\Alcohol 120\axcmd.exe" [2009-09-18 205976]
"UpgradeHelper"="c:\users\Josik\AppData\Roaming\TeamViewer\{B1F83024-6FB4-45CE-B5CF-358193CCB3C5}\UpgradeHelper.exe" [2012-08-02 264192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-09-21 348712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\pepovka\Hraj\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\pepovka\Programy\Visual Studio 10 Ultimate\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-02 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-15 28992]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-02 503352]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-08-31 118664]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-03 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-03 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-17 11613288]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ceskatelevize.cz/loh/zive/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Voobly - (no file)
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-08-02 14:42:02
ComboFix-quarantined-files.txt 2012-08-02 12:42
.
Před spuštěním: Volných bajtů: 63 764 131 840
Po spuštění: Volných bajtů: 63 494 451 200
.
- - End Of File - - 761B9B46A6C5F3484D83E4D9717AFAE3

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "Windows Mobile Device Center"=-
  "AdobeAAMUpdater-1.0"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "AlcoholAutomount"=-
  "AdobeBridge"=-
  "Voobly"=-
  "UpgradeHelper"=-
  [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "SwitchBoard"=-
  "AdobeCS5.5ServiceManager"=-
  "SunJavaUpdateSched"=-
  
  Folder::
  c:\users\Josik\AppData\Roaming\Malwarebytes
  c:\programdata\Malwarebytes
  c:\programdata\Spybot - Search & Destroy
  
  Driver::
  wmcmgc
  
  NetSvc::
  wmcmgc
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Zde je log:

-------------------------------------------------------------------------------------------------

ComboFix 12-07-31.03 - Josik 02.08.2012 17:58:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6056.4578 [GMT 2:00]
Spuštěný z: c:\users\Josik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Josik\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Malwarebytes
c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-08-01.txt
c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-08-02.txt
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Recovery\Overview.ini
c:\users\Josik\AppData\Roaming\Help\coredb\storage
c:\users\Josik\AppData\Roaming\Identities\{4984E14C-4EFF-431A-9C8C-DA344D28B3BB}\LicenseValidator.exe
c:\users\Josik\AppData\Roaming\Malwarebytes
c:\users\Josik\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-08-01 (20-43-59).txt
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wmcmgc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-02 do 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 16:03 . 2012-08-02 16:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-02 12:18 . 2012-08-02 12:18 -------- d-----w- c:\users\Josik\AppData\Roaming\Windows Desktop Search
2012-08-02 12:18 . 2012-08-02 12:18 -------- d-----w- c:\users\Josik\AppData\Roaming\Google Inc
2012-08-01 20:43 . 2012-08-01 21:27 -------- d-----w- c:\program files\trend micro
2012-08-01 20:43 . 2012-08-01 20:43 -------- d-----w- C:\rsit
2012-08-01 13:09 . 2012-08-02 12:18 -------- d-----w- c:\users\Josik\AppData\Roaming\TeamViewer
2012-08-01 13:09 . 2012-08-01 13:09 -------- d-----w- c:\users\Josik\AppData\Roaming\Dropbox
2012-08-01 00:11 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95D02C98-5287-4D78-9881-BE9834460D16}\mpengine.dll
2012-07-31 16:33 . 2012-07-31 16:33 -------- d-----w- c:\program files (x86)\GamersFirst
2012-07-28 19:58 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-07-20 19:45 . 2012-07-20 19:45 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-07-20 19:44 . 2012-07-20 19:44 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-07-20 19:34 . 2004-07-15 22:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-07-20 19:34 . 2004-07-15 22:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-07-20 19:34 . 2004-07-15 22:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-07-20 19:34 . 2004-07-15 22:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-07-20 19:34 . 2012-07-20 19:34 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-07-20 19:34 . 2012-07-20 19:34 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-07-20 19:34 . 2004-07-15 22:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-07-18 16:09 . 2012-07-18 16:16 -------- d-----w- c:\users\Josik\AppData\Local\Ubisoft Game Launcher
2012-07-16 01:11 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 01:11 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-13 01:04 . 2012-08-02 12:39 -------- d-----w- c:\users\Josik\AppData\Local\assembly
2012-07-11 00:51 . 2012-07-11 00:51 -------- d-----w- c:\users\Josik\VSWebCache
2012-07-04 23:35 . 2012-07-04 23:35 -------- d-----w- c:\users\Josik\AppData\Local\Macromedia
2012-07-03 21:15 . 2012-07-03 21:15 -------- d-----w- c:\users\Josik\AppData\Local\Google
2012-07-03 21:15 . 2012-07-03 21:15 -------- d-----w- c:\users\Josik\AppData\Local\CRE
2012-07-03 21:15 . 2012-07-03 21:15 -------- d-----w- c:\program files (x86)\Conduit
2012-07-03 21:15 . 2012-08-01 20:54 -------- d-----w- c:\users\Josik\AppData\Local\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 22:02 . 2012-04-06 06:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 22:02 . 2011-06-02 00:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 18:59 . 2011-09-28 14:53 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-31 18:50 . 2011-09-28 14:53 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-16 01:08 . 2011-06-02 08:26 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-06 15:02 . 2012-06-02 00:47 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-02 22:19 . 2012-06-21 11:44 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:45 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:45 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:44 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:45 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:44 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:44 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 11:44 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 08:10 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 08:10 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-25 21:19 . 2012-05-25 21:19 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 04:01 . 2012-06-13 12:06 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 12:06 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 12:06 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_12.40.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-02 07:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-02 13:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-02 13:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-02 07:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-02 07:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-02 13:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-08-02 13:39 49302 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-11-21 03:09 . 2012-08-02 07:36 49302 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-02 16:06 40434 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-08-02 07:36 40434 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-01 21:00 . 2012-08-02 16:06 12760 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-568802358-3452293301-1550574988-1001_UserData.bin
- 2011-06-01 13:54 . 2012-08-02 07:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-01 13:54 . 2012-08-02 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-01 13:54 . 2012-08-02 07:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-01 13:54 . 2012-08-02 16:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-02 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-02 07:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-18 13:37 . 2012-08-02 07:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-18 13:37 . 2012-08-02 13:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-18 13:37 . 2012-08-02 07:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-18 13:37 . 2012-08-02 13:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-18 13:37 . 2012-08-02 07:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-18 13:37 . 2012-08-02 13:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-01 21:35 . 2012-08-02 12:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-01 21:35 . 2012-08-02 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-29 12:56 . 2012-08-02 12:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-29 12:56 . 2012-08-02 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-02 07:29 . 2012-08-02 07:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 16:04 . 2012-08-02 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-02 07:29 . 2012-08-02 07:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-02 16:04 . 2012-08-02 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-16 14:52 . 2012-08-02 07:34 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-16 14:52 . 2012-08-02 13:42 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-08-01 22:27 412300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-02 16:04 412300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-02 08:15 . 2012-08-02 13:36 6395417 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-568802358-3452293301-1550574988-1001-12288.dat
+ 2011-06-02 08:15 . 2012-08-02 16:04 59475960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-568802358-3452293301-1550574988-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
2;2 nvUpdatusService;NVIDIA Update Service Daemon [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-09-21 348712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\pepovka\Hraj\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\pepovka\Programy\Visual Studio 10 Ultimate\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-02 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-15 28992]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-02 503352]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 80944]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-08-31 118664]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-03 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-03 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-17 11613288]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"combofix"="c:\combofix\CF3413.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ceskatelevize.cz/loh/zive/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-LicenseValidator - c:\users\Josik\AppData\Roaming\Identities\{4984E14C-4EFF-431A-9C8C-DA344D28B3BB}\LicenseValidator.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\pepovka\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Celkový čas: 2012-08-02 18:11:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-02 16:11
ComboFix2.txt 2012-08-02 12:42
.
Před spuštěním: Volných bajtů: 63 676 178 432
Po spuštění: Volných bajtů: 63 304 736 768
.
- - End Of File - - 5ED5805F061731D97334F9D5E1916C21

Jak se chova nas pacient

Pacient je s nejvetsi pravdepodobnosti zdrav

Jen jeste v appdata jsou nektere slozky a dokonce jeden exac, co po te haveti zbyl - predpokladam dobre, ze to uz ted pujde v pohode rucne smaznout?

Jinak velice dekuji za pomoc a ochotu

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :dir
  %APPDATA% /sub

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

Bohuzel jsem byl nucen z logu odstranit nektere citlive informace - jmena, apod. a take ho zkratit abych se vesel do limitu fora, nicmene myslim, ze jde hlavne o ty pochybne exace. Ty jsou v takovych "nenapadnych" slozkach, jako Google Inc., Windows Desktop Search, apod. Rano jich bylo i vice, ale nektere byly smazany a nektere ne, ale jinak vse bezi OK, tak jde podle me jen o pozustatky.

Zde je lehce osekany log:

------------------------------------------------------------------------------------------------

SystemLook 30.07.11 by jpshortstuff
Log created at 23:39 on 02/08/2012 by Josik
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\Users\Josik\AppData\Roaming - Parameters: "/sub"

---Files---
None found.

C:\Users\Josik\AppData\Roaming\Adobe d------ [21:50 01/06/2011]

C:\Users\Josik\AppData\Roaming\Adobe\Acrobat d------ [00:08 02/06/2011]

C:\Users\Josik\AppData\Roaming\Adobe\Acrobat\9.0 d------ [00:08 02/06/2011]
AdobeCMapFnt09.lst --a---- 520 bytes [00:12 02/06/2011] [23:18 27/03/2012]
AdobeSysFnt09.lst --a---- 152489 bytes [00:12 02/06/2011] [17:51 29/02/2012]
SharedDataEvents --a---- 5120 bytes [00:09 02/06/2011] [20:38 01/08/2012]
TMDocs.sav --a---- 36 bytes [08:21 17/06/2011] [19:09 09/04/2012]
TMGrpPrm.sav --a---- 54 bytes [08:21 17/06/2011] [19:09 09/04/2012]
UserCache.bin --a---- 72702 bytes [00:08 02/06/2011] [10:03 28/03/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Acrobat\9.0\Collab d------ [00:08 02/06/2011]

C:\Users\Josik\AppData\Roaming\Adobe\Acrobat\9.0\Forms d------ [15:27 15/06/2011]

C:\Users\Josik\AppData\Roaming\Adobe\Acrobat\9.0\JavaScripts d------ [08:21 17/06/2011]
glob.js --a---- 0 bytes [08:21 17/06/2011] [14:19 17/05/2012]
glob.settings.js --a---- 10 bytes [08:21 17/06/2011] [14:19 17/05/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Acrobat\9.0\Security d------ [08:21 17/06/2011]
addressbook.acrodata --a---- 5399 bytes [08:21 17/06/2011] [08:21 17/06/2011]

C:\Users\Josik\AppData\Roaming\Adobe\Adobe PDF d------ [02:20 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Adobe PDF\Settings d------ [02:20 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\AIR d------ [18:55 01/06/2011]
eulaAccepted --a---- 1 bytes [18:55 01/06/2011] [00:44 12/09/2011]

C:\Users\Josik\AppData\Roaming\Adobe\AIR\CRLCache d------ [18:56 01/06/2011]
217583007B475EB7A649AEBCFC4EC3D0EBA3F228.crl --a---- 533 bytes [02:11 29/02/2012] [02:11 29/02/2012]
4106EDA17536B4F5A244B51F5CD200B45AF5F1B9.crl --a---- 36163 bytes [02:11 29/02/2012] [02:11 29/02/2012]
5CB653B2DAF9459B6E8E3796503DD779BAD8DB50.crl --a---- 341 bytes [18:56 01/06/2011] [02:11 29/02/2012]
A567C68FE225A8176819878924C6ED2B83D9C4D5.crl --a---- 37735 bytes [02:11 29/02/2012] [02:11 29/02/2012]
DD0A55570E581C3EAE83066FA036FA6B98C26BF9.crl --a---- 898 bytes [02:11 29/02/2012] [02:11 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\AIR\Updater d------ [18:55 01/06/2011]
lastUpdateCheck --a---- 35 bytes [18:56 01/06/2011] [00:44 12/09/2011]

C:\Users\Josik\AppData\Roaming\Adobe\AIR\Updater\Background d------ [00:44 12/09/2011]

C:\Users\Josik\AppData\Roaming\Adobe\CameraRaw d------ [02:28 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\CameraRaw\Defaults d------ [02:28 29/02/2012]
Preferences.xmp --a---- 900 bytes [02:28 29/02/2012] [02:28 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\CameraRaw\LensProfiles d------ [02:28 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Color d------ [02:20 29/02/2012]
ACEConfigCache2.lst --a---- 496 bytes [02:20 29/02/2012] [20:12 13/03/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Color\Proofing d------ [02:20 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Color\Settings d------ [02:20 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\CS5.5ServiceManager d------ [02:13 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\CS5.5ServiceManager\cache d------ [02:14 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\CS5.5ServiceManager\cache\ExtensionManifest d------ [02:20 29/02/2012]
IDSN_7_5_en_GB.cache --a---- 36576 bytes [02:20 29/02/2012] [02:20 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\CS5.5ServiceManager\configuration d------ [02:14 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\CS5.5ServiceManager\extensions d------ [02:13 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\CS5.5ServiceManager\logs d------ [02:14 29/02/2012]
CS5.5ServiceManager_native.log --a---- 46 bytes [02:20 29/02/2012] [13:37 02/08/2012]

C:\Users\Josik\AppData\Roaming\Adobe\CS5.5ServiceManager\preference d------ [02:14 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\CS5.5ServiceManager\StageManager d------ [02:14 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\ExtendScript Toolkit d------ [02:11 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\ExtendScript Toolkit\3.5 d------ [02:11 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Extension Manager CS5.5 d------ [02:11 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Flash Player d------ [21:50 01/06/2011]

C:\Users\Josik\AppData\Roaming\Adobe\Flash Player\AFCache d------ [23:35 04/07/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Flash Player\APSPrivateData2 d------ [23:35 04/07/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Flash Player\AssetCache d------ [21:50 01/06/2011]

C:\Users\Josik\AppData\Roaming\Adobe\Flash Player\AssetCache\9739PW9X d------ [21:50 01/06/2011]
1846548181EAE8A4BB86AFC74FD021D9A0F6DFA6.heu --a---- 148 bytes [20:05 22/06/2011] [00:57 30/12/2011]
1846548181EAE8A4BB86AFC74FD021D9A0F6DFA6.swz --a---- 541380 bytes [20:05 22/06/2011] [20:05 22/06/2011]
1C04C61346A1FA3139A37D860ED92632AA13DECF.heu --a---- 148 bytes [21:09 25/08/2011] [21:12 25/08/2011]
1C04C61346A1FA3139A37D860ED92632AA13DECF.swz --a---- 565987 bytes [21:09 25/08/2011] [21:09 25/08/2011]
381814F6F5270FFBB27E244D6138BC023AF911D5.heu --a---- 150 bytes [18:59 01/06/2011] [12:06 30/07/2012]
381814F6F5270FFBB27E244D6138BC023AF911D5.swz --a---- 157002 bytes [18:59 01/06/2011] [18:59 01/06/2011]
3C82B2A2455B252B8595FD0113249AA19D7E8BDD.heu --a---- 148 bytes [01:41 17/02/2012] [01:41 17/02/2012]
3C82B2A2455B252B8595FD0113249AA19D7E8BDD.swz --a---- 569996 bytes [01:41 17/02/2012] [01:41 17/02/2012]
440AE73B017A477382DEFF7C0DBE4896FED21079.heu --a---- 150 bytes [23:38 20/08/2011] [12:06 30/07/2012]
440AE73B017A477382DEFF7C0DBE4896FED21079.swz --a---- 54532 bytes [23:38 20/08/2011] [23:38 20/08/2011]
49280E749D7318EA369BC7E61369C34AD2D22859.heu --a---- 150 bytes [16:28 17/06/2011] [13:19 01/08/2012]
49280E749D7318EA369BC7E61369C34AD2D22859.swz --a---- 54428 bytes [16:28 17/06/2011] [16:28 17/06/2011]
4BAE91DBAEF0CEEC0FCE5505D96DDEA865EDBFC1.heu --a---- 149 bytes [21:25 29/06/2012] [23:40 01/07/2012]
4BAE91DBAEF0CEEC0FCE5505D96DDEA865EDBFC1.swz --a---- 482555 bytes [21:25 29/06/2012] [21:25 29/06/2012]
6344DCC80A9A6A3676DCEA0C92C8C45EFD2F3220.heu --a---- 150 bytes [23:38 20/08/2011] [12:06 30/07/2012]
6344DCC80A9A6A3676DCEA0C92C8C45EFD2F3220.swz --a---- 319300 bytes [23:38 20/08/2011] [23:38 20/08/2011]
6DDB94AE3365798230849FA0F931AC132FE417D1.heu --a---- 150 bytes [23:38 20/08/2011] [12:06 30/07/2012]
6DDB94AE3365798230849FA0F931AC132FE417D1.swz --a---- 131925 bytes [23:38 20/08/2011] [23:38 20/08/2011]
7421C71F94DB4F028E7528B2D278F3FE4DC21273.heu --a---- 149 bytes [18:12 21/08/2011] [13:14 01/08/2012]
7421C71F94DB4F028E7528B2D278F3FE4DC21273.swz --a---- 156308 bytes [18:12 21/08/2011] [18:12 21/08/2011]
76C30565F803F2587F156A8344E4091992D31B27.heu --a---- 150 bytes [16:28 17/06/2011] [13:19 01/08/2012]
76C30565F803F2587F156A8344E4091992D31B27.swz --a---- 322027 bytes [16:28 17/06/2011] [16:28 17/06/2011]
7899EDF6A90C42AAB967D1695CF634953C3CDC0A.heu --a---- 149 bytes [11:54 18/07/2012] [11:44 02/08/2012]
7899EDF6A90C42AAB967D1695CF634953C3CDC0A.swz --a---- 54418 bytes [11:54 18/07/2012] [11:54 18/07/2012]
84D36BDF5E2577BFB0B8CE6A12A8646BB1AADDDD.heu --a---- 149 bytes [21:25 29/06/2012] [23:40 01/07/2012]
84D36BDF5E2577BFB0B8CE6A12A8646BB1AADDDD.swz --a---- 54416 bytes [21:25 29/06/2012] [21:25 29/06/2012]
871F12AF0853C06E4EB80A1CCAB295CEADBB817A.heu --a---- 150 bytes [23:38 20/08/2011] [12:06 30/07/2012]
871F12AF0853C06E4EB80A1CCAB295CEADBB817A.swz --a---- 627102 bytes [23:38 20/08/2011] [23:38 20/08/2011]
8D9BD95C28BED7A58006E8111DF0DC7F938F766C.heu --a---- 149 bytes [11:54 18/07/2012] [11:44 02/08/2012]
8D9BD95C28BED7A58006E8111DF0DC7F938F766C.swz --a---- 322182 bytes [11:54 18/07/2012] [11:54 18/07/2012]
8F903698240FE799F61EEDA8595181137B996156.heu --a---- 150 bytes [16:28 17/06/2011] [11:44 02/08/2012]
8F903698240FE799F61EEDA8595181137B996156.swz --a---- 186404 bytes [16:28 17/06/2011] [16:28 17/06/2011]
9A7DEE2B537712BEF484CBD9E4DDBF88C78F436C.heu --a---- 150 bytes [16:28 17/06/2011] [13:19 01/08/2012]
9A7DEE2B537712BEF484CBD9E4DDBF88C78F436C.swz --a---- 465633 bytes [16:28 17/06/2011] [16:28 17/06/2011]
9F67B1C289A5B5DB7B32844AF679E758541D101B.heu --a---- 150 bytes [16:28 17/06/2011] [13:19 01/08/2012]
9F67B1C289A5B5DB7B32844AF679E758541D101B.swz --a---- 325305 bytes [16:28 17/06/2011] [16:28 17/06/2011]
A5515FD0D36E8AFB49675489EFDC2060580BA794.heu --a---- 149 bytes [11:54 18/07/2012] [11:44 02/08/2012]
A5515FD0D36E8AFB49675489EFDC2060580BA794.swz --a---- 325312 bytes [11:54 18/07/2012] [11:54 18/07/2012]
ABD49354324081CEBB8F60184CF5FEE81F0F9298.heu --a---- 149 bytes [21:25 29/06/2012] [23:40 01/07/2012]
ABD49354324081CEBB8F60184CF5FEE81F0F9298.swz --a---- 327044 bytes [21:25 29/06/2012] [21:25 29/06/2012]
B2302138B70206DAAF6737166713BEC5280D4A90.heu --a---- 149 bytes [11:54 18/07/2012] [11:44 02/08/2012]
B2302138B70206DAAF6737166713BEC5280D4A90.swz --a---- 132717 bytes [11:54 18/07/2012] [11:54 18/07/2012]
B63185FCA5D2BDBB568593F2BF232E87E5A20A7E.heu --a---- 150 bytes [16:28 17/06/2011] [13:19 01/08/2012]
B63185FCA5D2BDBB568593F2BF232E87E5A20A7E.swz --a---- 141201 bytes [16:28 17/06/2011] [16:28 17/06/2011]
C3306B26751D6A80EB1FCB651912469AE18819AB.heu --a---- 148 bytes [18:59 01/06/2011] [09:02 30/09/2011]
C3306B26751D6A80EB1FCB651912469AE18819AB.swz --a---- 98077 bytes [18:59 01/06/2011] [18:59 01/06/2011]
cacheSize.txt --a---- 8 bytes [18:59 01/06/2011] [11:54 18/07/2012]
D1680A46DD686B3B0CC9EC01D8C584666A78E145.heu --a---- 150 bytes [16:28 17/06/2011] [13:19 01/08/2012]
D1680A46DD686B3B0CC9EC01D8C584666A78E145.swz --a---- 132728 bytes [16:28 17/06/2011] [16:28 17/06/2011]
D888AEE0CE49F58A35C32EB138EDD00F0D6B9FAE.heu --a---- 149 bytes [21:25 29/06/2012] [23:40 01/07/2012]
D888AEE0CE49F58A35C32EB138EDD00F0D6B9FAE.swz --a---- 322020 bytes [21:25 29/06/2012] [21:25 29/06/2012]
F7536EF0D78A77B889EEBE98BF96BA5321A1FDE0.heu --a---- 148 bytes [21:09 25/08/2011] [21:12 25/08/2011]
F7536EF0D78A77B889EEBE98BF96BA5321A1FDE0.swz --a---- 127284 bytes [21:09 25/08/2011] [21:09 25/08/2011]
FFED7ABF745E67D4FA1BBED81ED0DA48E262E5F5.heu --a---- 149 bytes [11:54 18/07/2012] [11:44 02/08/2012]
FFED7ABF745E67D4FA1BBED81ED0DA48E262E5F5.swz --a---- 466935 bytes [11:54 18/07/2012] [11:54 18/07/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Flash Player\Icon Cache d------ [23:35 04/07/2012]

C:\Users\Josik\AppData\Roaming\Adobe\Flash Player\NativeCache d------ [23:35 04/07/2012]

C:\Users\Josik\AppData\Roaming\Adobe\InDesign d------ [02:13 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\InDesign\Version 7.5 d------ [02:13 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\InDesign\Version 7.5\en_GB d------ [02:19 29/02/2012]
Colour Settings --a---- 560856 bytes [20:12 13/03/2012] [20:12 13/03/2012]
InDesign Defaults --a---- 3108864 bytes [02:20 29/02/2012] [20:13 13/03/2012]

C:\Users\Josik\AppData\Roaming\Adobe\InDesign\Version 7.5\en_GB\CompositeFont d------ [02:19 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\InDesign\Version 7.5\en_GB\Scripts d------ [02:20 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\InDesign\Version 7.5\en_GB\Scripts\Scripts Panel d------ [02:20 29/02/2012]

C:\Users\Josik\AppData\Roaming\Adobe\InDesign\Version 7.5\en_GB\Workspaces d------ [02:20 29/02/2012]
Essentials_CurrentWorkspace.xml --a---- 45183 bytes [02:30 29/02/2012] [20:13 13/03/2012]

C:\Users\Josik\AppData\Roaming\Adobe\SwitchBoard d------ [02:11 29/02/2012]
launch.switchboard --a---- 0 bytes [02:11 29/02/2012] [02:11 29/02/2012]
switchboard.ini --a---- 369 bytes [02:11 29/02/2012] [02:11 29/02/2012]
switchboard.xml --a---- 7408 bytes [02:11 29/02/2012] [02:28 29/02/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 d------ [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store d------ [20:04 13/03/2012]
appDB.db --a---- 30720 bytes [20:04 13/03/2012] [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#ApplicationUpdater d------ [20:04 13/03/2012]
state.xml --a---- 231 bytes [20:04 13/03/2012] [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#SharedObjects d------ [20:04 13/03/2012]
s_br.sol --a---- 35 bytes [20:04 13/03/2012] [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help d------ [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US d------ [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\CreativeSuite d------ [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\CreativeSuite\CS5 d------ [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\CreativeSuite\CS5\Using d------ [20:04 13/03/2012]
helpmap.txt --a---- 327 bytes [20:04 13/03/2012] [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\InDesign d------ [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\InDesign\CS5 d------ [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\InDesign\CS5\Using d------ [20:04 13/03/2012]
helpmap.txt --a---- 834 bytes [20:04 13/03/2012] [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpCfg d------ [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpCfg\en_US d------ [20:04 13/03/2012]
Bridge_4.1.helpcfg --a---- 780 bytes [20:04 13/03/2012] [20:04 13/03/2012]
InDesign_7.5.helpcfg --a---- 1104 bytes [20:04 13/03/2012] [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpIcons d------ [20:04 13/03/2012]
Bridge_4.1.png --a---- 1746 bytes [20:04 13/03/2012] [20:04 13/03/2012]
Bridge_4.1_32.png --a---- 2414 bytes [20:04 13/03/2012] [20:04 13/03/2012]
InDesign_7.5.png --a---- 1789 bytes [20:04 13/03/2012] [20:04 13/03/2012]
InDesign_7.5_32.png --a---- 2462 bytes [20:04 13/03/2012] [20:04 13/03/2012]

C:\Users\Josik\AppData\Roaming\com.adobe.dmp.contentviewer d------ [02:19 29/02/2012]

C:\Users\Josik\AppData\Roaming\com.adobe.dmp.contentviewer\Local Store d------ [02:19 29/02/2012]

C:\Users\Josik\AppData\Roaming\com.adobe.dmp.contentviewer\Local Store\#SharedObjects d------ [02:19 29/02/2012]

C:\Users\Josik\AppData\Roaming\com.adobe.dmp.contentviewer\Local Store\#SharedObjects\DesktopPreviewer.swf d------ [02:19 29/02/2012]
aaidadobedevdp_bufferedE#28#08#BAnalytics.sol --a---- 117 bytes [02:19 29/02/2012] [02:19 29/02/2012]
AnalyticsControllerCache.sol --a---- 135 bytes [02:19 29/02/2012] [02:19 29/02/2012]
ApplicationViewModelCache.sol --a---- 67 bytes [02:19 29/02/2012] [02:19 29/02/2012]
FolioViewModelCache.sol --a---- 85 bytes [02:19 29/02/2012] [02:19 29/02/2012]
WindowSettings.sol --a---- 50 bytes [02:19 29/02/2012] [02:19 29/02/2012]

C:\Users\Josik\AppData\Roaming\com.adobe.dmp.contentviewer\Local Store\dataaaidadobedevdp d------ [02:19 29/02/2012]
3_1330481977994_0 --a---- 906 bytes [02:19 29/02/2012] [02:19 29/02/2012]

C:\Users\Josik\AppData\Roaming\com.adobe.dmp.contentviewer\Local Store\FolioCache d------ [02:19 29/02/2012]

C:\Users\Josik\AppData\Roaming\CyberLink d------ [21:42 01/06/2011]

C:\Users\Josik\AppData\Roaming\CyberLink\Media+Player10 d------ [21:42 01/06/2011]

C:\Users\Josik\AppData\Roaming\CyberLink\Media+Player10\Remix d------ [21:42 01/06/2011]

C:\Users\Josik\AppData\Roaming\CyberLink\MediaCache d------ [23:20 10/09/2011]

C:\Users\Josik\AppData\Roaming\CyberLink\PowerCinema d------ [21:42 01/06/2011]

C:\Users\Josik\AppData\Roaming\CyberLink\PowerDVD d------ [21:42 01/06/2011]

C:\Users\Josik\AppData\Roaming\Dropbox d------ [13:09 01/08/2012]

C:\Users\Josik\AppData\Roaming\Dropbox\{D76D9FFD-0086-486A-8ED4-BD6DB69378C2} d------ [13:09 01/08/2012]

C:\Users\Josik\AppData\Roaming\e-academy Inc d------ [00:05 02/06/2012]

C:\Users\Josik\AppData\Roaming\e-academy Inc\SecureDownloadManager d------ [00:05 02/06/2012]
SdmSaveState.xml --a---- 1240 bytes [00:06 02/06/2012] [00:28 02/06/2012]


C:\Users\Josik\AppData\Roaming\GHISLER d------ [23:31 28/11/2011]
wcx_ftp.ini --a---- 120 bytes [23:33 28/11/2011] [00:14 29/11/2011]
wincmd.ini --a---- 709 bytes [23:31 28/11/2011] [20:05 10/04/2012]

C:\Users\Josik\AppData\Roaming\Google Inc d------ [12:18 02/08/2012]

C:\Users\Josik\AppData\Roaming\Google Inc\{7F5F7BF6-9375-4787-8E66-04150EF27108} d------ [12:18 02/08/2012]
UpgradeChecker.exe --a---- 264192 bytes [12:18 02/08/2012] [12:18 02/08/2012]

C:\Users\Josik\AppData\Roaming\gtk-2.0 d------ [00:52 13/01/2012]
gtkfilechooser.ini --a---- 168 bytes [01:09 13/01/2012] [01:09 13/01/2012]


C:\Users\Josik\AppData\Roaming\Help d------ [13:30 01/08/2012]

C:\Users\Josik\AppData\Roaming\Help\coredb d------ [13:30 01/08/2012]

C:\Users\Josik\AppData\Roaming\Identities d------ [21:08 01/06/2011]

C:\Users\Josik\AppData\Roaming\Identities\{211482DC-EE4A-4E5B-A0CF-C07473D31D83} d------ [21:08 01/06/2011]

C:\Users\Josik\AppData\Roaming\Identities\{41698541-A99D-4686-AEFD-155C90467EFA} d------ [18:46 01/08/2012]

C:\Users\Josik\AppData\Roaming\Identities\{4984E14C-4EFF-431A-9C8C-DA344D28B3BB} d------ [15:58 02/08/2012]

C:\Users\Josik\AppData\Roaming\Identities\{869BDDE4-033F-454D-B489-0F4F87A921A3} d------ [12:18 02/08/2012]

C:\Users\Josik\AppData\Roaming\InstallShield d------ [23:39 01/06/2011]

C:\Users\Josik\AppData\Roaming\InstallShield\ISEngine12.0 d------ [23:39 01/06/2011]

C:\Users\Josik\AppData\Roaming\IrfanView d------ [21:15 01/06/2011]
i_view32.ini --a---- 3669 bytes [21:15 01/06/2011] [09:47 01/08/2012]

C:\Users\Josik\AppData\Roaming\Leadertech d------ [20:45 02/06/2011]

C:\Users\Josik\AppData\Roaming\Leadertech\PowerRegister d------ [20:45 02/06/2011]
PowerReg.dat --a---- 399 bytes [20:45 02/06/2011] [20:45 02/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia d------ [21:50 01/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player d------ [21:50 01/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\#Security d------ [18:55 01/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\#Security\FlashPlayerTrust d------ [18:55 01/06/2011]
air.1.0.trust.cfg --a---- 5 bytes [18:55 01/06/2011] [18:55 01/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\#SharedObjects d------ [21:50 01/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7JFPSBJ d------ [21:50 01/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7JFPSBJ\img.ceskatelevize.cz d------ [08:21 02/08/2012]
vxOneGroup.sol --a---- 59 bytes [08:21 02/08/2012] [12:14 02/08/2012]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7JFPSBJ\mail.google.com d------ [17:20 29/09/2011]
wakeup.sol --a---- 37 bytes [17:20 29/09/2011] [16:40 02/08/2012]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7JFPSBJ\media.novinky.cz d------ [11:34 02/08/2012]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7JFPSBJ\media.novinky.cz\player d------ [11:34 02/08/2012]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7JFPSBJ\media.novinky.cz\player\latest_player.swf d------ [11:34 02/08/2012]
sznVideoPlayer.sol --a---- 48 bytes [11:34 02/08/2012] [11:34 02/08/2012]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7JFPSBJ\s.ytimg.com d------ [13:06 02/08/2012]
videostats.sol --a---- 275 bytes [13:06 02/08/2012] [21:37 02/08/2012]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\macromedia.com d------ [21:50 01/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support d------ [21:50 01/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer d------ [21:50 01/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys d------ [21:50 01/06/2011]
settings.sol --a---- 609 bytes [21:50 01/06/2011] [13:15 02/08/2012]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img.ceskatelevize.cz d------ [08:21 02/08/2012]
settings.sol --a---- 90 bytes [08:21 02/08/2012] [08:21 02/08/2012]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mail.google.com d------ [00:34 02/06/2011]
settings.sol --a---- 85 bytes [00:34 02/06/2011] [00:34 02/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.novinky.cz d------ [11:34 02/08/2012]
settings.sol --a---- 86 bytes [11:34 02/08/2012] [11:34 02/08/2012]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com d------ [13:06 02/08/2012]
settings.sol --a---- 81 bytes [13:06 02/08/2012] [13:06 02/08/2012]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com d------ [18:55 01/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin d------ [18:55 01/06/2011]

C:\Users\Josik\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller d------ [00:44 12/09/2011]
airappinstaller.exe --a---- 53632 bytes [00:44 12/09/2011] [00:44 12/09/2011]
digest.s --a---- 2836 bytes [00:44 12/09/2011] [00:44 12/09/2011]

C:\Users\Josik\AppData\Roaming\Media Center Programs d------ [20:58 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft d---s-- [20:58 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Clip Organizer d------ [23:47 04/06/2011]
mstore14.mgc --a---- 197688 bytes [23:47 04/06/2011] [23:47 04/06/2011]
Offic14.MGC --a---- 148512 bytes [23:47 04/06/2011] [23:47 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\CLR Security Config d------ [22:11 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 d------ [22:11 01/06/2011]
security.config --a---- 16188 bytes [00:55 02/06/2012] [00:55 02/06/2012]
security.config.cch --a---- 33446 bytes [22:18 01/06/2011] [18:58 31/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit d------ [00:06 02/06/2011]
security.config --a---- 16188 bytes [00:55 02/06/2012] [00:55 02/06/2012]
security.config.cch --a---- 18508 bytes [19:06 01/06/2011] [21:00 01/08/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Credentials d---s-- [20:58 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Crypto d---s-- [20:58 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Crypto\RSA d---s-- [20:58 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-568802358-3452293301-1550574988-1001 d---s-- [20:58 01/06/2011]
035e79e7b86d7d703be57fc46eba2232_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [00:23 29/07/2012] [00:23 29/07/2012]
134c078d47e4ee495da3acb71db77404_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [00:22 29/07/2012] [00:22 29/07/2012]
17ff8fc5aa5ec23b6caa746def43da58_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [15:25 01/08/2012] [15:25 01/08/2012]
1f91d2d17ea675d4c2c3192e241743f9_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [21:14 03/07/2012] [21:14 03/07/2012]
2117b5b2ce26762b493fb778aa72e9ce_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [14:26 01/08/2012] [14:26 01/08/2012]
2b31020e0cbc076bcf8bf5ee9bb9cfcf_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [14:24 01/08/2012] [14:24 01/08/2012]
30e62196225f36a5bee018b0beca47e7_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [22:23 22/07/2012] [22:23 22/07/2012]
38404454d954b8212d50e9d479d3519d_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [12:32 30/11/2011] [12:32 30/11/2011]
3a1a51edd7b28627146dae743a8ae467_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [17:19 02/06/2011] [17:19 02/06/2011]
3a6e241182862689b62b96872df71f97_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [15:05 20/07/2012] [15:05 20/07/2012]
3ffed38417455e0f23fdff441412205c_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [20:58 01/06/2011] [20:58 01/06/2011]
406a086ba1f55e24708d94a9bc53462a_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [13:00 01/12/2011] [13:00 01/12/2011]
42f45e4a4b18dac2143940921dcb5daa_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [13:47 01/08/2012] [13:47 01/08/2012]
4bbe1f274f0c686cc8b78086e9f97d9f_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [21:16 03/07/2012] [21:16 03/07/2012]
5521e29a9446a7c7e0df7d90d52f57a1_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [14:18 01/08/2012] [14:18 01/08/2012]
5d92e485e09d1fc62909365b12b2aba1_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [16:56 06/07/2012] [16:56 06/07/2012]
681f7ff87b8acf2555701b262537f943_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [23:59 22/07/2012] [23:59 22/07/2012]
6b29ae44e85efac3c72ff4d1865d73f1_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 53 bytes [17:21 21/07/2011] [17:21 21/07/2011]
6b6f518d6e2dfbeda7f1e2a4c96854fe_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [23:59 22/07/2012] [23:59 22/07/2012]
6ea16bbc7c6119176d2bfeb802f43d1c_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [22:02 31/07/2012] [22:02 31/07/2012]
7535061077fa816d303141519610a5cc_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [08:32 02/06/2011] [08:32 02/06/2011]
755de5061e47986edae2016edc138e87_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [00:47 03/06/2011] [00:47 03/06/2011]
79191083d4e982110d16bb5b6a395de6_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [19:21 02/06/2011] [19:21 02/06/2011]
7c555591d9e9659e21405b46485aaa79_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [14:48 01/08/2012] [14:48 01/08/2012]
81ea31757cc9c02d4fe0f7d9e9a0e9d7_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [21:40 01/08/2012] [21:40 01/08/2012]
83aa4cc77f591dfc2374580bbd95f6ba_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 45 bytes [17:21 21/07/2011] [17:21 21/07/2011]
83f66d590921f87ed255d0cfc56a0422_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 48 bytes [02:25 29/04/2012] [18:52 23/05/2012]
8894667d0b3dee4dacdd6dfb81939505_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [14:27 23/07/2012] [14:27 23/07/2012]
9c5c7f5656d79073435b19e4aec0a947_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [18:35 17/07/2012] [18:35 17/07/2012]
9df13230e530b72e0622d98a1803632e_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [19:36 22/07/2012] [19:36 22/07/2012]
a077ead69703e3bf1fd373a3c9376faa_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 77 bytes [21:03 01/06/2011] [21:04 01/06/2011]
b46414513512ae121932836995c50fa0_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [08:48 03/06/2011] [08:48 03/06/2011]
b75f6dcdcf55c893a5e89d0ec4ff5cab_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [08:17 02/06/2011] [08:17 02/06/2011]
b7f94f54864b93e78289038e9def4a36_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [20:14 19/07/2012] [20:14 19/07/2012]
b959af09e6f0277d3ba10ce92a22e6b3_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [15:54 29/07/2012] [15:54 29/07/2012]
c023bb7c320c36ff796b48b3a7e1fb68_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [00:22 04/07/2012] [00:22 04/07/2012]
c41568a64b6fcfa608589edb97477cd9_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [14:48 01/08/2012] [14:48 01/08/2012]
c9b72f17755c34da2c757ed272cb5cc8_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [13:33 09/07/2012] [13:33 09/07/2012]
cc2e8777d89af2eb34fada0910245a2f_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [23:40 01/06/2011] [23:40 01/06/2011]
d6f00abb98943e8cff45b742de4e4541_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [22:21 19/07/2012] [22:21 19/07/2012]
e1176c4c92c3cbdf3f0867c72578a843_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1496 bytes [15:12 01/06/2012] [15:12 01/06/2012]
e52f73ea1e6d8fb5afd750e25de6c8fa_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 46 bytes [19:09 01/06/2011] [19:09 01/06/2011]
e843d1387c5ea540b1f9701cf3ed357b_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [20:15 19/07/2012] [20:15 19/07/2012]
ede2d45ef0fa0d78772a81e4958df93c_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [22:49 22/07/2012] [22:49 22/07/2012]
f236a2e7e170182a77ecb0510a9043a4_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [23:59 22/07/2012] [23:59 22/07/2012]
f67c2db8703110704d8bba57687b73db_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 46 bytes [21:12 01/06/2011] [21:12 01/06/2011]
f8e40ed5759a00a4c665b242e8bfb80d_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [16:34 20/07/2012] [16:34 20/07/2012]
fb6f7f5a974d6be603e1bd523af98491_505e5b0d-960c-4d57-a495-128cac90d842 --a-s-- 1487 bytes [23:59 22/07/2012] [23:59 22/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Document Building Blocks d------ [23:37 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Document Building Blocks\1029 d------ [23:37 04/06/2011]
Building Blocks.dotx --a---- 327765 bytes [21:10 05/06/2011] [10:29 08/01/2007]

C:\Users\Josik\AppData\Roaming\Microsoft\Document Building Blocks\1029\14 d------ [23:37 04/06/2011]
Built-In Building Blocks.dotx --a---- 3995153 bytes [23:37 04/06/2011] [23:43 08/06/2010]

C:\Users\Josik\AppData\Roaming\Microsoft\Doplňky d------ [21:10 05/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Excel d------ [22:23 05/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Excel\XLStart d------ [22:23 05/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\HTML Help d------ [13:09 22/06/2011]
hh.dat --a---- 8590 bytes [13:09 22/06/2011] [13:09 22/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\IME12 d------ [23:35 04/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\IMJP12 d------ [23:35 04/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\IMJP8_1 d------ [23:35 04/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\IMJP9_0 d------ [23:35 04/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Installer d------ [16:17 09/04/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Installer\{075C20B8-A09B-41AB-9B06-5BA7E103910F} d------ [16:17 09/04/2012]
_294823.exe -ra---- 766 bytes [16:17 09/04/2012] [16:17 09/04/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Installer\{C28422FB-F2CD-427A-ADED-9F281745CDB2} d------ [00:05 02/06/2012]
_112D608FD02CD87FDC7735.exe -ra---- 9662 bytes [00:05 02/06/2012] [00:05 02/06/2012]
_853F67D554F05449430E7E.exe -ra---- 9662 bytes [00:05 02/06/2012] [00:05 02/06/2012]
_B105678E7C23703AE67E7E.exe -ra---- 9662 bytes [00:05 02/06/2012] [00:05 02/06/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Internet Explorer d------ [20:58 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Internet Explorer\UserData d------ [00:22 02/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low d--hs-- [00:22 02/06/2011]
index.dat --ahs-- 32768 bytes [00:22 02/06/2011] [16:49 17/11/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Microsoft SQL Server d------ [00:37 21/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Microsoft SQL Server\90 d------ [00:37 21/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Microsoft SQL Server\90\Tools d------ [00:37 21/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Microsoft SQL Server\90\Tools\Shell d------ [00:37 21/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\MMC d------ [21:46 29/08/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Network d------ [21:08 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Network\Connections d------ [21:08 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Network\Connections\Pbk d------ [21:08 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk d------ [21:08 01/06/2011]
rasphone.pbk --a---- 0 bytes [21:08 01/06/2011] [21:08 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Office d------ [23:37 04/06/2011]
Excel12.pip --a---- 1544 bytes [22:24 05/06/2011] [22:44 29/10/2011]
fbc3BC7.tmp --a---- 13780 bytes [23:46 30/01/2012] [23:46 30/01/2012]
MSO1029.acl --a---- 20340 bytes [23:37 04/06/2011] [23:37 04/06/2011]
MSO2057.acl --a---- 30 bytes [20:43 18/10/2011] [20:43 18/10/2011]
PowerP12.pip --a---- 1492 bytes [18:43 15/06/2011] [15:11 16/05/2012]
Word12.pip --a---- 1696 bytes [21:11 05/06/2011] [15:28 18/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\PowerPoint d------ [19:23 18/10/2011]
PPT12.pcb --a---- 55 bytes [19:23 18/10/2011] [19:23 18/10/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Proof d------ [23:37 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Protect d---s-- [20:58 01/06/2011]
CREDHIST --ahs-- 24 bytes [20:58 01/06/2011] [20:58 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Protect\S-1-5-21-568802358-3452293301-1550574988-1001 d---s-- [20:58 01/06/2011]
097112fd-29e2-4886-ad7d-8661f846a9d3 --ahs-- 468 bytes [19:09 01/06/2011] [19:09 01/06/2011]
1ecb783a-a107-45b0-9fa2-9c26fbe2e5e9 --ahs-- 468 bytes [17:47 28/02/2012] [17:47 28/02/2012]
585f9494-a1b8-4e1a-b064-0e9fbc22dc82 --ahs-- 468 bytes [20:58 01/06/2011] [20:58 01/06/2011]
b6640283-6c84-4bdb-82ae-7b400059a618 --ahs-- 468 bytes [10:34 31/08/2011] [10:34 31/08/2011]
e0df6b6c-8d42-4f3a-959d-da7444b538eb --ahs-- 468 bytes [13:33 29/11/2011] [13:33 29/11/2011]
e58a5b0a-de70-47d4-9718-e5a678389c8b --ahs-- 468 bytes [04:03 29/05/2012] [04:03 29/05/2012]
Preferred --ahs-- 24 bytes [20:58 01/06/2011] [04:03 29/05/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Speech d------ [21:10 17/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Speech\Files d------ [21:10 17/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Speech\Files\UserLexicons d------ [21:10 17/06/2011]
SP_A8A22C27E79F4E989732C8DC2F22B82B.dat --a---- 940 bytes [21:10 17/06/2011] [21:10 17/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Sticky Notes d------ [13:12 05/06/2011]
StickyNotes.snt --a---- 4608 bytes [13:12 05/06/2011] [20:44 05/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\SystemCertificates d---s-- [21:04 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\SystemCertificates\My d---s-- [21:04 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates d---s-- [21:04 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs d---s-- [21:04 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs d---s-- [21:04 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\UProof d------ [23:37 04/06/2011]
CUSTOM.DIC --a---- 2 bytes [23:37 04/06/2011] [23:37 04/06/2011]
ExcludeDictionaryCZ0405.lex --a---- 2 bytes [11:50 08/06/2011] [11:50 08/06/2011]
ExcludeDictionaryEN0409.lex --a---- 2 bytes [17:42 25/06/2011] [17:42 25/06/2011]
ExcludeDictionaryEN0809.lex --a---- 2 bytes [18:03 17/10/2011] [18:03 17/10/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\VisualStudio d------ [00:46 02/06/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\VisualStudio\10.0 d------ [00:46 02/06/2012]
Debug.winprf_backup --a---- 21867 bytes [01:09 02/06/2012] [01:09 02/06/2012]
Debug_0zqhbgvr.ae1.winprf --a---- 29995 bytes [01:09 02/06/2012] [12:45 21/07/2012]
Design.winprf_backup --a---- 18096 bytes [01:09 02/06/2012] [01:09 02/06/2012]
Design_52ztgyjq.tb2.winprf --a---- 41309 bytes [01:09 02/06/2012] [22:28 22/07/2012]
NoToolWin.winprf_backup --a---- 18351 bytes [01:09 02/06/2012] [01:09 02/06/2012]
NoToolWin_c4fz44kg.apy.winprf --a---- 19937 bytes [01:09 02/06/2012] [12:22 13/07/2012]
ObjBrowEx.dat --a---- 2560 bytes [01:11 02/06/2012] [22:28 22/07/2012]
User.vsk --a---- 2513 bytes [00:53 11/07/2012] [00:57 11/07/2012]
VsFontLk.dat --a---- 1248 bytes [01:11 02/06/2012] [01:11 02/06/2012]
Windows.index --a---- 105 bytes [01:09 02/06/2012] [01:09 02/06/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\VisualStudio\10.0\1033 d------ [01:09 02/06/2012]
CmdUI.PRF --a---- 18388 bytes [01:09 02/06/2012] [22:28 22/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\VisualStudio\10.0\Aliases d------ [01:10 02/06/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\VisualStudio\10.0\Aliases\1033 d------ [01:10 02/06/2012]
aliases.ini --a---- 5834 bytes [01:10 02/06/2012] [01:10 02/06/2012]
defaultaliases.ini --a---- 5834 bytes [01:10 02/06/2012] [01:10 02/06/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\VisualStudio\10.0\AutoRecoverDat d------ [01:11 02/06/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\VisualStudio\10.0\ServerExplorer d------ [00:00 11/07/2012]
DefaultView.SEView --a---- 4679 bytes [01:07 11/07/2012] [22:28 22/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\VisualStudio\10.0\Team Explorer d------ [01:09 02/06/2012]
TeamExplorer.config --a---- 114 bytes [01:11 02/06/2012] [01:07 11/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\VSA d------ [00:47 02/06/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\VSA\9.0 d------ [00:47 02/06/2012]
ActivityLog.xsl --a---- 4278 bytes [00:47 02/06/2012] [00:47 02/06/2012]
ObjBrowEx.dat --a---- 2560 bytes [01:07 11/07/2012] [01:07 11/07/2012]
VsFontLk.dat --a---- 1248 bytes [01:07 11/07/2012] [01:07 11/07/2012]
windows.prf --a---- 19072 bytes [00:51 11/07/2012] [01:07 11/07/2012]
windowsidx.prf --a---- 336 bytes [01:07 11/07/2012] [01:07 11/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows d------ [20:58 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\Cookies d--hs-- [20:58 01/06/2011]
index.dat --ahs-- 32768 bytes [21:06 01/06/2011] [21:39 02/08/2012]
ZNVCLN19.txt --a---- 194 bytes [14:00 01/08/2012] [14:00 01/08/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\Cookies\Low d--hs-- [21:08 01/06/2011]
index.dat --ahs-- 32768 bytes [00:12 02/06/2011] [12:31 02/08/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\IECompatCache d------ [21:08 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\IECompatCache\Low d--h--- [21:08 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\IETldCache d--hs-- [21:06 01/06/2011]
index.dat --ahs-- 16384 bytes [18:37 01/08/2012] [21:39 02/08/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\IETldCache\Low d--h--- [21:08 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\Libraries dr----- [21:08 01/06/2011]
desktop.ini ---hs-- 274 bytes [21:08 01/06/2011] [11:10 16/07/2012]
Documents.library-ms --a---- 3636 bytes [21:08 01/06/2011] [11:10 16/07/2012]
Music.library-ms --a---- 6940 bytes [21:08 01/06/2011] [11:10 16/07/2012]
Pictures.library-ms --a---- 7013 bytes [21:08 01/06/2011] [11:10 16/07/2012]
Videos.library-ms --a---- 6966 bytes [21:08 01/06/2011] [11:10 16/07/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\Network Shortcuts d------ [20:58 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\Printer Shortcuts d------ [20:58 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\PrivacIE d--hs-- [21:08 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\PrivacIE\Low d--h--- [21:08 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations d------ [21:08 01/06/2011]
1b4dd67f29cb1962.automaticDestinations-ms --a---- 22528 bytes [07:51 02/08/2012] [21:17 02/08/2012]
5017c43cab207e01.automaticDestinations-ms --a---- 16896 bytes [12:53 02/08/2012] [12:53 02/08/2012]
7e4dca80246863e3.automaticDestinations-ms --a---- 9216 bytes [12:31 02/08/2012] [16:26 02/08/2012]
9b9cdc69c1c24e2b.automaticDestinations-ms --a---- 26112 bytes [12:23 02/08/2012] [21:17 02/08/2012]
cc626b80e6c96f89.automaticDestinations-ms --a---- 5120 bytes [11:46 02/08/2012] [11:54 02/08/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations d------ [21:08 01/06/2011]
122c907c4dc5911f.customDestinations-ms --a---- 5649 bytes [18:35 28/09/2011] [07:40 02/08/2012]
1461132e553e2e6c.customDestinations-ms --a---- 5649 bytes [19:38 18/08/2011] [07:40 02/08/2012]
16ec093b8f51508f.customDestinations-ms --a---- 3228 bytes [21:42 17/12/2011] [07:40 02/08/2012]
1eb796d87c32eff9.customDestinations-ms --a---- 5649 bytes [17:17 24/06/2011] [07:40 02/08/2012]
337ed59af273c758.customDestinations-ms --a---- 1597 bytes [13:12 05/06/2011] [07:40 02/08/2012]
33a00252c0fa56de.customDestinations-ms --a---- 5649 bytes [21:18 11/11/2011] [07:40 02/08/2012]
46aab4f7cff7b88d.customDestinations-ms --a---- 18502 bytes [22:52 26/02/2012] [21:39 02/08/2012]
5afe4de1b92fc382.customDestinations-ms --a---- 18826 bytes [21:08 01/06/2011] [07:40 02/08/2012]
5df4765359170e26.customDestinations-ms --a---- 5649 bytes [00:28 02/06/2011] [07:40 02/08/2012]
634bd393510dd415.customDestinations-ms --a---- 5649 bytes [15:05 07/09/2011] [07:40 02/08/2012]
6b8904e2b6864f0f.customDestinations-ms --a---- 5649 bytes [02:43 01/01/2012] [07:40 02/08/2012]
6c810151099d596c.customDestinations-ms --a---- 5649 bytes [22:53 30/09/2011] [07:40 02/08/2012]
74d7f43c1561fc1e.customDestinations-ms --a---- 1807 bytes [21:36 01/06/2011] [07:40 02/08/2012]
76476e1c16910721.customDestinations-ms --a---- 3772 bytes [21:10 01/10/2011] [07:40 02/08/2012]
9f29afe9a425456d.customDestinations-ms --a---- 5649 bytes [21:29 31/08/2011] [07:40 02/08/2012]
bb085f84f5c02e7e.customDestinations-ms --a---- 5679 bytes [21:42 01/06/2011] [07:40 02/08/2012]
bfa3f2b6f5ce0a0e.customDestinations-ms --a---- 6422 bytes [19:42 24/11/2011] [07:40 02/08/2012]
f56b8f72087f56e1.customDestinations-ms --a---- 8611 bytes [16:47 17/11/2011] [16:35 02/08/2012]
fb0b32a5b55a5f7d.customDestinations-ms --a---- 8650 bytes [16:08 01/08/2012] [07:40 02/08/2012]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\SendTo dr----- [20:58 01/06/2011]
bluetooth.btwsendto --a---- 0 bytes [21:03 01/06/2011] [21:04 01/06/2011]
Compressed (zipped) Folder.ZFSendToTarget --a---- 3 bytes [20:58 01/06/2011] [20:45 10/06/2009]
Desktop (create shortcut).DeskLink --a---- 7 bytes [20:58 01/06/2011] [20:44 10/06/2009]
Desktop.ini ---hs-- 634 bytes [20:58 01/06/2011] [21:04 01/06/2011]
Dokumenty.mydocs --a---- 0 bytes [21:08 01/06/2011] [21:08 01/06/2011]
Fax Recipient.lnk --a---- 1238 bytes [20:58 01/06/2011] [04:54 14/07/2009]
Mail Recipient.MAPIMail --a---- 4 bytes [20:58 01/06/2011] [20:44 10/06/2009]
Skype.lnk --a---- 1951 bytes [21:06 01/06/2011] [21:52 13/12/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\Templates d------ [20:58 01/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Windows\Themes d------ [21:08 01/06/2011]
slideshow.ini --a---- 0 bytes [00:40 02/06/2011] [22:50 05/06/2011]
TranscodedWallpaper.jpg ------- 532341 bytes [21:08 01/06/2011] [11:53 05/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Word d------ [23:37 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Word\Po spuštění d------ [21:10 05/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony d------ [23:37 04/06/2011]
Normal.dotm --a---- 17985 bytes [23:38 04/06/2011] [21:11 05/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\Document Themes d------ [15:24 18/10/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\Document Themes\Theme Colors d------ [15:24 18/10/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\Document Themes\Theme Effects d------ [15:24 18/10/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\Document Themes\Theme Fonts d------ [15:24 18/10/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\LiveContent d------ [23:37 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\LiveContent\User d------ [23:37 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\LiveContent\User\Document Themes d------ [23:37 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\LiveContent\User\Document Themes\1029 d------ [23:37 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\LiveContent\User\SmartArt Graphics d------ [23:37 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\LiveContent\User\SmartArt Graphics\1029 d------ [23:37 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\LiveContent\User\Word Document Building Blocks d------ [23:37 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft\Šablony\LiveContent\User\Word Document Building Blocks\1029 d------ [23:37 04/06/2011]

C:\Users\Josik\AppData\Roaming\Microsoft FxCop d------ [15:40 02/06/2012]

C:\Users\Josik\AppData\Roaming\Microsoft FxCop\1.32 d------ [15:40 02/06/2012]

C:\Users\Josik\AppData\Roaming\Mozilla d------ [00:25 02/06/2011]

C:\Users\Josik\AppData\Roaming\Mozilla\Extensions d------ [00:25 02/06/2011]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox d------ [00:25 02/06/2011]
profiles.ini --a---- 111 bytes [00:25 02/06/2011] [00:25 02/06/2011]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Crash Reports d------ [00:25 02/06/2011]
InstallTime20110413222027 --a---- 10 bytes [00:25 02/06/2011] [00:25 02/06/2011]
InstallTime20110615151330 --a---- 10 bytes [17:16 24/06/2011] [17:16 24/06/2011]
InstallTime20110811165603 --a---- 10 bytes [19:36 18/08/2011] [19:36 18/08/2011]
InstallTime20110830092941 --a---- 10 bytes [21:27 31/08/2011] [21:27 31/08/2011]
InstallTime20110902133214 --a---- 10 bytes [15:03 07/09/2011] [15:03 07/09/2011]
InstallTime20110922153450 --a---- 10 bytes [18:32 28/09/2011] [18:32 28/09/2011]
InstallTime20110928134238 --a---- 10 bytes [22:44 30/09/2011] [22:44 30/09/2011]
InstallTime20111104165243 --a---- 10 bytes [21:18 11/11/2011] [21:18 11/11/2011]
InstallTime20111220165912 --a---- 10 bytes [02:42 01/01/2012] [02:42 01/01/2012]
InstallTime20120215223356 --a---- 10 bytes [22:52 26/02/2012] [22:52 26/02/2012]
InstallTime20120312181643 --a---- 10 bytes [23:43 21/03/2012] [23:43 21/03/2012]
InstallTime20120420145725 --a---- 10 bytes [08:07 07/05/2012] [08:07 07/05/2012]
InstallTime20120601045813 --a---- 10 bytes [21:14 10/06/2012] [21:14 10/06/2012]
InstallTime20120614114901 --a---- 10 bytes [11:19 20/06/2012] [11:19 20/06/2012]
InstallTime20120713134347 --a---- 10 bytes [12:09 20/07/2012] [12:09 20/07/2012]
LastCrash --a---- 10 bytes [22:39 28/09/2011] [12:15 02/08/2012]
submit.log --a---- 513 bytes [22:39 28/09/2011] [12:15 02/08/2012]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending d------ [20:11 20/06/2011]
15120fd7-1165-4ac6-9186-a6d363b9a8ed.dmp --a---- 50717 bytes [20:11 20/06/2011] [20:11 20/06/2011]
15120fd7-1165-4ac6-9186-a6d363b9a8ed.extra --a---- 1388 bytes [20:11 20/06/2011] [20:11 20/06/2011]
1f5c2e5b-79ac-4e53-a3cd-308fff48e068.dmp --a---- 78372 bytes [22:34 28/07/2011] [22:34 28/07/2011]
1f5c2e5b-79ac-4e53-a3cd-308fff48e068.extra --a---- 1400 bytes [22:34 28/07/2011] [22:34 28/07/2011]
1fa54bf7-c7b0-4390-8900-ce74f65acd21.dmp --a---- 74917 bytes [23:49 20/08/2011] [23:49 20/08/2011]
1fa54bf7-c7b0-4390-8900-ce74f65acd21.extra --a---- 1261 bytes [23:49 20/08/2011] [23:49 20/08/2011]
3b2ec5d6-754d-476e-a968-0e31091209f5.dmp --a---- 108633 bytes [11:30 31/08/2011] [11:30 31/08/2011]
3b2ec5d6-754d-476e-a968-0e31091209f5.extra --a---- 1393 bytes [11:30 31/08/2011] [11:30 31/08/2011]
3fe0e152-dab8-477f-b37f-6c37cdc3fb35.dmp --a---- 51424 bytes [11:50 29/07/2012] [11:50 29/07/2012]
3fe0e152-dab8-477f-b37f-6c37cdc3fb35.extra --a---- 1775 bytes [11:50 29/07/2012] [11:50 29/07/2012]
519c0b41-7494-4945-a544-788833e22988.dmp --a---- 123296 bytes [23:58 06/08/2011] [23:58 06/08/2011]
519c0b41-7494-4945-a544-788833e22988.extra --a---- 1307 bytes [23:58 06/08/2011] [23:58 06/08/2011]
53bc8c33-ab97-453b-8bbc-69e6004d6bc8.dmp --a---- 71854 bytes [23:35 27/07/2011] [23:35 27/07/2011]
53bc8c33-ab97-453b-8bbc-69e6004d6bc8.extra --a---- 1400 bytes [23:35 27/07/2011] [23:35 27/07/2011]
70c54e23-ea69-4d2c-81d3-e14f322ef697.dmp --a---- 50533 bytes [15:37 31/07/2012] [15:37 31/07/2012]
70c54e23-ea69-4d2c-81d3-e14f322ef697.extra --a---- 1775 bytes [15:37 31/07/2012] [15:37 31/07/2012]
84be703e-1f8a-497d-9318-3fe1a24544b8.dmp --a---- 66235 bytes [11:38 02/08/2012] [11:38 02/08/2012]
84be703e-1f8a-497d-9318-3fe1a24544b8.extra --a---- 1636 bytes [11:38 02/08/2012] [11:38 02/08/2012]
8abdd814-9b10-49d5-bc26-d58425fdce7e.dmp --a---- 80722 bytes [00:20 28/07/2011] [00:20 28/07/2011]
8abdd814-9b10-49d5-bc26-d58425fdce7e.extra --a---- 1400 bytes [00:20 28/07/2011] [00:20 28/07/2011]
9224e2c9-a21a-4099-840f-bd21c81c1ce1.dmp --a---- 91689 bytes [17:26 04/11/2011] [17:26 04/11/2011]
9224e2c9-a21a-4099-840f-bd21c81c1ce1.extra --a---- 1569 bytes [17:26 04/11/2011] [17:26 04/11/2011]
944e2435-b770-4151-8c94-19a6b69f2d51.dmp --a---- 67397 bytes [21:39 21/07/2011] [21:39 21/07/2011]
944e2435-b770-4151-8c94-19a6b69f2d51.extra --a---- 1400 bytes [21:39 21/07/2011] [21:39 21/07/2011]
98bc3b6e-c3c5-4368-a903-2f51eb782d02.dmp --a---- 67931 bytes [22:00 01/08/2012] [22:00 01/08/2012]
98bc3b6e-c3c5-4368-a903-2f51eb782d02.extra --a---- 1636 bytes [22:00 01/08/2012] [22:00 01/08/2012]
a93a355a-e5d5-4bc0-bf48-84d6b19ba31c.dmp --a---- 135808 bytes [21:35 07/10/2011] [21:35 07/10/2011]
a93a355a-e5d5-4bc0-bf48-84d6b19ba31c.extra --a---- 1480 bytes [21:35 07/10/2011] [21:35 07/10/2011]
a98826ec-1036-4e77-a185-ebcf5d98b978.dmp --a---- 54810 bytes [21:39 01/08/2012] [21:39 01/08/2012]
a98826ec-1036-4e77-a185-ebcf5d98b978.extra --a---- 1636 bytes [21:39 01/08/2012] [21:39 01/08/2012]
ac1ac6d7-8a23-4d12-a83d-02ceb01e105c.dmp --a---- 77557 bytes [00:24 28/07/2011] [00:24 28/07/2011]
ac1ac6d7-8a23-4d12-a83d-02ceb01e105c.extra --a---- 1400 bytes [00:24 28/07/2011] [00:24 28/07/2011]
b4c7a3da-a646-42c2-ba8c-62b320aac48f.dmp --a---- 77700 bytes [20:41 20/06/2011] [20:41 20/06/2011]
b4c7a3da-a646-42c2-ba8c-62b320aac48f.extra --a---- 1388 bytes [20:41 20/06/2011] [20:41 20/06/2011]
c9e0d691-c056-433c-96a0-0b213746cb0c.dmp --a---- 298398 bytes [21:31 01/08/2012] [21:31 01/08/2012]
c9e0d691-c056-433c-96a0-0b213746cb0c.extra --a---- 1636 bytes [21:31 01/08/2012] [21:31 01/08/2012]
d185f0fe-e2d2-4076-a821-f78e6e405b38.dmp --a---- 67112 bytes [20:16 08/07/2011] [20:16 08/07/2011]
d185f0fe-e2d2-4076-a821-f78e6e405b38.extra --a---- 1354 bytes [20:16 08/07/2011] [20:16 08/07/2011]
d3f68c53-a5dd-4b9e-9fe3-10117d66974a.dmp --a---- 76504 bytes [11:33 31/08/2011] [11:33 31/08/2011]
d3f68c53-a5dd-4b9e-9fe3-10117d66974a.extra --a---- 1393 bytes [11:33 31/08/2011] [11:33 31/08/2011]
dec5b433-7bac-47bd-a6be-d969dcbd90fa.dmp --a---- 164182 bytes [17:26 04/11/2011] [17:26 04/11/2011]
dec5b433-7bac-47bd-a6be-d969dcbd90fa.extra --a---- 1649 bytes [17:26 04/11/2011] [17:26 04/11/2011]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Crash Reports\submitted d------ [22:39 28/09/2011]
bp-2a365a57-7f85-468f-b926-6b2c32120213.txt --a---- 51 bytes [01:46 13/02/2012] [01:46 13/02/2012]
bp-3c26fff5-34e5-4d7a-bcfe-777202111129.txt --a---- 51 bytes [17:26 29/11/2011] [17:26 29/11/2011]
bp-4d2bcb33-f70d-45b6-9eeb-7e1ee2120801.txt --a---- 51 bytes [18:37 01/08/2012] [18:37 01/08/2012]
bp-6156a9ae-0b40-43b9-83fc-7181c2120801.txt --a---- 51 bytes [18:37 01/08/2012] [18:37 01/08/2012]
bp-9065e93d-e22d-4cf0-8ed3-52d272110928.txt --a---- 51 bytes [22:39 28/09/2011] [22:39 28/09/2011]
bp-c03925d7-535d-46d5-be37-5f8382111001.txt --a---- 51 bytes [12:58 01/10/2011] [12:58 01/10/2011]
bp-e9276f43-bc28-4321-8ea0-3cab82111001.txt --a---- 51 bytes [21:19 01/10/2011] [21:19 01/10/2011]
bp-ed1e7028-8a9b-4a0a-bb08-f32a52120125.txt --a---- 51 bytes [23:10 25/01/2012] [23:10 25/01/2012]
bp-f89a965a-540a-4404-9960-922e32120802.txt --a---- 51 bytes [12:15 02/08/2012] [12:15 02/08/2012]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles d------ [00:25 02/06/2011]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default d------ [00:25 02/06/2011]
addons.sqlite --a---- 425984 bytes [00:27 02/06/2011] [20:43 02/08/2012]
addons.sqlite-journal --a---- 197168 bytes [20:43 02/08/2012] [20:43 02/08/2012]
blocklist.xml --a---- 26174 bytes [01:05 03/06/2011] [15:10 31/07/2012]
cert8.db --a---- 229376 bytes [00:25 02/06/2011] [18:30 02/08/2012]
cert_override.txt --a---- 2378 bytes [11:23 02/08/2012] [11:23 02/08/2012]
chromeappsstore.sqlite --a---- 98304 bytes [00:25 02/06/2011] [12:10 20/07/2012]
compatibility.ini --a---- 178 bytes [00:25 02/06/2011] [21:15 01/08/2012]
content-prefs.sqlite --a---- 229376 bytes [00:25 02/06/2011] [13:15 02/08/2012]
cookies.sqlite --a---- 1572864 bytes [00:25 02/06/2011] [21:38 02/08/2012]
cookies.sqlite-shm --a---- 32768 bytes [18:53 02/08/2012] [18:53 02/08/2012]
cookies.sqlite-wal --a---- 98408 bytes [18:53 02/08/2012] [18:53 02/08/2012]
downloads.sqlite --a---- 65536 bytes [20:19 01/08/2012] [21:39 02/08/2012]
extensions.ini --a---- 122 bytes [21:14 01/08/2012] [21:14 01/08/2012]
extensions.sqlite --a---- 425984 bytes [00:25 02/06/2011] [21:14 01/08/2012]
ffpath.txt --a---- 39 bytes [21:15 03/07/2012] [21:15 03/07/2012]
formhistory.sqlite --a---- 229376 bytes [00:25 02/06/2011] [20:11 02/08/2012]
key3.db --a---- 16384 bytes [00:25 02/06/2011] [18:30 02/08/2012]
localstore.rdf --a---- 23433 bytes [19:56 02/08/2012] [19:56 02/08/2012]
mimeTypes.rdf --a---- 21481 bytes [13:47 01/08/2012] [13:47 01/08/2012]
parent.lock --a---- 0 bytes [21:14 10/06/2012] [18:53 02/08/2012]
permissions.sqlite --a---- 1769472 bytes [00:25 02/06/2011] [16:41 02/08/2012]
places.sqlite --a---- 10485760 bytes [13:50 02/08/2012] [21:39 02/08/2012]
places.sqlite-shm --a---- 32768 bytes [18:53 02/08/2012] [18:53 02/08/2012]
places.sqlite-wal --a---- 131200 bytes [18:53 02/08/2012] [21:39 02/08/2012]
pluginreg.dat --a---- 4187 bytes [22:02 01/08/2012] [22:02 01/08/2012]
prefs.js --a---- 14654 bytes [20:43 02/08/2012] [20:43 02/08/2012]
prefs.js.BAK --a---- 14704 bytes [12:41 02/08/2012] [16:10 02/08/2012]
search-metadata.json --a---- 34 bytes [12:09 20/07/2012] [12:09 20/07/2012]
search.json --a---- 9064 bytes [00:25 02/06/2011] [12:09 20/07/2012]
search.sqlite --a---- 65536 bytes [00:25 02/06/2011] [11:19 20/06/2012]
secmod.db --a---- 16384 bytes [00:25 02/06/2011] [00:25 02/06/2011]
sessionHistograms.dat.4little --a---- 191488 bytes [18:57 31/07/2012] [18:30 02/08/2012]
sessionstore.bak --a---- 166386 bytes [07:50 02/08/2012] [18:30 02/08/2012]
sessionstore.js --a---- 829256 bytes [21:39 02/08/2012] [21:39 02/08/2012]
signons.sqlite --a---- 327680 bytes [00:25 02/06/2011] [16:40 02/08/2012]
urlclassifierkey3.txt --a---- 154 bytes [00:25 02/06/2011] [18:53 02/08/2012]
webappsstore.sqlite --a---- 720896 bytes [00:25 02/06/2011] [21:38 02/08/2012]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default\bookmarkbackups d------ [00:25 02/06/2011]
bookmarks-2012-07-22.json --a---- 18119 bytes [22:28 21/07/2012] [22:28 21/07/2012]
bookmarks-2012-07-23.json --a---- 18119 bytes [22:05 22/07/2012] [22:05 22/07/2012]
bookmarks-2012-07-24.json --a---- 18119 bytes [10:18 24/07/2012] [10:18 24/07/2012]
bookmarks-2012-07-25.json --a---- 18119 bytes [14:25 25/07/2012] [14:25 25/07/2012]
bookmarks-2012-07-27.json --a---- 18119 bytes [07:53 27/07/2012] [07:53 27/07/2012]
bookmarks-2012-07-28.json --a---- 18119 bytes [20:06 28/07/2012] [20:06 28/07/2012]
bookmarks-2012-07-29.json --a---- 18119 bytes [22:09 28/07/2012] [22:09 28/07/2012]
bookmarks-2012-07-30.json --a---- 18119 bytes [08:35 30/07/2012] [08:35 30/07/2012]
bookmarks-2012-07-31.json --a---- 18119 bytes [22:29 30/07/2012] [22:29 30/07/2012]
bookmarks-2012-08-01.json --a---- 18119 bytes [22:06 31/07/2012] [22:06 31/07/2012]
bookmarks-2012-08-02.json --a---- 17918 bytes [22:01 01/08/2012] [22:01 01/08/2012]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default\extensions d------ [21:21 06/09/2011]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default\minidumps d------ [00:25 02/06/2011]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default\sessions d------ [22:56 17/10/2011]
backup-10.session --a---- 158911 bytes [18:48 01/08/2012] [18:48 01/08/2012]
backup-11.session --a---- 545987 bytes [20:13 01/08/2012] [20:13 01/08/2012]
backup-12.session --a---- 787020 bytes [20:19 01/08/2012] [20:19 01/08/2012]
backup-2.session --a---- 2359 bytes [20:21 01/08/2012] [20:21 01/08/2012]
backup-3.session --a---- 346898 bytes [21:12 01/08/2012] [21:12 01/08/2012]
backup-5.session --a---- 1145 bytes [15:52 01/08/2012] [16:54 01/08/2012]
backup-6.session --a---- 782 bytes [18:14 01/08/2012] [18:14 01/08/2012]
backup-7.session --a---- 854 bytes [18:14 01/08/2012] [18:14 01/08/2012]
backup-8.session --a---- 958 bytes [18:15 01/08/2012] [18:15 01/08/2012]
backup-9.session --a---- 292144 bytes [20:31 01/08/2012] [20:31 01/08/2012]
backup.session --a---- 287824 bytes [21:12 01/08/2012] [21:12 01/08/2012]
black.session --a---- 21369 bytes [13:08 25/02/2012] [13:08 25/02/2012]
hybrid engines.session --a---- 174074 bytes [22:57 17/10/2011] [22:57 17/10/2011]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default\sessions\Odstraněné relace d------ [20:41 19/10/2011]
backup-10-10.session --a---- 2218 bytes [16:16 01/08/2012] [18:15 01/08/2012]
backup-10-2.session --a---- 803 bytes [19:45 24/07/2012] [22:16 28/07/2012]
backup-10-3.session --a---- 713198 bytes [22:18 28/07/2012] [14:47 29/07/2012]
backup-10-4.session --a---- 176255 bytes [14:55 29/07/2012] [18:25 29/07/2012]
backup-10-5.session --a---- 3951 bytes [18:30 29/07/2012] [11:43 30/07/2012]
backup-10-6.session --a---- 2359 bytes [12:07 30/07/2012] [21:23 30/07/2012]
backup-10-7.session --a---- 20623 bytes [22:29 30/07/2012] [22:06 31/07/2012]
backup-10-8.session --a---- 9909 bytes [09:30 01/08/2012] [14:28 01/08/2012]
backup-10-9.session --a---- 930 bytes [14:32 01/08/2012] [15:31 01/08/2012]
backup-10.session --a---- 20436 bytes [22:25 31/07/2012] [09:23 01/08/2012]
backup-11-10.session --a---- 314315 bytes [16:18 01/08/2012] [18:48 01/08/2012]
backup-11-2.session --a---- 165365 bytes [20:16 28/07/2012] [11:24 29/07/2012]
backup-11-3.session --a---- 2627 bytes [12:16 29/07/2012] [17:38 29/07/2012]
backup-11-4.session --a---- 3360 bytes [17:59 29/07/2012] [09:24 30/07/2012]
backup-11-5.session --a---- 2205 bytes [09:28 30/07/2012] [18:16 30/07/2012]
backup-11-6.session --a---- 5557 bytes [20:54 30/07/2012] [18:57 31/07/2012]
backup-11-7.session --a---- 26383 bytes [18:58 31/07/2012] [00:10 01/08/2012]
backup-11-8.session --a---- 11352 bytes [09:46 01/08/2012] [14:32 01/08/2012]
backup-11-9.session --a---- 7135 bytes [14:47 01/08/2012] [16:13 01/08/2012]
backup-11.session --a---- 267696 bytes [02:30 23/07/2012] [20:11 28/07/2012]
backup-12-2.session --a---- 287360 bytes [12:48 29/07/2012] [17:59 29/07/2012]
backup-12-3.session --a---- 765 bytes [18:00 29/07/2012] [09:28 30/07/2012]
backup-12-4.session --a---- 19894 bytes [16:30 31/07/2012] [22:25 31/07/2012]
backup-12-5.session --a---- 1910 bytes [09:30 30/07/2012] [19:12 30/07/2012]
backup-12-6.session --a---- 44791 bytes [22:31 31/07/2012] [09:46 01/08/2012]
backup-12-7.session --a---- 1979 bytes [10:50 01/08/2012] [14:46 01/08/2012]
backup-12-8.session --a---- 7258 bytes [15:25 01/08/2012] [16:18 01/08/2012]
backup-12-9.session --a---- 313639 bytes [16:20 01/08/2012] [20:13 01/08/2012]
backup-12.session --a---- 6378 bytes [20:54 28/07/2012] [12:16 29/07/2012]
backup-13-2.session --a---- 1259 bytes [12:12 30/07/2012] [22:29 30/07/2012]
backup-13-3.session --a---- 2364 bytes [00:10 01/08/2012] [10:49 01/08/2012]
backup-13-4.session --a---- 1979 bytes [14:26 01/08/2012] [14:47 01/08/2012]
backup-13-5.session --a---- 5992 bytes [15:31 01/08/2012] [16:18 01/08/2012]
backup-13.session --a---- 1352 bytes [16:04 23/07/2012] [20:16 28/07/2012]
backup-2-10.session --a---- 8882 bytes [14:28 01/08/2012] [16:20 01/08/2012]
backup-2-11.session --a---- 177758 bytes [16:43 01/08/2012] [20:19 01/08/2012]
backup-2-2.session --a---- 3846 bytes [09:32 30/07/2012] [20:54 30/07/2012]
backup-2-3.session --a---- 8293 bytes [22:09 28/07/2012] [12:48 29/07/2012]
backup-2-4.session --a---- 803 bytes [13:51 29/07/2012] [18:00 29/07/2012]
backup-2-5.session --a---- 2571 bytes [18:13 29/07/2012] [09:30 30/07/2012]
backup-2-6.session --a---- 21000 bytes [20:56 30/07/2012] [18:58 31/07/2012]
backup-2-7.session --a---- 2111 bytes [19:02 31/07/2012] [00:10 01/08/2012]
backup-2-8.session --a---- 9652 bytes [09:17 01/08/2012] [14:26 01/08/2012]
backup-2-9.session --a---- 925 bytes [14:28 01/08/2012] [15:31 01/08/2012]
backup-2.session --a---- 4444 bytes [10:18 24/07/2012] [20:54 28/07/2012]
backup-3-10.session --a---- 5703 bytes [15:39 01/08/2012] [16:47 01/08/2012]
backup-3-11.session --a---- 8326 bytes [16:51 01/08/2012] [20:31 01/08/2012]
backup-3-2.session --a---- 5154 bytes [22:49 28/07/2012] [16:02 29/07/2012]
backup-3-3.session --a---- 26580 bytes [16:04 29/07/2012] [21:57 29/07/2012]
backup-3-4.session --a---- 31885 bytes [16:32 31/07/2012] [22:31 31/07/2012]
backup-3-5.session --a---- 15838 bytes [08:35 30/07/2012] [12:12 30/07/2012]
backup-3-6.session --a---- 2509 bytes [14:55 30/07/2012] [16:30 31/07/2012]
backup-3-7.session --a---- 2199 bytes [22:33 31/07/2012] [09:46 01/08/2012]
backup-3-8.session --a---- 17188 bytes [09:47 01/08/2012] [14:32 01/08/2012]
backup-3-9.session --a---- 1858 bytes [09:47 01/08/2012] [15:37 01/08/2012]
backup-3.session --a---- 767 bytes [14:25 25/07/2012] [22:29 28/07/2012]
backup-4-10.session --a---- 7198 bytes [15:40 01/08/2012] [16:51 01/08/2012]
backup-4-11.session --a---- 119826 bytes [16:53 01/08/2012] [21:12 01/08/2012]
backup-4-2.session --a---- 121404 bytes [22:29 28/07/2012] [14:55 29/07/2012]
backup-4-3.session --a---- 9540 bytes [16:02 29/07/2012] [18:30 29/07/2012]
backup-4-4.session --a---- 4711 bytes [16:34 31/07/2012] [22:33 31/07/2012]
backup-4-5.session --a---- 19761 bytes [21:57 29/07/2012] [12:12 30/07/2012]
backup-4-6.session --a---- 1932 bytes [16:26 30/07/2012] [16:32 31/07/2012]
backup-4-7.session --a---- 3002 bytes [22:37 31/07/2012] [09:47 01/08/2012]
backup-4-8.session --a---- 2216 bytes [09:49 01/08/2012] [14:33 01/08/2012]
backup-4-9.session --a---- 2218 bytes [14:40 01/08/2012] [15:39 01/08/2012]
backup-4.session --a---- 377302 bytes [21:59 24/07/2012] [22:18 28/07/2012]
backup-5-10.session --a---- 13649 bytes [15:52 01/08/2012] [16:53 01/08/2012]
backup-5-2.session --a---- 805 bytes [16:01 25/07/2012] [22:49 28/07/2012]
backup-5-3.session --a---- 190347 bytes [00:22 29/07/2012] [16:04 29/07/2012]
backup-5-4.session --a---- 2692 bytes [16:07 29/07/2012] [08:35 30/07/2012]
backup-5-5.session --a---- 117709 bytes [08:59 30/07/2012] [14:55 30/07/2012]
backup-5-6.session --a---- 12098 bytes [17:52 30/07/2012] [16:34 31/07/2012]
backup-5-7.session --a---- 3337 bytes [17:52 30/07/2012] [22:37 31/07/2012]
backup-5-8.session --a---- 2604 bytes [17:52 30/07/2012] [09:49 01/08/2012]
backup-5-9.session --a---- 3356 bytes [14:43 01/08/2012] [15:40 01/08/2012]
backup-5.session --a---- 2216 bytes [09:54 01/08/2012] [14:40 01/08/2012]
backup-6-10.session --a---- 1472 bytes [09:59 01/08/2012] [15:52 01/08/2012]
backup-6-2.session --a---- 4289 bytes [16:26 29/07/2012] [08:59 30/07/2012]
backup-6-3.session --a---- 803 bytes [07:53 27/07/2012] [00:22 29/07/2012]
backup-6-4.session --a---- 19663 bytes [07:53 27/07/2012] [16:07 29/07/2012]
backup-6-5.session --a---- 39399 bytes [09:12 30/07/2012] [16:26 30/07/2012]
backup-6-6.session --a---- 2921 bytes [18:07 30/07/2012] [16:36 31/07/2012]
backup-6-7.session --a---- 3386 bytes [16:48 31/07/2012] [22:37 31/07/2012]
backup-6-8.session --a---- 2219 bytes [23:04 31/07/2012] [09:54 01/08/2012]
backup-6-9.session --a---- 13419 bytes [09:59 01/08/2012] [14:43 01/08/2012]
backup-6.session --a---- 1093 bytes [15:54 01/08/2012] [16:54 01/08/2012]
backup-7-10.session --a---- 1979 bytes [14:46 01/08/2012] [15:54 01/08/2012]
backup-7-11.session --a---- 5594 bytes [16:11 01/08/2012] [18:14 01/08/2012]
backup-7-2.session --a---- 12704 bytes [17:36 29/07/2012] [09:12 30/07/2012]
backup-7-3.session --a---- 7735 bytes [20:06 28/07/2012] [00:22 29/07/2012]
backup-7-4.session --a---- 765 bytes [10:45 29/07/2012] [16:26 29/07/2012]
backup-7-5.session --a---- 181503 bytes [09:23 30/07/2012] [17:52 30/07/2012]
backup-7-6.session --a---- 4948 bytes [18:16 30/07/2012] [16:48 31/07/2012]
backup-7-7.session --a---- 9695 bytes [16:49 31/07/2012] [23:04 31/07/2012]
backup-7-8.session --a---- 22330 bytes [23:41 31/07/2012] [09:59 01/08/2012]
backup-7-9.session --a---- 2133 bytes [10:13 01/08/2012] [14:43 01/08/2012]
backup-7.session --a---- 740 bytes [22:50 22/07/2012] [07:53 27/07/2012]
backup-8-10.session --a---- 2319 bytes [10:49 01/08/2012] [16:11 01/08/2012]
backup-8-11.session --a---- 19979 bytes [16:13 01/08/2012] [18:14 01/08/2012]
backup-8-2.session --a---- 7851 bytes [20:11 28/07/2012] [10:45 29/07/2012]
backup-8-3.session --a---- 261328 bytes [11:24 29/07/2012] [17:36 29/07/2012]
backup-8-4.session --a---- 9015 bytes [17:38 29/07/2012] [09:23 30/07/2012]
backup-8-5.session --a---- 7550 bytes [09:24 30/07/2012] [18:07 30/07/2012]
backup-8-6.session --a---- 3174 bytes [19:12 30/07/2012] [16:49 31/07/2012]
backup-8-7.session --a---- 3119 bytes [18:57 31/07/2012] [23:41 31/07/2012]
backup-8-8.session --a---- 1948 bytes [00:06 01/08/2012] [10:13 01/08/2012]
backup-8-9.session --a---- 14158 bytes [10:49 01/08/2012] [14:46 01/08/2012]
backup-8.session --a---- 740 bytes [22:56 22/07/2012] [20:06 28/07/2012]
backup-9-10.session --a---- 2217 bytes [15:37 01/08/2012] [16:43 01/08/2012]
backup-9-11.session --a---- 3215 bytes [16:47 01/08/2012] [20:21 01/08/2012]
backup-9-2.session --a---- 2207 bytes [11:43 30/07/2012] [20:56 30/07/2012]
backup-9-3.session --a---- 3248 bytes [22:16 28/07/2012] [13:51 29/07/2012]
backup-9-4.session --a---- 801 bytes [14:47 29/07/2012] [18:13 29/07/2012]
backup-9-5.session --a---- 3435 bytes [18:25 29/07/2012] [09:32 30/07/2012]
backup-9-6.session --a---- 2834 bytes [21:23 30/07/2012] [19:02 31/07/2012]
backup-9-7.session --a---- 3504 bytes [22:06 31/07/2012] [09:17 01/08/2012]
backup-9-8.session --a---- 2929 bytes [09:23 01/08/2012] [14:26 01/08/2012]
backup-9-9.session --a---- 2219 bytes [14:32 01/08/2012] [15:31 01/08/2012]
backup-9.session --a---- 2775 bytes [19:38 24/07/2012] [22:09 28/07/2012]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default\weave d------ [00:28 02/06/2011]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default\weave\toFetch d------ [00:28 02/06/2011]
bookmarks.json --a---- 2 bytes [16:58 12/06/2011] [16:58 12/06/2011]
clients.json --a---- 2 bytes [13:20 09/07/2011] [13:20 09/07/2011]
forms.json --a---- 2 bytes [16:58 12/06/2011] [16:58 12/06/2011]
history.json --a---- 2 bytes [16:58 12/06/2011] [16:58 12/06/2011]
passwords.json --a---- 2 bytes [16:58 12/06/2011] [16:58 12/06/2011]
prefs.json --a---- 2 bytes [16:58 12/06/2011] [16:58 12/06/2011]
tabs.json --a---- 2 bytes [13:20 09/07/2011] [13:20 09/07/2011]

C:\Users\Josik\AppData\Roaming\Mozilla\Firefox\Profiles\9b3j9n24.default\webapps d------ [21:14 10/06/2012]

C:\Users\Josik\AppData\Roaming\NVIDIA d------ [23:46 03/06/2011]

C:\Users\Josik\AppData\Roaming\NVIDIA\ComputeCache d------ [23:46 03/06/2011]
index --a---- 20 bytes [18:58 31/07/2012] [18:58 31/07/2012]

C:\Users\Josik\AppData\Roaming\NVIDIA\ComputeCache\6 d------ [18:58 31/07/2012]

C:\Users\Josik\AppData\Roaming\NVIDIA\ComputeCache\6\2 d------ [18:58 31/07/2012]
b3907a --a---- 185374 bytes [18:58 31/07/2012] [18:58 31/07/2012]

C:\Users\Josik\AppData\Roaming\NVIDIA\GLCache d------ [14:54 07/11/2011]

C:\Users\Josik\AppData\Roaming\NVIDIA\GLCache\ce1a0741ea5f3c2f820ae018fa5d47c3 d------ [14:54 07/11/2011]

C:\Users\Josik\AppData\Roaming\NVIDIA\GLCache\ce1a0741ea5f3c2f820ae018fa5d47c3\98648955266f72c7 d------ [14:54 07/11/2011]
36b3b76adc42d264.bin --a---- 6564 bytes [23:01 18/02/2012] [23:01 18/02/2012]
36b3b76adc42d264.toc --a---- 164 bytes [23:01 18/02/2012] [23:01 18/02/2012]

C:\Users\Josik\AppData\Roaming\Opera d------ [21:42 17/12/2011]

C:\Users\Josik\AppData\Roaming\Opera\Opera d------ [21:42 17/12/2011]
autoupdate_response.xml --a---- 1922 bytes [21:43 17/12/2011] [21:11 01/08/2012]
bookmarks.adr --a---- 4343 bytes [21:42 17/12/2011] [21:42 17/12/2011]
browser.js --a---- 109452 bytes [21:43 17/12/2011] [21:16 09/04/2012]
cookies4.dat --a---- 103 bytes [21:15 01/08/2012] [07:40 02/08/2012]
opcacrt6.dat --a---- 26616 bytes [21:42 17/12/2011] [21:15 01/08/2012]
opcert6.dat --a---- 12 bytes [21:44 17/12/2011] [21:15 01/08/2012]
operaprefs.ini --a---- 1681 bytes [21:15 01/08/2012] [21:15 01/08/2012]
opicacrt6.dat --a---- 9042 bytes [21:42 17/12/2011] [21:15 01/08/2012]
oprand.dat --a---- 4096 bytes [21:42 17/12/2011] [21:15 01/08/2012]
opssl6.dat --a---- 10878 bytes [21:42 17/12/2011] [21:15 01/08/2012]
opthumb.dat --a---- 1459 bytes [21:42 17/12/2011] [21:11 01/08/2012]
optrb.dat --a---- 96 bytes [21:42 17/12/2011] [21:42 17/12/2011]
optrust.dat --a---- 12 bytes [21:42 17/12/2011] [21:15 01/08/2012]
opuntrust.dat --a---- 12 bytes [21:42 17/12/2011] [21:15 01/08/2012]
override_downloaded.ini --a---- 6607 bytes [21:16 09/04/2012] [21:16 09/04/2012]
speeddial.ini --a---- 2610 bytes [21:11 01/08/2012] [21:11 01/08/2012]
tasks.xml --a---- 431 bytes [21:11 01/08/2012] [21:11 01/08/2012]
tips.ini --a---- 291 bytes [21:15 01/08/2012] [21:15 01/08/2012]
unite.adr --a---- 1208 bytes [21:42 17/12/2011] [21:42 17/12/2011]
wand.dat --a---- 1111 bytes [21:14 01/08/2012] [21:14 01/08/2012]

C:\Users\Josik\AppData\Roaming\Opera\Opera\dictionaries d------ [21:43 17/12/2011]
dictionaries.xml --a---- 4228 bytes [21:43 17/12/2011] [21:43 17/12/2011]

C:\Users\Josik\AppData\Roaming\Opera\Opera\sessions d------ [21:42 17/12/2011]

C:\Users\Josik\AppData\Roaming\Opera\Opera\styles d------ [21:42 17/12/2011]

C:\Users\Josik\AppData\Roaming\Opera\Opera\styles\user d------ [21:42 17/12/2011]
accessibility.css --a---- 2742 bytes [21:42 17/12/2011] [21:42 17/12/2011]
altdebugger.css --a---- 1353 bytes [21:42 17/12/2011] [21:42 17/12/2011]
classid.css --a---- 1225 bytes [21:42 17/12/2011] [21:42 17/12/2011]
contrastbw.css --a---- 673 bytes [21:42 17/12/2011] [21:42 17/12/2011]
contrastwb.css --a---- 705 bytes [21:42 17/12/2011] [21:42 17/12/2011]
disablebreaks.css --a---- 213 bytes [21:42 17/12/2011] [21:42 17/12/2011]
disablefloats.css --a---- 229 bytes [21:42 17/12/2011] [21:42 17/12/2011]
disableforms.css --a---- 269 bytes [21:42 17/12/2011] [21:42 17/12/2011]
disablepositioning.css --a---- 243 bytes [21:42 17/12/2011] [21:42 17/12/2011]
disabletables.css --a---- 410 bytes [21:42 17/12/2011] [21:42 17/12/2011]
outline.css --a---- 735 bytes [21:42 17/12/2011] [21:42 17/12/2011]
structureblock.css --a---- 4569 bytes [21:42 17/12/2011] [21:42 17/12/2011]
structureinline.css --a---- 2112 bytes [21:42 17/12/2011] [21:42 17/12/2011]
structuretables.css --a---- 2727 bytes [21:42 17/12/2011] [21:42 17/12/2011]
tablelayout.css --a---- 258 bytes [21:42 17/12/2011] [21:42 17/12/2011]
toc.css --a---- 4809 bytes [21:42 17/12/2011] [21:42 17/12/2011]

C:\Users\Josik\AppData\Roaming\Opera\Opera\webserver d------ [21:42 17/12/2011]
users.xml --a---- 35 bytes [21:42 17/12/2011] [21:15 01/08/2012]

C:\Users\Josik\AppData\Roaming\Opera\{870E4A9A-0ADC-4DB4-8847-E8AC1839051B} d------ [12:18 02/08/2012]
Upgrade.exe --a---- 264192 bytes [12:18 02/08/2012] [12:18 02/08/2012]

C:\Users\Josik\AppData\Roaming\SoftGrid Client d------ [23:37 04/06/2011]
shortcut_ex.dat --a---- 17 bytes [23:48 04/06/2011] [23:48 04/06/2011]

C:\Users\Josik\AppData\Roaming\SoftGrid Client\Icon Cache d------ [23:37 04/06/2011]
176FF287-0F46-4B9E-ABF3-91B29AAD040B.ico --a---- 177657 bytes [23:48 04/06/2011] [00:16 09/06/2010]
2040E80B-EAA7-4797-961A-B4120ABAF873.ico --a---- 171139 bytes [23:37 04/06/2011] [00:16 09/06/2010]
6C8C9CBE-AF28-46AA-8CA2-328AB72F0D11.ico --a---- 10134 bytes [23:37 04/06/2011] [00:16 09/06/2010]
765D905D-86F2-40CE-BAF1-5D224B7C23C7.ico --a---- 33833 bytes [23:48 04/06/2011] [00:16 09/06/2010]
D2ACA28C-2C8D-4107-892B-43847C0AF030.ico --a---- 24958 bytes [23:48 04/06/2011] [00:16 09/06/2010]
DA8A351D-9D41-412E-9995-CBF7E7D5969A.ico --a---- 324750 bytes [23:48 04/06/2011] [00:16 09/06/2010]
icon_ex.dat --a---- 1844 bytes [23:48 04/06/2011] [23:48 04/06/2011]

C:\Users\Josik\AppData\Roaming\Sun d------ [12:18 02/08/2012]

C:\Users\Josik\AppData\Roaming\Sun\{3D86B689-E371-4109-9ACD-77611FA46D0B} d------ [12:18 02/08/2012]
Validator.exe --a---- 264192 bytes [12:18 02/08/2012] [12:18 02/08/2012]

C:\Users\Josik\AppData\Roaming\TeamViewer d------ [13:09 01/08/2012]

C:\Users\Josik\AppData\Roaming\TeamViewer\{67331E94-31E7-4C1C-BA62-064EFCC3AB00} d------ [12:18 02/08/2012]
UpgradeChecker.exe --a---- 264192 bytes [12:18 02/08/2012] [12:18 02/08/2012]

C:\Users\Josik\AppData\Roaming\TeamViewer\{B1F83024-6FB4-45CE-B5CF-358193CCB3C5} d------ [12:18 02/08/2012]
UpgradeHelper.exe --a---- 264192 bytes [12:18 02/08/2012] [12:18 02/08/2012]

C:\Users\Josik\AppData\Roaming\TeamViewer\{E1609942-B86F-4517-8D4D-E59167B68DCD} d------ [13:09 01/08/2012]
CBB387A35792465094C0E50EF8A7CED3.dat --a---- 264192 bytes [13:09 01/08/2012] [13:09 01/08/2012]

C:\Users\Josik\AppData\Roaming\TP d------ [23:36 04/06/2011]

C:\Users\Josik\AppData\Roaming\VBA-M d------ [16:22 23/01/2012]
vba.ini --a---- 2492 bytes [16:22 23/01/2012] [23:00 29/02/2012]

C:\Users\Josik\AppData\Roaming\Ventrilo d------ [21:09 17/06/2011]
default.vet --a---- 1193 bytes [21:09 17/06/2011] [21:09 17/06/2011]
ventrilo.log --a---- 284 bytes [21:09 17/06/2011] [21:09 17/06/2011]
ventrilo2.ini --a---- 1449 bytes [21:09 17/06/2011] [18:43 14/08/2011]

C:\Users\Josik\AppData\Roaming\Ventrilo\temp d------ [21:10 17/06/2011]

C:\Users\Josik\AppData\Roaming\vlc d------ [22:23 01/06/2011]
070b1fd49559ee1236e8eeecd6907fad-i686.cache-3 --a---- 1335008 bytes [00:02 06/06/2011] [00:24 01/03/2012]
ml.xspf --a---- 304 bytes [22:24 01/06/2011] [12:53 02/08/2012]
vlc-qt-interface.ini --a---- 1577 bytes [22:23 01/06/2011] [12:53 02/08/2012]
vlcrc --a---- 81225 bytes [22:24 01/06/2011] [00:07 21/11/2011]

C:\Users\Josik\AppData\Roaming\VMware d------ [23:23 25/08/2011]
favorites.vmls --a---- 676 bytes [15:12 26/08/2011] [21:12 20/07/2012]
preferences.ini --a---- 3532 bytes [23:23 25/08/2011] [09:28 26/07/2012]
vmware-1284.dmp --a---- 1726214 bytes [13:48 21/11/2011] [13:48 21/11/2011]

C:\Users\Josik\AppData\Roaming\Windows Desktop Search d------ [12:18 02/08/2012]

C:\Users\Josik\AppData\Roaming\Windows Desktop Search\{F81C1CAA-2D72-48B2-8759-1FEBCC260B39} d------ [12:18 02/08/2012]
LicenseValidator.exe --a---- 264192 bytes [12:18 02/08/2012] [12:18 02/08/2012]

C:\Users\Josik\AppData\Roaming\WinRAR d------ [20:05 01/06/2011]
version.dat --a---- 12 bytes [21:12 01/06/2011] [21:12 01/06/2011]

-= EOF =-