VIRY.CZ

Logfile of random's system information tool 1.06 (written by random/random)
Run by Zdenek at 2010-01-20 15:19:53
Microsoft Windows 7 Ultimate
System drive C: has 34 GB (14%) free of 238 GB
Total RAM: 3070 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:58, on 20.1.2010
Platform: Unknown Windows (WinNT 6.01.3164)
MSIE: Internet Explorer v8.00 (8.00.7260.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\QIP\qip.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Winamp\winamp.exe
C:\Users\Zdenek\Desktop\RSIT.exe
C:\Program Files\trend micro\Zdenek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 88.86.107.55 L2authd.lineage2.com
O1 - Hosts: 88.86.107.55 L2testauthd.lineage2.com
O1 - Hosts: 88.86.107.55 nprotect.lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Zdenek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {DB5D8400-2AE0-4DE8-9E5D-904C2FB273A6} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f57bb607a97f925\aestsrv.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f57bb607a97f925\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - c:\Windows\system32\vfsFPService.exe

--
End of file - 10609 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3405159859-237361420-2487661795-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3405159859-237361420-2487661795-1000UA.job
C:\Windows\tasks\ParetoLogic Registration.job
C:\Windows\tasks\ParetoLogic Update Version2.job
C:\Windows\tasks\PCConfidential.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-09-29 1256512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98}
{ED0E8CA5-42FB-4B18-997B-769E0408E79D}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-09-11 446556]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-09-21 55824]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-09-21 520024]
"DpAgent"=C:\Program Files\DigitalPersona\Bin\dpagent.exe [2009-09-29 842816]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2009-03-10 468264]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-14 102400]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-07-27 321080]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2009-06-13 144384]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-07-12 226904]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2009-06-13 65024]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-06-13 354304]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-06-13 1173504]
"Google Update"=C:\Users\Zdenek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-19 135664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Aktualizovat ESET licenci.lnk - C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-12-09 122880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticetext"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-20 15:04:51 ----D---- C:\Program Files\CCleaner
2010-01-20 14:53:26 ----D---- C:\Program Files\trend micro
2010-01-20 14:53:25 ----D---- C:\rsit
2010-01-20 13:35:33 ----D---- C:\Program Files\Windows Live SkyDrive
2010-01-20 13:35:00 ----D---- C:\Program Files\Windows Live
2010-01-20 13:34:26 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-01-20 13:20:01 ----D---- C:\Program Files\Common Files\Windows Live
2010-01-20 13:18:21 ----D---- C:\Program Files\Microsoft
2010-01-16 18:38:12 ----D---- C:\Users\Zdenek\AppData\Roaming\Hewlett-Packard
2010-01-16 14:09:47 ----D---- C:\ProgramData\Hewlett-Packard
2010-01-16 14:07:34 ----D---- C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
2010-01-13 16:49:20 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-13 16:47:43 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-13 16:34:49 ----D---- C:\Windows\PCHEALTH
2010-01-12 22:47:13 ----D---- C:\Program Files\Validity Sensors, Inc
2010-01-12 21:32:30 ----RA---- C:\Windows\system32\BttnCmn.dll
2010-01-12 21:32:30 ----A---- C:\Windows\system32\BttnCmns.dll
2010-01-12 08:07:43 ----A---- C:\ProgramData\MobileTV.exe
2010-01-12 08:07:42 ----A---- C:\ProgramData\DVD.exe
2010-01-12 08:07:41 ----A---- C:\ProgramData\MPV.exe
2010-01-12 08:07:40 ----A---- C:\ProgramData\Karaoke.exe
2010-01-12 08:07:40 ----A---- C:\ProgramData\Games.exe
2010-01-12 08:07:39 ----A---- C:\ProgramData\hpqp.txt
2010-01-11 13:27:53 ----D---- C:\Windows\system32\appmgmt
2010-01-11 12:44:40 ----D---- C:\ProgramData\ATI
2010-01-11 01:02:47 ----D---- C:\Windows\Panther
2010-01-11 00:30:39 ----HD---- C:\$WINDOWS.~Q
2010-01-11 00:20:02 ----HD---- C:\$INPLACE.~TR
2010-01-10 18:51:04 ----D---- C:\Program Files\ATI Technologies
2010-01-10 18:51:01 ----D---- C:\Program Files\ATI
2010-01-10 17:46:43 ----A---- C:\ProgramData\hpqp.ini
2010-01-10 17:21:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-10 17:14:51 ----SHD---- C:\Recovery
2010-01-10 17:14:50 ----SHD---- C:\ProgramData\Šablony
2010-01-10 17:14:50 ----SHD---- C:\ProgramData\Plocha
2010-01-10 17:14:50 ----SHD---- C:\ProgramData\Oblíbené položky
2010-01-10 17:14:50 ----SHD---- C:\ProgramData\Nabídka Start
2010-01-10 17:14:50 ----SHD---- C:\ProgramData\Dokumenty
2010-01-10 17:14:50 ----SHD---- C:\ProgramData\Data aplikací
2010-01-10 16:12:37 ----SD---- C:\Users\Zdenek\AppData\Roaming\Microsoft
2010-01-10 16:12:37 ----D---- C:\Users\Zdenek\AppData\Roaming\Media Center Programs
2010-01-10 16:08:16 ----D---- C:\Program Files\IDT
2010-01-10 16:08:15 ----A---- C:\Windows\system32\aestecap.dll
2010-01-10 16:08:15 ----A---- C:\Windows\system32\aestaren.dll
2010-01-10 16:08:15 ----A---- C:\Windows\system32\aestacap.dll
2010-01-10 16:08:14 ----A---- C:\Windows\system32\stlang.dll
2010-01-10 16:08:14 ----A---- C:\Windows\system32\idtmini1.exe
2010-01-10 16:08:14 ----A---- C:\Windows\system32\AESTCom.dll
2010-01-10 16:08:14 ----A---- C:\Windows\sttray.exe
2010-01-10 16:08:10 ----D---- C:\Windows\system32\SRSLabs
2010-01-10 16:06:07 ----D---- C:\Program Files\Synaptics
2010-01-10 16:05:39 ----D---- C:\Windows\CSC
2010-01-10 16:04:44 ----D---- C:\Windows\Prefetch
2010-01-06 17:34:45 ----D---- C:\Program Files\PhotoFiltre
2010-01-01 09:57:31 ----D---- C:\ProgramData\WindowsSearch
2009-12-23 12:45:08 ----D---- C:\Users\Zdenek\AppData\Roaming\Ahead
2009-12-23 12:44:43 ----D---- C:\ProgramData\Ahead

======List of files/folders modified in the last 1 months======

2010-01-20 15:19:56 ----D---- C:\Windows\Temp
2010-01-20 15:12:12 ----D---- C:\Windows\debug
2010-01-20 15:12:12 ----D---- C:\Windows
2010-01-20 15:04:51 ----RD---- C:\Program Files
2010-01-20 14:28:10 ----D---- C:\Windows\System32
2010-01-20 14:28:10 ----D---- C:\Windows\inf
2010-01-20 13:36:25 ----D---- C:\Windows\Microsoft.NET
2010-01-20 13:36:16 ----SHD---- C:\Windows\Installer
2010-01-20 13:34:48 ----D---- C:\Windows\winsxs
2010-01-20 13:34:48 ----D---- C:\Windows\system32\config
2010-01-20 13:34:27 ----RSD---- C:\Windows\assembly
2010-01-20 13:20:01 ----D---- C:\Program Files\Common Files
2010-01-20 13:19:44 ----SD---- C:\ProgramData\Microsoft
2010-01-20 13:19:20 ----D---- C:\Windows\system32\drivers
2010-01-20 13:19:19 ----D---- C:\Windows\system32\catroot
2010-01-20 13:19:18 ----D---- C:\Windows\system32\DriverStore
2010-01-20 13:18:41 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-20 13:17:50 ----SHD---- C:\System Volume Information
2010-01-19 14:08:04 ----D---- C:\Windows\Tasks
2010-01-19 14:08:04 ----D---- C:\Windows\system32\Tasks
2010-01-18 19:32:42 ----D---- C:\Users\Zdenek\AppData\Roaming\Skype
2010-01-18 18:22:31 ----D---- C:\Windows\system32\NDF
2010-01-18 17:01:25 ----D---- C:\Users\Zdenek\AppData\Roaming\skypePM
2010-01-18 16:40:25 ----D---- C:\ZDENEK
2010-01-17 22:49:31 ----D---- C:\Windows\system32\catroot2
2010-01-17 13:17:51 ----D---- C:\HRY
2010-01-16 14:23:26 ----D---- C:\Program Files\Hewlett-Packard
2010-01-16 14:23:20 ----D---- C:\Windows\Help
2010-01-16 14:09:58 ----D---- C:\Windows\Logs
2010-01-16 14:09:47 ----HD---- C:\ProgramData
2010-01-16 14:09:24 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-16 14:07:16 ----D---- C:\swsetup
2010-01-15 20:11:25 ----SHD---- C:\$Recycle.Bin
2010-01-15 19:48:31 ----D---- C:\Users\Zdenek\AppData\Roaming\uTorrent
2010-01-14 17:16:54 ----D---- C:\ProgramData\Microsoft Help
2010-01-14 17:15:56 ----RSD---- C:\Windows\Fonts
2010-01-14 17:15:19 ----D---- C:\Program Files\Microsoft Works
2010-01-14 17:02:00 ----N---- C:\Windows\win.ini
2010-01-14 17:01:59 ----D---- C:\Program Files\Common Files\System
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 21:31:16 ----D---- C:\Users\Zdenek\AppData\Roaming\Audacity
2010-01-13 18:20:00 ----D---- C:\ProgramData\Adobe
2010-01-13 18:20:00 ----D---- C:\Program Files\Common Files\Adobe
2010-01-13 18:19:55 ----D---- C:\Program Files\Adobe
2010-01-11 13:39:53 ----D---- C:\Users\Zdenek\AppData\Roaming\hpqLog
2010-01-11 01:02:46 ----D---- C:\Windows\system32\oobe
2010-01-11 01:02:32 ----RASH---- C:\BOOTSECT.BAK
2010-01-11 01:02:29 ----SHD---- C:\Boot
2010-01-11 00:59:02 ----SD---- C:\Windows\system32\Microsoft
2010-01-11 00:59:02 ----D---- C:\Windows\system32\winevt
2010-01-10 22:46:20 ----D---- C:\Windows\system32\LogFiles
2010-01-10 18:17:48 ----D---- C:\Program Files\ESET
2010-01-10 18:10:25 ----D---- C:\Windows\system32\restore
2010-01-10 17:54:37 ----D---- C:\Windows\system32\wdi
2010-01-10 17:19:22 ----D---- C:\Windows\system32\wbem
2010-01-10 17:14:54 ----D---- C:\Windows\SoftwareDistribution
2010-01-10 17:14:50 ----D---- C:\Program Files\Windows NT
2010-01-10 16:53:31 ----D---- C:\Windows\Registration
2010-01-10 16:51:23 ----RSD---- C:\Windows\Media
2010-01-10 16:51:16 ----HD---- C:\Windows\system32\GroupPolicy
2010-01-10 16:44:10 ----RD---- C:\Users
2010-01-10 16:37:02 ----D---- C:\Users\Zdenek\AppData\Roaming\Wireshark
2010-01-10 16:37:01 ----D---- C:\Users\Zdenek\AppData\Roaming\Winamp
2010-01-10 16:37:00 ----D---- C:\Users\Zdenek\AppData\Roaming\Ventrilo
2010-01-10 16:36:56 ----D---- C:\Users\Zdenek\AppData\Roaming\Tonium
2010-01-10 16:36:50 ----RHD---- C:\Users\Zdenek\AppData\Roaming\SecuROM
2010-01-10 16:36:50 ----D---- C:\Users\Zdenek\AppData\Roaming\PSpad
2010-01-10 16:36:50 ----D---- C:\Users\Zdenek\AppData\Roaming\ProfiCAD
2010-01-10 16:36:48 ----D---- C:\Users\Zdenek\AppData\Roaming\Opera
2010-01-10 16:36:48 ----D---- C:\Users\Zdenek\AppData\Roaming\Nero
2010-01-10 16:36:48 ----D---- C:\Users\Zdenek\AppData\Roaming\Mp3 Editor for Free
2010-01-10 16:36:48 ----D---- C:\Users\Zdenek\AppData\Roaming\Mozilla
2010-01-10 16:36:32 ----D---- C:\Users\Zdenek\AppData\Roaming\Microchip
2010-01-10 16:36:32 ----D---- C:\Users\Zdenek\AppData\Roaming\Macrovision
2010-01-10 16:36:17 ----D---- C:\Users\Zdenek\AppData\Roaming\Macromedia
2010-01-10 16:36:17 ----D---- C:\Users\Zdenek\AppData\Roaming\Logitech
2010-01-10 16:36:17 ----D---- C:\Users\Zdenek\AppData\Roaming\Identities
2010-01-10 16:36:17 ----D---- C:\Users\Zdenek\AppData\Roaming\IcoFX
2010-01-10 16:36:17 ----D---- C:\Users\Zdenek\AppData\Roaming\HP
2010-01-10 16:36:17 ----D---- C:\Users\Zdenek\AppData\Roaming\Hewlett Packard Company
2010-01-10 16:36:17 ----D---- C:\Users\Zdenek\AppData\Roaming\Hamachi
2010-01-10 16:36:17 ----D---- C:\Users\Zdenek\AppData\Roaming\GetRightToGo
2010-01-10 16:36:17 ----D---- C:\Users\Zdenek\AppData\Roaming\ESET
2010-01-10 16:36:17 ----D---- C:\Users\Zdenek\AppData\Roaming\DriverCure
2010-01-10 16:36:16 ----D---- C:\Users\Zdenek\AppData\Roaming\DivX
2010-01-10 16:36:16 ----D---- C:\Users\Zdenek\AppData\Roaming\DigitalPersona
2010-01-10 16:36:16 ----D---- C:\Users\Zdenek\AppData\Roaming\DAEMON Tools Pro
2010-01-10 16:36:16 ----D---- C:\Users\Zdenek\AppData\Roaming\DAEMON Tools Lite
2010-01-10 16:36:16 ----D---- C:\Users\Zdenek\AppData\Roaming\CyberLink
2010-01-10 16:36:12 ----D---- C:\Users\Zdenek\AppData\Roaming\BSplayer Pro
2010-01-10 16:36:12 ----D---- C:\Users\Zdenek\AppData\Roaming\BSplayer
2010-01-10 16:36:12 ----D---- C:\Users\Zdenek\AppData\Roaming\BITS
2010-01-10 16:36:12 ----D---- C:\Users\Zdenek\AppData\Roaming\ATI
2010-01-10 16:36:11 ----D---- C:\Users\Zdenek\AppData\Roaming\Adobe
2010-01-10 16:23:43 ----D---- C:\Windows\WindowsMobile
2010-01-10 16:23:43 ----D---- C:\Windows\Users
2010-01-10 16:23:43 ----D---- C:\Windows\system32\zh-TW
2010-01-10 16:23:43 ----D---- C:\Windows\system32\zh-HK
2010-01-10 16:23:43 ----D---- C:\Windows\system32\zh-CN
2010-01-10 16:23:42 ----D---- C:\Windows\system32\XPSViewer
2010-01-10 16:23:42 ----D---- C:\Windows\system32\WCN
2010-01-10 16:23:42 ----D---- C:\Windows\system32\uk-UA
2010-01-10 16:23:42 ----D---- C:\Windows\system32\tr-TR
2010-01-10 16:23:42 ----D---- C:\Windows\system32\tr
2010-01-10 16:23:42 ----D---- C:\Windows\system32\th-TH
2010-01-10 16:23:42 ----D---- C:\Windows\system32\sv-SE
2010-01-10 16:23:42 ----D---- C:\Windows\system32\sv
2010-01-10 16:23:41 ----D---- C:\Windows\system32\sr-Latn-CS
2010-01-10 16:23:35 ----D---- C:\Windows\system32\sl-SI
2010-01-10 16:23:35 ----D---- C:\Windows\system32\sk-SK
2010-01-10 16:23:34 ----D---- C:\Windows\system32\ru-RU
2010-01-10 16:23:34 ----D---- C:\Windows\system32\ru
2010-01-10 16:23:34 ----D---- C:\Windows\system32\ro-RO
2010-01-10 16:23:33 ----D---- C:\Windows\system32\RemInst
2010-01-10 16:23:33 ----D---- C:\Windows\system32\pt-PT
2010-01-10 16:23:33 ----D---- C:\Windows\system32\pt-BR
2010-01-10 16:23:32 ----D---- C:\Windows\system32\pl-PL
2010-01-10 16:23:32 ----D---- C:\Windows\system32\no-NO
2010-01-10 16:23:32 ----D---- C:\Windows\system32\no
2010-01-10 16:23:32 ----D---- C:\Windows\system32\nl-NL
2010-01-10 16:23:32 ----D---- C:\Windows\system32\nb-NO
2010-01-10 16:23:31 ----D---- C:\Windows\system32\Macromed
2010-01-10 16:23:31 ----D---- C:\Windows\system32\lv-LV
2010-01-10 16:23:31 ----D---- C:\Windows\system32\lt-LT
2010-01-10 16:23:30 ----D---- C:\Windows\system32\ko-KR
2010-01-10 16:23:30 ----D---- C:\Windows\system32\ko
2010-01-10 16:23:30 ----D---- C:\Windows\system32\ja-JP
2010-01-10 16:23:30 ----D---- C:\Windows\system32\ja
2010-01-10 16:23:30 ----D---- C:\Windows\system32\it-IT
2010-01-10 16:23:29 ----D---- C:\Windows\system32\it
2010-01-10 16:23:29 ----D---- C:\Windows\system32\hu-HU
2010-01-10 16:23:29 ----D---- C:\Windows\system32\hr-HR
2010-01-10 16:23:29 ----D---- C:\Windows\system32\HPMDP
2010-01-10 16:23:29 ----D---- C:\Windows\system32\he-IL
2010-01-10 16:23:27 ----D---- C:\Windows\system32\Hauppauge
2010-01-10 16:23:27 ----D---- C:\Windows\system32\fr-FR
2010-01-10 16:23:27 ----D---- C:\Windows\system32\fr
2010-01-10 16:23:27 ----D---- C:\Windows\system32\fi-FI
2010-01-10 16:23:26 ----D---- C:\Windows\system32\EventProviders
2010-01-10 16:23:26 ----D---- C:\Windows\system32\et-EE
2010-01-10 16:23:26 ----D---- C:\Windows\system32\es-ES
2010-01-10 16:23:26 ----D---- C:\Windows\system32\es
2010-01-10 16:23:26 ----D---- C:\Windows\system32\en-US
2010-01-10 16:23:26 ----D---- C:\Windows\system32\el-GR
2010-01-10 16:23:25 ----DC---- C:\Windows\system32\DRVSTORE
2010-01-10 16:23:24 ----D---- C:\Windows\system32\de-DE
2010-01-10 16:23:24 ----D---- C:\Windows\system32\de
2010-01-10 16:23:24 ----D---- C:\Windows\system32\da-DK
2010-01-10 16:23:23 ----D---- C:\Windows\system32\da
2010-01-10 16:23:23 ----D---- C:\Windows\system32\cs-CZ
2010-01-10 16:23:22 ----D---- C:\Windows\system32\Branding
2010-01-10 16:23:22 ----D---- C:\Windows\system32\bg-BG
2010-01-10 16:23:22 ----D---- C:\Windows\system32\ar-SA
2010-01-10 16:23:16 ----D---- C:\Windows\system
2010-01-10 16:23:16 ----D---- C:\Windows\ShellNew
2010-01-10 16:23:15 ----D---- C:\Windows\rescache
2010-01-10 16:23:14 ----D---- C:\Windows\Options
2010-01-10 16:23:14 ----D---- C:\Windows\nap
2010-01-10 16:23:03 ----D---- C:\Windows\IME
2010-01-10 16:22:54 ----D---- C:\Windows\DPDrv
2010-01-10 16:22:54 ----D---- C:\Windows\Downloaded Program Files
2010-01-10 16:22:54 ----D---- C:\Windows\DigitalLocker
2010-01-10 16:22:54 ----D---- C:\Windows\Cursors
2010-01-10 16:22:54 ----D---- C:\Windows\Boot
2010-01-10 16:22:50 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-01-10 16:22:50 ----D---- C:\ProgramData\Winferno
2010-01-10 16:22:50 ----D---- C:\ProgramData\Trymedia
2010-01-10 16:22:50 ----D---- C:\ProgramData\Test Drive Unlimited
2010-01-10 16:22:50 ----D---- C:\ProgramData\Temp
2010-01-10 16:22:50 ----D---- C:\ProgramData\Skype
2010-01-10 16:22:40 ----D---- C:\ProgramData\ParetoLogic
2010-01-10 16:22:40 ----D---- C:\ProgramData\Nero
2010-01-10 16:22:19 ----D---- C:\ProgramData\Macrovision
2010-01-10 16:22:10 ----D---- C:\ProgramData\Logitech
2010-01-10 16:22:10 ----D---- C:\ProgramData\LogiShrd
2010-01-10 16:22:10 ----D---- C:\ProgramData\LightScribe
2010-01-10 16:22:10 ----D---- C:\ProgramData\Lavasoft
2010-01-10 16:22:04 ----D---- C:\ProgramData\HP
2010-01-10 16:21:58 ----D---- C:\ProgramData\ESET
2010-01-10 16:21:58 ----D---- C:\ProgramData\DriverCure
2010-01-10 16:21:58 ----D---- C:\ProgramData\Downloaded Installations
2010-01-10 16:21:58 ----D---- C:\ProgramData\CyberLink
2010-01-10 16:21:58 ----D---- C:\ProgramData\CSY
2010-01-10 16:21:58 ----D---- C:\ProgramData\Blizzard
2010-01-10 16:21:58 ----D---- C:\ProgramData\Atheros
2010-01-10 16:21:57 ----D---- C:\Program Files\Xvid CZ
2010-01-10 16:21:57 ----D---- C:\Program Files\Wireshark
2010-01-10 16:21:51 ----D---- C:\Program Files\WinRAR
2010-01-10 16:21:50 ----D---- C:\Program Files\WinPcap
2010-01-10 16:21:49 ----D---- C:\Program Files\Windows Photo Gallery
2010-01-10 16:21:49 ----D---- C:\Program Files\Windows Collaboration
2010-01-10 16:21:49 ----D---- C:\Program Files\Windows Calendar
2010-01-10 16:21:48 ----D---- C:\Program Files\Winamp
2010-01-10 16:21:26 ----D---- C:\Program Files\Webteh
2010-01-10 16:21:26 ----D---- C:\Program Files\VertrigoServ
2010-01-10 16:21:02 ----D---- C:\Program Files\uTorrent
2010-01-10 16:20:58 ----D---- C:\Program Files\Teco
2010-01-10 16:20:58 ----D---- C:\Program Files\Stylish Profile
2010-01-10 16:20:58 ----D---- C:\Program Files\SpeedFan
2010-01-10 16:20:57 ----RD---- C:\Program Files\Skype
2010-01-10 16:20:56 ----D---- C:\Program Files\Realtek
2010-01-10 16:20:56 ----D---- C:\Program Files\PSPad editor
2010-01-10 16:20:49 ----D---- C:\Program Files\ProfiCAD
2010-01-10 16:20:32 ----D---- C:\Program Files\Poedit
2010-01-10 16:20:29 ----D---- C:\Program Files\Paint.NET
2010-01-10 16:20:27 ----D---- C:\Program Files\Packet Tracer 5.0
2010-01-10 16:20:27 ----D---- C:\Program Files\Opera
2010-01-10 16:20:22 ----D---- C:\Program Files\NCH Swift Sound
2010-01-10 16:20:22 ----D---- C:\Program Files\Music AlarmClock v2
2010-01-10 16:20:22 ----D---- C:\Program Files\MSECache
2010-01-10 16:20:22 ----D---- C:\Program Files\Mplayer
2010-01-10 16:20:20 ----D---- C:\Program Files\Mp3 Editor for Free
2010-01-10 16:20:20 ----D---- C:\Program Files\Microsoft.NET
2010-01-10 16:20:19 ----D---- C:\Program Files\Microsoft Visual Studio
2010-01-10 16:20:18 ----D---- C:\Program Files\Microsoft Office
2010-01-10 16:19:39 ----D---- C:\Program Files\Microsoft Games
2010-01-10 16:19:39 ----D---- C:\Program Files\Microchip
2010-01-10 16:19:34 ----D---- C:\Program Files\Logitech
2010-01-10 16:19:32 ----D---- C:\Program Files\Lavasoft
2010-01-10 16:19:32 ----D---- C:\Program Files\Lavalys
2010-01-10 16:19:23 ----D---- C:\Program Files\Java
2010-01-10 16:19:14 ----D---- C:\Program Files\IcoFX 1.6
2010-01-10 16:19:14 ----D---- C:\Program Files\HP DVB-T TV Tuner
2010-01-10 16:18:41 ----D---- C:\Program Files\Hp
2010-01-10 16:18:39 ----D---- C:\Program Files\Guitar Pro 5
2010-01-10 16:18:20 ----D---- C:\Program Files\GIF Movie Gear
2010-01-10 16:18:19 ----D---- C:\Program Files\FreshDevices
2010-01-10 16:18:19 ----D---- C:\Program Files\FlashGet Network
2010-01-10 16:18:19 ----D---- C:\Program Files\EVEREST Ultimate Edition
2010-01-10 16:18:15 ----D---- C:\Program Files\DsNET Corp
2010-01-10 16:18:15 ----D---- C:\Program Files\DivX
2010-01-10 16:18:13 ----D---- C:\Program Files\DigitalPersona
2010-01-10 16:18:06 ----D---- C:\Program Files\DIFX
2010-01-10 16:17:52 ----D---- C:\Program Files\CyberLink
2010-01-10 16:17:52 ----D---- C:\Program Files\CursorXP
2010-01-10 16:17:49 ----D---- C:\Program Files\Common Files\Skype
2010-01-10 16:17:49 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-01-10 16:17:48 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-01-10 16:17:48 ----D---- C:\Program Files\Common Files\Nero
2010-01-10 16:17:44 ----D---- C:\Program Files\Common Files\Mosaic
2010-01-10 16:17:22 ----D---- C:\Program Files\Common Files\Logishrd
2010-01-10 16:17:21 ----D---- C:\Program Files\Common Files\LightScribe
2010-01-10 16:17:19 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-10 16:17:18 ----D---- C:\Program Files\Common Files\INCA Shared
2010-01-10 16:17:18 ----D---- C:\Program Files\Common Files\DivX Shared
2010-01-10 16:17:18 ----D---- C:\Program Files\Common Files\DESIGNER
2010-01-10 16:17:18 ----D---- C:\Program Files\Common Files\Ahead
2010-01-10 16:17:17 ----D---- C:\Program Files\Codec Pack - All In 1
2010-01-10 16:17:16 ----D---- C:\Program Files\Broadcom
2010-01-10 16:17:16 ----D---- C:\Program Files\AVerMedia
2010-01-10 16:17:16 ----D---- C:\Program Files\Audacity 1.3
2010-01-10 16:17:08 ----D---- C:\Program Files\Atheros
2010-01-10 16:17:08 ----D---- C:\Program Files\Anti-Blaxx
2010-01-10 16:17:08 ----D---- C:\Program Files\AMD
2010-01-10 16:14:02 ----D---- C:\Windows\system32\CodeIntegrity
2010-01-10 16:11:29 ----D---- C:\Windows\system32\sysprep
2009-12-26 13:08:14 ----A---- C:\Windows\QIII.INI

Díky moc, máte asi hodně práce.

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ComboFix 10-01-21.01 - Zdenek 21.01.2010 21:17:29.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7260.0.1250.420.1029.18.3070.2114 [GMT 1:00]
Spuštěný z: c:\users\Zdenek\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3405159859-237361420-2487661795-1001
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\users\Zdenek\AppData\Local\Temp\sfamcc00001.dll
c:\users\Zdenek\AppData\Local\Temp\sfareca00001.dll
c:\users\Zdenek\AppData\Roaming\BITS
c:\users\Zdenek\AppData\Roaming\BITS\BITS.ini
c:\users\Zdenek\AppData\Roaming\BITS\DHTTable.dat
c:\users\Zdenek\AppData\Roaming\BITS\ProxyList.ini
c:\users\Zdenek\AppData\Roaming\BITS\UPnP.ini
c:\users\Zdenek\Documents\cc_20100120_151742.reg
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 20:28 . 2010-01-21 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-20 21:11 . 2010-01-20 21:11 -------- d-----w- c:\programdata\ATI
2010-01-20 14:04 . 2010-01-20 14:04 -------- d-----w- c:\program files\CCleaner
2010-01-20 13:53 . 2010-01-20 14:19 -------- d-----w- c:\program files\trend micro
2010-01-20 13:53 . 2010-01-20 13:53 -------- d-----w- C:\rsit
2010-01-20 12:35 . 2010-01-20 12:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-20 12:35 . 2010-01-20 12:36 -------- d-----w- c:\program files\Windows Live
2010-01-20 12:34 . 2010-01-20 12:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-20 12:20 . 2010-01-20 12:20 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-20 12:18 . 2010-01-20 12:35 -------- d-----w- c:\program files\Microsoft
2010-01-19 13:08 . 2010-01-19 13:09 -------- d-----w- c:\users\Zdenek\AppData\Local\Google
2010-01-19 13:07 . 2010-01-19 13:07 -------- d-----w- c:\users\Zdenek\AppData\Local\Deployment
2010-01-19 13:07 . 2010-01-19 13:07 -------- d-----w- c:\users\Zdenek\AppData\Local\Apps
2010-01-18 11:24 . 2010-01-18 11:26 -------- d-----w- c:\users\Zdenek\AppData\Local\Microsoft Games
2010-01-17 19:42 . 2010-01-17 19:42 3424 ------w- C:\bootsqm.dat
2010-01-16 17:38 . 2010-01-16 17:38 -------- d-----w- c:\users\Zdenek\AppData\Roaming\Hewlett-Packard
2010-01-16 17:37 . 2010-01-16 17:37 -------- d-----w- c:\users\Zdenek\AppData\Local\Hewlett-Packard
2010-01-16 13:09 . 2010-01-16 13:23 -------- d-----w- c:\programdata\Hewlett-Packard
2010-01-16 13:07 . 2010-01-16 13:07 -------- d-----w- c:\programdata\{657095DF-DBDB-4B17-8245-B38845C97069}
2010-01-13 21:13 . 2010-01-13 21:13 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-01-13 15:49 . 2010-01-20 13:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 15:47 . 2010-01-13 15:47 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-13 15:34 . 2010-01-13 15:34 -------- d-----w- c:\windows\PCHEALTH
2010-01-13 12:39 . 2010-01-13 12:39 -------- d-----w- c:\users\Zdenek\AppData\Local\WindowsUpdate
2010-01-12 21:47 . 2010-01-12 21:47 -------- d-----w- c:\program files\Validity Sensors, Inc
2010-01-12 20:32 . 2008-09-08 13:31 1885488 ----a-w- c:\windows\system32\BttnCmns.dll
2010-01-12 20:32 . 2008-09-08 13:31 1885488 ----a-r- c:\windows\system32\BttnCmn.dll
2010-01-11 15:41 . 2010-01-17 12:31 -------- d-----w- c:\users\Zdenek\AppData\Local\Diagnostics
2010-01-11 00:02 . 2010-01-10 16:15 -------- d-----w- c:\windows\Panther
2010-01-10 23:30 . 2010-01-10 15:56 -------- d-----w- C:\$WINDOWS.~Q
2010-01-10 23:20 . 2010-01-10 23:25 -------- d-----w- C:\$INPLACE.~TR
2010-01-10 17:51 . 2010-01-20 21:10 -------- d-----w- c:\program files\ATI Technologies
2010-01-10 17:51 . 2010-01-10 17:51 -------- d-----w- c:\program files\ATI
2010-01-10 16:27 . 2010-01-14 19:51 90312 ----a-w- c:\users\Zdenek\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-10 16:26 . 2010-01-10 16:37 -------- d-----w- c:\users\Zdenek\AppData\Local\ElevatedDiagnostics
2010-01-10 16:20 . 2010-01-10 16:20 -------- d-----r- c:\users\Zdenek\Virtual Machines
2010-01-10 16:19 . 2010-01-21 17:57 -------- d-----w- c:\windows\system32\wbem\Performance
2010-01-10 15:53 . 2010-01-10 15:53 21496 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-10 15:09 . 2010-01-10 15:09 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-10 15:08 . 2010-01-10 15:19 -------- d-----w- c:\program files\IDT
2010-01-10 15:08 . 2008-06-27 14:53 376832 ----a-w- c:\windows\system32\aestecap.dll
2010-01-10 15:08 . 2008-06-27 14:53 53248 ----a-w- c:\windows\system32\aestaren.dll
2010-01-10 15:08 . 2008-06-27 14:53 133632 ----a-w- c:\windows\system32\aestacap.dll
2010-01-10 15:08 . 2008-09-11 10:50 446556 ----a-w- c:\windows\sttray.exe
2010-01-10 15:08 . 2008-09-11 10:49 2875392 ----a-w- c:\windows\system32\stlang.dll
2010-01-10 15:08 . 2008-09-11 10:48 532480 ----a-w- c:\windows\system32\idtmini1.exe
2010-01-10 15:08 . 2008-06-27 14:53 73728 ----a-w- c:\windows\system32\AESTCom.dll
2010-01-10 15:08 . 2010-01-10 15:08 -------- d-----w- c:\windows\system32\SRSLabs
2010-01-10 15:06 . 2010-01-10 15:06 -------- d-----w- c:\program files\Synaptics
2010-01-06 16:34 . 2010-01-10 15:20 -------- d-----w- c:\program files\PhotoFiltre
2010-01-01 08:57 . 2010-01-10 15:22 -------- d-----w- c:\programdata\WindowsSearch
2009-12-23 11:45 . 2010-01-10 15:36 -------- d-----w- c:\users\Zdenek\AppData\Roaming\Ahead
2009-12-23 11:44 . 2010-01-10 15:21 -------- d-----w- c:\programdata\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 17:57 . 2007-01-08 21:09 612916 ----a-w- c:\windows\system32\perfh005.dat
2010-01-21 17:57 . 2007-01-08 21:09 119812 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 21:06 . 2010-01-20 21:06 10134 ----a-r- c:\users\Zdenek\AppData\Roaming\Microsoft\Installer\{844BD550-45F4-AD73-412F-CF40CFAFA5E9}\ARPPRODUCTICON.exe
2010-01-20 20:26 . 2009-03-21 19:51 -------- d-----w- c:\users\Zdenek\AppData\Roaming\Skype
2010-01-20 20:21 . 2009-03-21 19:55 -------- d-----w- c:\users\Zdenek\AppData\Roaming\skypePM
2010-01-18 11:23 . 2010-01-12 07:07 2331174 ----a-w- c:\programdata\Karaoke.exe
2010-01-18 11:23 . 2010-01-12 07:07 2331174 ----a-w- c:\programdata\Karaoke.exe
2010-01-16 13:23 . 2009-03-21 17:27 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-16 13:09 . 2009-03-21 17:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 18:53 . 2010-01-15 18:53 660912 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{70A4A6E6-6327-06E6-F2EC-044DE43D315D}-AcroPDF.dll
2010-01-15 18:48 . 2009-03-22 15:25 -------- d-----w- c:\users\Zdenek\AppData\Roaming\uTorrent
2010-01-14 20:15 . 2010-01-14 20:15 61888 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{30A21A01-C9C8-7EDA-0BBE-AFF265E07195}-AcroIEHelper.dll
2010-01-14 16:16 . 2009-10-10 13:04 -------- d-----w- c:\programdata\Microsoft Help
2010-01-14 16:15 . 2009-10-10 13:09 -------- d-----w- c:\program files\Microsoft Works
2010-01-14 15:55 . 2010-01-14 15:55 75200 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{BBE9070D-AE0A-18E1-89DE-0929DEDFFE8B}-AcroIEHelperShim.dll
2010-01-14 10:12 . 2009-10-02 16:40 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 20:31 . 2009-11-21 18:43 -------- d-----w- c:\users\Zdenek\AppData\Roaming\Audacity
2010-01-13 17:20 . 2009-03-22 11:59 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 07:07 . 2010-01-12 07:07 3063561 ----a-w- c:\programdata\MobileTV.exe
2010-01-12 07:07 . 2010-01-12 07:07 3063561 ----a-w- c:\programdata\MobileTV.exe
2010-01-12 07:07 . 2010-01-12 07:07 2989660 ----a-w- c:\programdata\DVD.exe
2010-01-12 07:07 . 2010-01-12 07:07 2989660 ----a-w- c:\programdata\DVD.exe
2010-01-12 07:07 . 2010-01-12 07:07 2864396 ----a-w- c:\programdata\MPV.exe
2010-01-12 07:07 . 2010-01-12 07:07 2864396 ----a-w- c:\programdata\MPV.exe
2010-01-12 07:07 . 2010-01-12 07:07 2231606 ----a-w- c:\programdata\Games.exe
2010-01-12 07:07 . 2010-01-12 07:07 2231606 ----a-w- c:\programdata\Games.exe
2010-01-12 07:01 . 2010-01-12 07:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-11 16:22 . 2010-01-11 16:22 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-01-11 12:39 . 2009-09-10 13:49 -------- d-----w- c:\users\Zdenek\AppData\Roaming\hpqLog
2010-01-10 17:17 . 2009-03-22 15:17 -------- d-----w- c:\program files\ESET
2010-01-10 16:14 . 2010-01-10 16:14 -------- d-sh--we c:\programdata\Plocha
2010-01-10 16:14 . 2010-01-10 16:14 -------- d-sh--we c:\programdata\Oblíbené položky
2010-01-10 16:14 . 2010-01-10 16:14 -------- d-sh--we c:\programdata\Šablony
2010-01-10 16:14 . 2010-01-10 16:14 -------- d-sh--we c:\programdata\Nabídka Start
2010-01-10 16:14 . 2010-01-10 16:14 -------- d-sh--we c:\programdata\Dokumenty
2010-01-10 16:14 . 2010-01-10 16:14 -------- d-sh--we c:\programdata\Data aplikací
2010-01-10 15:37 . 2009-12-07 12:09 -------- d-----w- c:\users\Zdenek\AppData\Roaming\Wireshark
2010-01-10 15:37 . 2009-07-24 17:57 -------- d-----w- c:\users\Zdenek\AppData\Roaming\Winamp
2010-01-10 15:37 . 2009-03-23 16:14 -------- d-----w- c:\users\Zdenek\AppData\Roaming\Ventrilo
2010-01-10 15:22 . 2009-08-31 08:31 -------- d-----w- c:\programdata\Winferno
2010-01-10 15:22 . 2009-04-24 17:18 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-01-10 15:22 . 2009-04-04 12:34 -------- d-----w- c:\programdata\Test Drive Unlimited
2010-01-10 15:22 . 2009-03-24 09:40 -------- d-----w- c:\programdata\Trymedia
2010-01-10 15:22 . 2009-03-21 19:50 -------- d-----w- c:\programdata\Skype
2010-01-10 15:22 . 2009-05-10 13:39 -------- d-----w- c:\programdata\ParetoLogic
2010-01-10 15:22 . 2009-04-17 20:57 -------- d-----w- c:\programdata\Nero
2010-01-10 15:22 . 2009-03-21 22:48 -------- d-----w- c:\programdata\Macrovision
2010-01-10 15:22 . 2009-04-24 17:18 -------- d-----w- c:\programdata\Lavasoft
2010-01-10 15:22 . 2009-04-18 09:29 -------- d-----w- c:\programdata\LightScribe
2010-01-10 15:22 . 2009-04-10 12:04 -------- d-----w- c:\programdata\LogiShrd
2010-01-10 15:22 . 2009-04-10 12:01 -------- d-----w- c:\programdata\Logitech
2010-01-10 15:22 . 2009-10-22 17:29 -------- d-----w- c:\programdata\HP
2010-01-10 15:20 . 2009-11-10 15:21 -------- d-----w- c:\program files\Teco
2010-01-10 15:19 . 2009-06-13 18:35 -------- d-----w- c:\program files\Microsoft Games
2010-01-10 15:19 . 2009-03-22 12:33 -------- d-----w- c:\program files\Microchip
2010-01-10 15:19 . 2009-04-10 12:01 -------- d-----w- c:\program files\Logitech
2010-01-10 15:19 . 2009-04-29 14:21 -------- d-----w- c:\program files\Lavalys
2010-01-10 15:19 . 2009-04-24 17:18 -------- d-----w- c:\program files\Lavasoft
2010-01-10 15:19 . 2009-05-17 08:09 -------- d-----w- c:\program files\Java
2010-01-10 15:19 . 2009-09-07 10:22 -------- d-----w- c:\program files\HP DVB-T TV Tuner
2010-01-10 15:19 . 2009-04-22 13:36 -------- d-----w- c:\program files\IcoFX 1.6
2010-01-10 15:18 . 2009-03-21 22:43 -------- d-----w- c:\program files\Hp
2010-01-10 15:18 . 2009-04-05 15:26 -------- d-----w- c:\program files\Guitar Pro 5
2010-01-10 15:18 . 2009-10-22 16:08 -------- d-----w- c:\program files\GIF Movie Gear
2010-01-10 15:18 . 2009-12-07 09:18 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-01-10 15:18 . 2009-05-28 16:47 -------- d-----w- c:\program files\FreshDevices
2010-01-10 15:18 . 2009-11-24 17:53 -------- d-----w- c:\program files\DsNET Corp
2010-01-10 15:18 . 2009-07-20 21:46 -------- d-----w- c:\program files\DivX
2010-01-10 15:18 . 2009-03-21 22:48 -------- d-----w- c:\program files\DigitalPersona
2010-01-10 15:18 . 2009-03-21 19:46 -------- d-----w- c:\program files\DIFX
2010-01-10 15:11 . 2010-01-10 15:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-10 15:09 . 2010-01-10 15:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2010-01-10 15:06 . 2010-01-10 15:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-01-10 12:13 . 2009-03-21 15:38 3380 ----a-w- c:\windows\bthservsdp.dat
2009-12-29 19:49 . 2009-10-24 19:52 833 ----a-w- c:\users\Zdenek\AppData\Roaming\Mp3 Editor for Free\mef.dll
2009-12-08 15:28 . 2009-12-08 15:19 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-12-08 15:28 . 2009-12-08 15:19 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-11-30 18:22 . 2009-09-21 17:23 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-27 08:44 . 2009-11-27 08:44 233472 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2009-11-12 06:24 . 2009-11-12 06:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-10 15:22 . 2009-11-10 15:22 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-11-10 15:22 . 2009-11-10 15:22 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2009-11-10 15:22 . 2009-11-10 15:22 383 ----a-w- c:\windows\system32\haspdos.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-06-13 10:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-06-13 09:16 . 2009-06-13 07:52 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7260.0_none_62d3af6ebde9da73\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-06-13 09:17 442880 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-06-13 144384]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-06-13 65024]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-06-13 354304]
"Google Update"="c:\users\Zdenek\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-19 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-03-10 468264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-8-22 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R0 amdxata;amdxata;c:\windows\System32\drivers\amdxata.sys [13.6.2009 7:20 23616]
R0 CLFS;Systém souborů CLFS;c:\windows\System32\clfs.sys [13.6.2009 8:22 249408]
R0 CNG;CNG;c:\windows\System32\drivers\cng.sys [13.6.2009 8:43 369568]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [13.6.2009 8:32 58432]
R0 fvevol;Ovladač filtru nástroje Bitlocker Drive Encryption;c:\windows\System32\drivers\fvevol.sys [13.6.2009 8:24 194488]
R0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [13.6.2009 8:22 13888]
R0 KSecPkg;KSecPkg;c:\windows\System32\drivers\ksecpkg.sys [13.6.2009 8:44 133184]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [24.4.2009 18:21 64160]
R0 msahci;msahci;c:\windows\System32\drivers\msahci.sys [13.6.2009 8:56 27728]
R0 msisadrv;msisadrv;c:\windows\System32\drivers\msisadrv.sys [13.6.2009 8:22 13904]
R0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [13.6.2009 8:22 42560]
R0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [13.6.2009 8:33 173632]
R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [13.6.2009 5:49 17472]
R0 storflt;Diskový ovladač filtru akcelerace sběrnice virtuálního počítače;c:\windows\System32\drivers\vmstorfl.sys [13.6.2009 23:36 40784]
R0 vdrvroot;Ovladač rozpoznávacího modulu virtuální jednotky společnosti Microsoft;c:\windows\System32\drivers\vdrvroot.sys [13.6.2009 8:57 32848]
R0 volmgr;Ovladač správce svazků;c:\windows\System32\drivers\volmgr.sys [13.6.2009 8:22 53312]
R0 volmgrx;Správce dynamických svazků;c:\windows\System32\drivers\volmgrx.sys [13.6.2009 8:22 297024]
R1 blbdrive;blbdrive;c:\windows\System32\drivers\blbdrive.sys [13.6.2009 8:34 35328]
R1 CSC;Ovladač souborů pro režim offline;c:\windows\System32\drivers\csc.sys [13.6.2009 8:26 387584]
R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [13.6.2009 8:25 77824]
R1 discache;System Attribute Cache;c:\windows\System32\drivers\discache.sys [13.6.2009 8:35 32256]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 nsiproxy;NSI proxy service driver.;c:\windows\System32\drivers\nsiproxy.sys [13.6.2009 8:23 16896]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [13.6.2009 9:12 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\System32\drivers\RDPREFMP.sys [13.6.2009 9:12 7168]
R1 tdx;Ovladač pro podporu zastaralého rozhraní TDI NetIO;c:\windows\System32\drivers\tdx.sys [13.6.2009 8:23 74240]
R1 Wanarpv6;Ovladač pro vzdálený přístup IPv6 ARP;c:\windows\System32\drivers\wanarp.sys [13.6.2009 9:05 63488]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\System32\drivers\wfplwf.sys [13.6.2009 9:04 9728]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2009/10/17 18:28];c:\program files\Hp\QuickPlay\000.fcl [17.10.2009 17:23 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f57bb607a97f925\AEstSrv.exe [21.3.2009 20:47 77824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [14.8.2009 3:15 176128]
R2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [29.9.2003 6:30 110592]
R2 AudioEndpointBuilder;Koncové vytváření služby Windows Audio;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
R2 BFE;Služba BFE (Base Filtering Engine);c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [13.6.2009 8:30 20480]
R2 CscService;Soubory offline;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
R2 DPS;Služba DPS (Diagnostic Policy Service);c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [13.6.2009 8:30 20480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [14.5.2009 15:49 38240]
R2 FDResPub;Publikování prostředků rozpoznávání funkcí;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [13.6.2009 8:30 20480]
R2 gpsvc;Klient zásad skupiny;c:\windows\system32\svchost.exe -k netsvcs [13.6.2009 8:30 20480]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [8.7.2009 13:48 26168]
R2 IKEEXT;Služba IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [13.6.2009 8:30 20480]
R2 iphlpsvc;Pomocná služba protokolu IP;c:\windows\System32\svchost.exe -k NetSvcs [13.6.2009 8:30 20480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 22:34 1028432]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\System32\drivers\lltdio.sys [13.6.2009 9:03 47616]
R2 luafv;Virtualizace souborů nástroje Řízení uživatelských účtů;c:\windows\System32\drivers\luafv.sys [13.6.2009 8:26 86528]
R2 MpsSvc;Brána Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [13.6.2009 8:30 20480]
R2 NlaSvc;Sledování umístění v síti (NLA);c:\windows\System32\svchost.exe -k NetworkService [13.6.2009 8:30 20480]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [6.11.2007 21:22 34064]
R2 nsi;Služba rozhraní síťového úložiště;c:\windows\system32\svchost.exe -k LocalService [13.6.2009 8:30 20480]
R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [13.6.2009 8:45 586752]
R2 Power;Napájení;c:\windows\system32\svchost.exe -k DcomLaunch [13.6.2009 8:30 20480]
R2 ProfSvc;Služba Profil uživatele;c:\windows\system32\svchost.exe -k netsvcs [13.6.2009 8:30 20480]
R2 RpcEptMapper;Mapovač koncových bodů protokolu RPC;c:\windows\system32\svchost.exe -k RPCSS [13.6.2009 8:30 20480]
R2 sppsvc;Ochrana před softwarem;c:\windows\System32\sppsvc.exe [13.6.2009 9:49 3179520]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [13.6.2009 9:04 34816]
R2 UxSms;Správce relací správce oken plochy;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [16.9.2008 10:33 599344]
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [13.6.2009 8:30 20480]
R2 Wlansvc;Automatická konfigurace sítě WLAN;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
R3 1394ohci;Hostitelský řadič pro rozhraní OHCI standardu 1394;c:\windows\System32\drivers\1394ohci.sys [13.6.2009 9:02 163328]
R3 Appinfo;Informace o aplikaci;c:\windows\system32\svchost.exe -k netsvcs [13.6.2009 8:30 20480]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\System32\drivers\AVerAF15.sys [21.3.2009 20:56 280448]
R3 bowser;Ovladač podpory prohlížeče;c:\windows\System32\drivers\bowser.sys [13.6.2009 8:25 69632]
R3 circlass;Uživatelská infračervená zařízení;c:\windows\System32\drivers\circlass.sys [13.6.2009 9:01 37888]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [12.1.2010 21:32 228408]
R3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice;c:\windows\System32\drivers\CompositeBus.sys [13.6.2009 8:56 31232]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [13.6.2009 8:37 720896]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [4.9.2008 17:47 54784]
R3 fdPHost;Hostitel poskytovatele rozpoznávání funkce;c:\windows\system32\svchost.exe -k LocalService [13.6.2009 8:30 20480]
R3 HomeGroupListener;Naslouchací proces domácí skupiny;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
R3 HomeGroupProvider;Zprostředkovatel domácích skupin;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [13.6.2009 8:30 20480]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [17.4.2009 8:48 114528]
R3 KeyIso;Izolace klíče CNG;c:\windows\System32\lsass.exe [13.6.2009 8:23 22528]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft;c:\windows\System32\drivers\monitor.sys [13.6.2009 8:36 23552]
R3 mpsdrv;Ovladač ověření brány Windows Firewall;c:\windows\System32\drivers\mpsdrv.sys [13.6.2009 9:03 59904]
R3 mrxsmb10;Mini-přesměrovač SMB 1.x;c:\windows\System32\drivers\mrxsmb10.sys [13.6.2009 8:25 221184]
R3 mrxsmb20;Mini-přesměrovač SMB 2.0;c:\windows\System32\drivers\mrxsmb20.sys [13.6.2009 8:25 95232]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\System32\drivers\nwifi.sys [13.6.2009 9:02 267264]
R3 netprofm;Služba seznamu sítí;c:\windows\System32\svchost.exe -k LocalService [13.6.2009 8:30 20480]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\System32\drivers\agilevpn.sys [13.6.2009 9:05 49152]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\System32\drivers\rdpbus.sys [13.6.2009 9:13 18432]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [27.11.2009 9:44 233472]
R3 srv2;Ovladač pro server SMB 2.xxx;c:\windows\System32\drivers\srv2.sys [13.6.2009 8:26 306688]
R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [13.6.2009 8:25 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [13.6.2009 9:04 108544]
R3 umbus;Ovladač sběrnice UMBus Enumerator;c:\windows\System32\drivers\umbus.sys [13.6.2009 9:02 39936]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [21.3.2009 20:45 22072]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [16.9.2008 10:33 40752]
R3 WdiServiceHost;Hostitel diagnostické služby;c:\windows\System32\svchost.exe -k LocalService [13.6.2009 8:30 20480]
R3 WdiSystemHost;Hostitel diagnostického systému;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [23.3.2009 12:13 721904]
S2 MMCSS;Služba Plánovač multimédií;c:\windows\system32\svchost.exe -k netsvcs [13.6.2009 8:30 20480]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\System32\drivers\acpipmi.sys [13.6.2009 8:27 9728]
S3 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [10.6.2009 22:19 422976]
S3 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [13.6.2009 7:20 297552]
S3 amdsata;amdsata;c:\windows\System32\drivers\amdsata.sys [10.6.2009 22:19 79952]
S3 amdsbs;amdsbs;c:\windows\System32\drivers\amdsbs.sys [10.6.2009 22:20 159296]
S3 AppID;Ovladač AppID;c:\windows\System32\drivers\appid.sys [13.6.2009 8:47 50176]
S3 AppIDSvc;Identita aplikace;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [13.6.2009 8:30 20480]
S3 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [13.6.2009 7:20 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\System32\drivers\bxvbdx.sys [10.6.2009 22:17 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [13.6.2009 7:14 229888]
S3 BDESVC;Služba BitLocker Drive Encryption;c:\windows\System32\svchost.exe -k netsvcs [13.6.2009 8:30 20480]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [13.6.2009 10:05 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [13.6.2009 10:04 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [13.6.2009 10:02 272128]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [13.6.2009 10:04 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [13.6.2009 10:04 12160]
S3 CertPropSvc;Šíření certifikátů;c:\windows\system32\svchost.exe -k netsvcs [13.6.2009 8:30 20480]
S3 defragsvc;Defragmentace disku;c:\windows\system32\svchost.exe -k defragsvc [13.6.2009 8:30 20480]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\System32\drivers\evbdx.sys [10.6.2009 22:17 3100160]
S3 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [10.6.2009 22:19 453696]
S3 Filetrace;Filetrace;c:\windows\System32\drivers\filetrace.sys [13.6.2009 8:26 28160]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [13.6.2009 8:30 20480]
S3 FsDepends;File System Dependency Minifilter;c:\windows\System32\drivers\fsdepends.sys [13.6.2009 8:26 46160]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\System32\drivers\hcw85cir.sys [13.6.2009 8:05 26624]
S3 HpSAMD;HpSAMD;c:\windows\System32\drivers\HpSAMD.sys [13.6.2009 7:20 67136]
S3 iaStorV;iaStorV;c:\windows\System32\drivers\iaStorV.sys [10.6.2009 22:19 332352]
S3 IPBusEnum;Rozpoznávací modul sběrnice PnP-X IP;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
S3 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [13.6.2009 8:41 65536]
S3 iScsiPrt;iScsiPort Driver;c:\windows\System32\drivers\msiscsi.sys [13.6.2009 8:57 186944]
S3 KtmRm;Služba KTMRM pro koordinátor DTC;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [13.6.2009 8:30 20480]
S3 lltdsvc;Mapovač zjišťování topologie linkové vrstvy;c:\windows\System32\svchost.exe -k LocalService [13.6.2009 8:30 20480]
S3 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [13.6.2009 7:20 95808]
S3 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [13.6.2009 7:20 89152]
S3 LSI_SAS2;LSI_SAS2;c:\windows\System32\drivers\lsi_sas2.sys [13.6.2009 7:20 54864]
S3 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [13.6.2009 7:20 96832]
S3 megasas;megasas;c:\windows\System32\drivers\megasas.sys [10.6.2009 22:19 30800]
S3 mpio;mpio;c:\windows\System32\drivers\mpio.sys [13.6.2009 8:56 130624]
S3 msdsm;msdsm;c:\windows\System32\drivers\msdsm.sys [13.6.2009 8:57 115776]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [13.6.2009 9:01 4096]
S3 MSiSCSI;Služba iniciátoru iSCSI společnosti Microsoft;c:\windows\system32\svchost.exe -k netsvcs [13.6.2009 8:30 20480]
S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [13.6.2009 8:23 162368]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\System32\drivers\MTConfig.sys [13.6.2009 8:57 12288]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\System32\drivers\ndiscap.sys [13.6.2009 9:03 27136]
S3 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [13.6.2009 7:20 44624]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [10.6.2009 22:19 142400]
S3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe -k PeerDist [13.6.2009 8:30 20480]
S3 pla;Výstrahy a protokolování výkonu;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [13.6.2009 8:30 20480]
S3 PNRPAutoReg;Služba publikování názvu počítače pomocí protokolu PNRP;c:\windows\System32\svchost.exe -k LocalServicePeerNet [13.6.2009 8:30 20480]
S3 ql2300;ql2300;c:\windows\System32\drivers\ql2300.sys [10.6.2009 22:20 1383488]
S3 ql40xx;ql40xx;c:\windows\System32\drivers\ql40xx.sys [13.6.2009 7:20 106048]
S3 s3cap;s3cap;c:\windows\System32\drivers\vms3cap.sys [13.6.2009 23:36 5632]
S3 scfilter;Ovladač filtru čipových karet třídy PnP;c:\windows\System32\drivers\scfilter.sys [13.6.2009 8:44 26624]
S3 SCPolicySvc;Zásady odebrání čipové karty;c:\windows\system32\svchost.exe -k netsvcs [13.6.2009 8:30 20480]
S3 SDRSVC;Windows Zálohování;c:\windows\system32\svchost.exe -k SDRSVC [13.6.2009 8:30 20480]
S3 SensrSvc;Adaptivní jas;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [13.6.2009 8:30 20480]
S3 SessionEnv;Konfigurace vzdálené plochy;c:\windows\System32\svchost.exe -k netsvcs [13.6.2009 8:30 20480]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [13.6.2009 8:56 12288]
S3 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [13.6.2009 7:20 77904]
S3 Smb;Protokol TCP/IP a TCP/IPv6 orientovaný na zprávy (relace SMB);c:\windows\System32\drivers\smb.sys [13.6.2009 9:04 71168]
S3 sppuinotify;Služba Oznámení platformy SPP;c:\windows\system32\svchost.exe -k LocalService [13.6.2009 8:30 20480]
S3 stexstor;stexstor;c:\windows\System32\drivers\stexstor.sys [13.6.2009 7:20 21072]
S3 storvsc;storvsc;c:\windows\System32\drivers\storvsc.sys [13.6.2009 23:36 28240]
S3 TabletInputService;Služba Vstupní panel počítače Tablet PC;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
S3 TBS;Služba TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [13.6.2009 8:30 20480]
S3 THREADORDER;Server pro řazení podprocesů;c:\windows\system32\svchost.exe -k LocalService [13.6.2009 8:30 20480]
S3 TrustedInstaller;Instalační služba modulů systému Windows;c:\windows\servicing\TrustedInstaller.exe [13.6.2009 8:33 204800]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [13.6.2009 9:12 30208]
S3 UI0Detect;Zjišťování interaktivních služeb;c:\windows\System32\UI0Detect.exe [13.6.2009 8:47 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [13.6.2009 8:36 57408]
S3 UmRdpService;Přesměrovač portů uživatelského režimu služby Vzdálená plocha;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [13.6.2009 9:01 85504]
S3 VaultSvc;Správce pověření;c:\windows\System32\lsass.exe [13.6.2009 8:23 22528]
S3 vhdmp;vhdmp;c:\windows\System32\drivers\vhdmp.sys [13.6.2009 8:57 159808]
S3 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [13.6.2009 8:22 52736]
S3 vmbus;Sběrnice virtuálního počítače;c:\windows\System32\drivers\vmbus.sys [13.6.2009 23:36 175808]
S3 VMBusHID;VMBusHID;c:\windows\System32\drivers\VMBusHID.sys [13.6.2009 23:36 17792]
S3 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [10.6.2009 22:20 141888]
S3 vwifibus;Ovladač sběrnice Virtual WiFi;c:\windows\System32\drivers\vwifibus.sys [13.6.2009 9:02 19968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [13.6.2009 8:57 21632]
S3 wbengine;Služba jádra pro zálohování dat na úrovni bloků;c:\windows\System32\wbengine.exe [13.6.2009 8:34 1202688]
S3 WbioSrvc;Biometrická služba systému Windows;c:\windows\system32\svchost.exe -k WbioSvcGroup [13.6.2009 8:30 20480]
S3 wcncsvc;Technologie Windows Connect Now – Registrátor konfigurací;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [13.6.2009 8:30 20480]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [13.6.2009 8:30 20480]
S3 Wd;Wd;c:\windows\System32\drivers\wd.sys [13.6.2009 8:22 19024]
S3 Wecsvc;Sběr událostí systému Windows;c:\windows\system32\svchost.exe -k NetworkService [13.6.2009 8:30 20480]
S3 wercplsupport;Podpora ovládacího panelu Oznámení a řešení problémů;c:\windows\System32\svchost.exe -k netsvcs [13.6.2009 8:30 20480]
S3 WerSvc;Služba Zasílání zpráv o chybách systému Windows;c:\windows\System32\svchost.exe -k WerSvcGroup [13.6.2009 8:30 20480]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [13.6.2009 8:29 19008]
S3 WinRM;Vzdálená správa systému Windows (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [13.6.2009 8:30 20480]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [13.6.2009 8:30 20480]
S3 WPDBusEnum;Služba Výčet přenosných zařízení;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [13.6.2009 8:30 20480]
S3 WwanSvc;Automatická konfigurace sítě WWAN;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [13.6.2009 8:30 20480]
S4 Mcx2Svc;Služba zařízení Media Center Extender;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [13.6.2009 8:30 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
PeerDist REG_MULTI_SZ PeerDistSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Obsah adresáře 'Naplánované úlohy'

2010-01-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:23]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3405159859-237361420-2487661795-1000Core.job
- c:\users\Zdenek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-19 13:07]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3405159859-237361420-2487661795-1000UA.job
- c:\users\Zdenek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-19 13:07]

2010-01-20 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-01-08 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://search13.net/
uStart Page = hxxp://www.facebook.com/home.php
uCustomizeSearch = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
IE: {{DB5D8400-2AE0-4DE8-9E5D-904C2FB273A6} - c:\program files\FreshDevices\FreshDownload\fd.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 21:33
Windows 6.1.7260 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 21:33
Windows 6.1.7260 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 21:33
Windows 6.1.7260 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 21:33
Windows 6.1.7260 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 21:33
Windows 6.1.7260 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 21:33
Windows 6.1.7260 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 21:33
Windows 6.1.7260 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 21:33
Windows 6.1.7260 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 21:33
Windows 6.1.7260 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 21:33
Windows 6.1.7260 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 21:33
Windows 6.1.7260 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(580)
c:\windows\system32\DPPWDFLT.DLL

- - - - - - - > 'Explorer.exe'(2648)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\program files\CursorXP\CurXP0.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f57bb607a97f925\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AMD\RAIDXpert\_jvm\bin\java.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-01-21 21:40:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-21 20:40

Před spuštěním: Volných bajtů: 33 171 324 928
Po spuštění: Volných bajtů: 33 144 881 152

- - End Of File - - E73FE7C291AC22D6F09C2471FBF839AD

Několik položek bylo smazáno, zbytek logu vypadá čistý. Nastala nějaká změna?

Rapidní změna nenastala, ale tak hlavně, že tam nic není.

Dále mám problém s vytěžéváním CPU při flash/java aplikacích, ale to sem asi nepatří už. tak díky za kontrolu

strike píše:Dále mám problém s vytěžéváním CPU při flash/java aplikacích, ale to sem asi nepatří už. tak díky za kontrolu

Reinstalujte FlashPlayer. Nemáte zač!