Prosím o kontrolu logu Děkuji

Zpráva

pajin · #1 Příspěvek od **pajin** » 18 pro 2011 08:52

Dobrý den přítelkyně po kliknuti na odkaz na facebooku nebo nevím kde prý nainstalovala do noteboku něco a od té doby pc po cca 10 min běhu zamrzne a nejde s ním nic dělat.Ani restart nic jen ho na tvrdo vypnout.Děkuji zde je log

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2011-12-18 08:41:11
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 94 GB (53%) free of 177 GB
Total RAM: 3070 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:41:31, on 18.12.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Pavel\Downloads\RSIT(1).exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60747
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 9656 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{B8258E05-34E5-4CC3-8932-304D961C9A3F}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\u1sdupan.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/"
prefs.js - "keyword.URL" - "http://zinkwink.com/?clid=891fa181add34 ... &keywords="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\Toolbar\firefox\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa2,version=2.0.0]
"Description"=Picasa2 plugin
"Path"=C:\Program Files\Picasa2\npPicasa2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
GoogleDesktopMozilla.dll
GoogleDesktopMozillaStub.js
GoogleDesktopMozillaStub.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\u1sdupan.default\extensions\
DTToolbar@toolbarnet.com
{ecdee021-0d17-467f-a1ff-c7a115230949}

C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\u1sdupan.default\searchplugins\
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-12-02 1237240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-11-30 342192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-18 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll [2011-11-30 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-12-31 2349080]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-11-30 342192]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-12-02 1237240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2008-07-19 104936]
"P2Go_Menu"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-12 98304]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-23 7766016]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-16 6253088]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2008-01-25 1208320]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-07 1029416]
"PowerForPhone"=C:\Program Files\P4P\P4P.exe [2007-08-03 778240]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2008-10-25 3054136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"Skytel"=C:\Windows\Skytel.exe [2008-07-16 1833504]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-08-09 417112]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"wave2"=serwvdrv.dll
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-12-18 08:41:11 ----D---- C:\rsit
2011-12-18 08:41:11 ----D---- C:\Program Files\trend micro
2011-12-18 08:10:31 ----D---- C:\Program Files\Crawler
2011-12-18 08:10:18 ----A---- C:\Windows\system32\drivers\sp_rsdrv2.sys
2011-12-17 10:15:19 ----A---- C:\Windows\system32\drivers\aswFW.sys
2011-12-17 10:14:13 ----A---- C:\Windows\system32\drivers\aswNdis2.sys
2011-12-17 10:14:08 ----A---- C:\Windows\system32\drivers\aswNdis.sys
2011-12-16 17:56:59 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-12-16 17:56:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-12-16 17:56:57 ----A---- C:\Windows\system32\EncDec.dll
2011-12-16 17:56:55 ----A---- C:\Windows\system32\win32k.sys
2011-12-16 17:56:51 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-16 17:56:41 ----A---- C:\Windows\system32\tzres.dll
2011-12-16 17:56:23 ----A---- C:\Windows\system32\wininet.dll
2011-12-16 17:56:23 ----A---- C:\Windows\system32\urlmon.dll
2011-12-16 17:56:23 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-16 17:56:23 ----A---- C:\Windows\system32\iertutil.dll
2011-12-16 17:56:22 ----A---- C:\Windows\system32\url.dll
2011-12-16 17:56:22 ----A---- C:\Windows\system32\mshtml.dll
2011-12-16 17:56:21 ----A---- C:\Windows\system32\ieframe.dll
2011-12-16 17:56:18 ----A---- C:\Windows\system32\occache.dll
2011-12-16 17:56:18 ----A---- C:\Windows\system32\mstime.dll
2011-12-16 17:56:18 ----A---- C:\Windows\system32\msfeeds.dll
2011-12-16 17:56:18 ----A---- C:\Windows\system32\iedkcs32.dll
2011-12-16 17:56:17 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-16 17:56:17 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-12-16 17:56:17 ----A---- C:\Windows\system32\licmgr10.dll
2011-12-16 17:56:17 ----A---- C:\Windows\system32\ieUnatt.exe
2011-12-16 17:56:17 ----A---- C:\Windows\system32\ieui.dll
2011-12-16 17:56:17 ----A---- C:\Windows\system32\iesysprep.dll
2011-12-16 17:56:17 ----A---- C:\Windows\system32\iesetup.dll
2011-12-16 17:56:17 ----A---- C:\Windows\system32\iernonce.dll
2011-12-16 17:56:17 ----A---- C:\Windows\system32\iepeers.dll
2011-12-16 17:56:14 ----A---- C:\Windows\system32\msfeedssync.exe
2011-12-16 17:56:14 ----A---- C:\Windows\system32\ie4uinit.exe
2011-12-03 23:30:10 ----D---- C:\Windows\system32\AGEIA
2011-12-03 23:30:10 ----D---- C:\Program Files\AGEIA Technologies
2011-12-03 23:29:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-12-03 23:28:00 ----D---- C:\Program Files\Electronic Arts
2011-12-03 22:04:07 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-12-03 22:04:07 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-11-27 00:10:21 ----D---- C:\Users\Pavel\AppData\Roaming\ICQ
2011-11-27 00:10:14 ----D---- C:\Program Files\ICQ7.7
2011-11-26 20:16:48 ----D---- C:\ProgramData\M-Photo
2011-11-26 20:16:13 ----D---- C:\Kalvos
2011-11-26 20:16:06 ----D---- C:\Program Files\Kalvos
2011-11-26 20:16:05 ----A---- C:\Windows\system32\Kalvos_Kalvos Designer_uninstaller.exe
2011-11-23 19:51:02 ----A---- C:\Windows\ODBC.INI
2011-11-23 19:51:01 ----A---- C:\Windows\system32\whiptkw.dll
2011-11-23 19:51:01 ----A---- C:\Windows\system32\texturew.dll
2011-11-23 19:51:01 ----A---- C:\Windows\system32\mtlw.dll
2011-11-23 19:51:01 ----A---- C:\Windows\system32\MSVCRT10.DLL
2011-11-23 19:51:01 ----A---- C:\Windows\system32\dllongw.dll
2011-11-23 19:51:00 ----A---- C:\Windows\system32\heidiw.dll
2011-11-23 19:51:00 ----A---- C:\Windows\system32\heidi3.dll
2011-11-23 19:51:00 ----A---- C:\Windows\system32\dbjavio6.dll
2011-11-23 19:51:00 ----A---- C:\Windows\system32\dbauth6.dll
2011-11-23 19:50:59 ----A---- C:\Windows\ODBCINST.INI
2011-11-23 19:50:54 ----A---- C:\Windows\Crypkey.ini
2011-11-23 19:50:51 ----RA---- C:\Windows\Setup_ck.exe
2011-11-23 19:50:51 ----A---- C:\Windows\system32\Crypserv.exe
2011-11-23 19:50:51 ----A---- C:\Windows\system32\Ckldrv.sys
2011-11-23 19:50:51 ----A---- C:\Windows\Setup_ck.dll
2011-11-23 19:50:51 ----A---- C:\Windows\Ckrfresh.exe
2011-11-23 19:50:51 ----A---- C:\Windows\Ckconfig.exe
2011-11-23 19:50:37 ----D---- C:\ProgramData\ELIT eTECH
2011-11-23 19:50:33 ----A---- C:\Windows\system32\FileOps.exe
2011-11-23 19:50:32 ----D---- C:\Windows\system32\Adobe
2011-11-23 19:50:30 ----D---- C:\Program Files\Workshop
2011-11-20 19:49:56 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-11-20 19:49:56 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-11-20 19:49:54 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-11-20 19:49:54 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-11-20 19:49:54 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-11-20 19:49:53 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-11-20 19:49:12 ----A---- C:\Windows\avastSS.scr
2011-11-20 19:49:11 ----A---- C:\Windows\system32\aswBoot.exe
2011-11-20 19:48:52 ----D---- C:\ProgramData\AVAST Software
2011-11-20 19:48:52 ----D---- C:\Program Files\AVAST Software

======List of files/folders modified in the last 1 month======

2011-12-18 08:41:23 ----D---- C:\Windows\Prefetch
2011-12-18 08:41:14 ----D---- C:\Windows\Temp
2011-12-18 08:41:11 ----RD---- C:\Program Files
2011-12-18 08:38:08 ----A---- C:\Windows\system32\acovcnt.exe
2011-12-18 08:36:39 ----HD---- C:\ProgramData
2011-12-18 08:10:18 ----D---- C:\Windows\system32\drivers
2011-12-18 08:07:15 ----D---- C:\Windows\System32
2011-12-18 08:07:15 ----D---- C:\Windows\inf
2011-12-18 08:07:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-17 23:55:22 ----SHD---- C:\System Volume Information
2011-12-17 11:54:00 ----D---- C:\Windows\Tasks
2011-12-17 10:20:46 ----D---- C:\Windows
2011-12-17 10:15:08 ----D---- C:\Windows\system32\catroot
2011-12-17 09:59:19 ----D---- C:\Program Files\Google
2011-12-17 09:17:08 ----D---- C:\Windows\system32\Tasks
2011-12-17 09:11:56 ----D---- C:\Windows\system32\config
2011-12-17 09:06:26 ----D---- C:\Program Files\Windows Media Player
2011-12-17 09:06:26 ----D---- C:\Program Files\Common Files\System
2011-12-17 09:06:26 ----D---- C:\Program Files\Common Files\microsoft shared
2011-12-17 08:59:14 ----SHD---- C:\Windows\Installer
2011-12-16 21:10:09 ----D---- C:\Windows\Debug
2011-12-16 19:31:30 ----D---- C:\Windows\rescache
2011-12-16 19:22:01 ----D---- C:\Windows\winsxs
2011-12-16 19:08:45 ----D---- C:\Program Files\Windows Mail
2011-12-16 19:08:44 ----D---- C:\Windows\system32\migration
2011-12-16 19:08:44 ----D---- C:\Windows\system32\cs-CZ
2011-12-16 19:08:44 ----D---- C:\Program Files\Internet Explorer
2011-12-16 19:07:07 ----D---- C:\ProgramData\Microsoft Help
2011-12-16 19:07:06 ----RSD---- C:\Windows\assembly
2011-12-16 19:05:04 ----A---- C:\Windows\system32\mrt.exe
2011-12-16 19:01:58 ----D---- C:\Windows\system32\catroot2
2011-12-08 20:50:20 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2011-12-03 23:29:31 ----D---- C:\Program Files\Common Files
2011-12-03 22:16:11 ----HD---- C:\Program Files\InstallShield Installation Information
2011-12-03 22:04:09 ----D---- C:\Windows\Microsoft.NET
2011-11-27 09:32:28 ----D---- C:\Program Files\Mozilla Firefox
2011-11-26 20:25:04 ----SD---- C:\Users\Pavel\AppData\Roaming\Microsoft
2011-11-25 14:20:25 ----D---- C:\Windows\system32\WDI
2011-11-23 19:50:32 ----D---- C:\Program Files\Common Files\Adobe
2011-11-23 09:04:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-11-20 18:15:18 ----D---- C:\ProgramData\Symantec

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\Windows\system32\drivers\aswNdis2.sys [2011-11-28 195416]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-05-07 317976]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-02-23 43872]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-10-30 436792]
R1 aswFW;avast! TDI Firewall driver; C:\Windows\system32\drivers\aswFW.sys [2011-11-28 111320]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2004-07-30 31654]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-07-28 685056]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-09 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-28 3544064]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-06-17 146824]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-16 2156312]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-25 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETwNv32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETwNv32.sys [2010-07-14 6680064]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-05-02 122368]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2008-01-25 1090304]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-07 196400]
S3 ahz0r2bt;ahz0r2bt; C:\Windows\system32\drivers\ahz0r2bt.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-03-17 81960]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-03-17 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-03-17 17320]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [2011-07-11 18768]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [2011-03-22 30600]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RT-USB;Ross-Tech USB driver; C:\Windows\system32\drivers\RT-USB.sys [2007-11-16 54400]
S3 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [2011-03-22 19280]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-28 667648]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-10 518696]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2004-04-15 73728]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IMFservice;IMF Service; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-14 135664]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-25 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-14 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-14 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

pajin · #2 Příspěvek od **pajin** » 18 pro 2011 08:54

info.txt logfile of random's system information tool 1.09 2011-12-18 08:41:34

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Actualizare Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0418-0000-0000000FF1CE} /uninstall {6195740F-0C89-4CDD-ACAD-67CCE1495348}
Actualizare Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0418-0000-0000000FF1CE} /uninstall {E78703E2-69D3-4204-B101-9D8B7B72585C}
Actualizare Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0418-0000-0000000FF1CE} /uninstall {1531AE8C-8271-4A8C-9ABA-86AE70B0DA82}
Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Adobe Reader 8 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A81200000003}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced SystemCare 4-->"C:\Program Files\IObit\Advanced SystemCare 4\unins000.exe"
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Aktualizácia Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {9A8C39B0-D27F-4F81-BE74-2FECF164707E}
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {CE23B3DC-18CC-46FC-A309-81D6670F8D3D}
Aktualizácia Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}
ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Power4Gear eXtreme-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe"
ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\setup.EXE" -l0x9
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\setup.exe -runfromtemp -l0x0009 -removeonly
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
avast! Internet Security-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
ccc-Branding-->MsiExec.exe /I{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}
CyberLink LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
eTECH-->C:\PROGRA~1\Workshop\UNWISE.EXE C:\PROGRA~1\Workshop\INSTALL.LOG
ETKA-->"C:\Windows\cluninst.exe"
Express Gate-->MsiExec.exe /I{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE /U C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Game Booster 3-->"C:\Program Files\IObit\Game Booster\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_DC5D2AFB0F84E8D8.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ICQ7.7-->"C:\Program Files\InstallShield Installation Information\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
IObit Malware Fighter-->"C:\Program Files\IObit\IObit Malware Fighter\unins000.exe"
Kalvos Designer-->"C:\Windows\system32\Kalvos_Kalvos Designer_uninstaller.exe" uninstall
ĹíçěĺńůěÝíç Ýęäďóç Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0408-0000-0000000FF1CE} /uninstall {08A4BDB3-7A63-4F59-B9FA-EE80ADE88DC2}
ĹíçěĺńůěÝíç Ýęäďóç Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0408-0000-0000000FF1CE} /uninstall {C52A655D-F8AE-485D-908D-62CEC754B6A4}
ĹíçěĺńůěÝíç Ýęäďóç Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0408-0000-0000000FF1CE} /uninstall {054186C0-F351-472E-84E8-D5E16FA08241}
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0408-0000-0000000FF1CE} /uninstall {C913F31D-FF3E-47F6-95E6-7E417D37A76E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0418-0000-0000000FF1CE} /uninstall {3DFBDBEE-B82A-47D9-8134-B86A98280A8E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0408-0000-0000000FF1CE} /uninstall {C913F31D-FF3E-47F6-95E6-7E417D37A76E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0418-0000-0000000FF1CE} /uninstall {3DFBDBEE-B82A-47D9-8134-B86A98280A8E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0408-0000-0000000FF1CE} /uninstall {C913F31D-FF3E-47F6-95E6-7E417D37A76E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0418-0000-0000000FF1CE} /uninstall {3DFBDBEE-B82A-47D9-8134-B86A98280A8E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0408-0000-0000000FF1CE} /uninstall {C913F31D-FF3E-47F6-95E6-7E417D37A76E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0418-0000-0000000FF1CE} /uninstall {3DFBDBEE-B82A-47D9-8134-B86A98280A8E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0408-0000-0000000FF1CE} /uninstall {C913F31D-FF3E-47F6-95E6-7E417D37A76E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0418-0000-0000000FF1CE} /uninstall {3DFBDBEE-B82A-47D9-8134-B86A98280A8E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0408-0000-0000000FF1CE} /uninstall {C913F31D-FF3E-47F6-95E6-7E417D37A76E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0418-0000-0000000FF1CE} /uninstall {3DFBDBEE-B82A-47D9-8134-B86A98280A8E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0408-0000-0000000FF1CE} /uninstall {E3B92295-785F-4FF7-8BE1-67E86F5F8140}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0418-0000-0000000FF1CE} /uninstall {CEDDCA72-ED57-4CE5-B55D-A50EE2CD3CCF}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (Greek) 2007-->MsiExec.exe /X{90120000-0015-0408-0000-0000000FF1CE}
Microsoft Office Access MUI (Romanian) 2007-->MsiExec.exe /X{90120000-0015-0418-0000-0000000FF1CE}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Greek) 2007-->MsiExec.exe /X{90120000-0016-0408-0000-0000000FF1CE}
Microsoft Office Excel MUI (Romanian) 2007-->MsiExec.exe /X{90120000-0016-0418-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Greek) 2007-->MsiExec.exe /X{90120000-001A-0408-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Romanian) 2007-->MsiExec.exe /X{90120000-001A-0418-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Greek) 2007-->MsiExec.exe /X{90120000-0018-0408-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Romanian) 2007-->MsiExec.exe /X{90120000-0018-0418-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Greek) 2007-->MsiExec.exe /X{90120000-001F-0408-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Romanian) 2007-->MsiExec.exe /X{90120000-001F-0418-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Greek) 2007-->MsiExec.exe /X{90120000-002C-0408-0000-0000000FF1CE}
Microsoft Office Proofing (Romanian) 2007-->MsiExec.exe /X{90120000-002C-0418-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0408-0000-0000000FF1CE} /uninstall {3C7DCB2F-8EA1-4558-B8F5-1107C4055A0B}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0418-0000-0000000FF1CE} /uninstall {6E3398C5-9A81-4054-B474-8B23A60F5048}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Greek) 2007-->MsiExec.exe /X{90120000-0019-0408-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Romanian) 2007-->MsiExec.exe /X{90120000-0019-0418-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Greek) 2007-->MsiExec.exe /X{90120000-006E-0408-0000-0000000FF1CE}
Microsoft Office Shared MUI (Romanian) 2007-->MsiExec.exe /X{90120000-006E-0418-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Greek) 2007-->MsiExec.exe /X{90120000-001B-0408-0000-0000000FF1CE}
Microsoft Office Word MUI (Romanian) 2007-->MsiExec.exe /X{90120000-001B-0418-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co81.dll,SM56UnInstaller
Mozilla Firefox 8.0 (x86 cs)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.EXE" -l0x9
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
P4P-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}
Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}
Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
Smart Defrag 2-->"C:\Program Files\IObit\Smart Defrag 2\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Traktor 2-->"C:\TopCD\Traktor 2\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Outlook 2007 (KB2583910)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BDC21583-5601-4B2B-88F3-7919F6DE8FB1}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (KB2596560)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2964DDE1-4925-4DF1-AF2C-0A36B3442228}
USB 2.0 1.3M UVC WebCam-->C:\Windows\snuninst.exe /name='USB 2.0 1.3M UVC WebCam'
Web Security Guard with Crawler Toolbar-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
WIDCOMM Bluetooth Software-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.EXE" -l0x9
WinRAR 4.01 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe -runfromtemp -l0x0009 -removeonly

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Pavel-PC
Event Code: 4373
Message: Služba Windows Servicing úspěšně nastavila stav balíčku Package_28_for_KB935509~31bf3856ad364e35~x86~~6.0.1.9() na Rozfázovaný(Staged).
Record Number: 44212
Source Name: Microsoft-Windows-Servicing
Time Written: 20111017013242.000000-000
Event Type: Informace
User:

Computer Name: Pavel-PC
Event Code: 4373
Message: Služba Windows Servicing úspěšně nastavila stav balíčku Package_289_for_KB967723~31bf3856ad364e35~x86~~6.0.1.7() na Nainstalováno(Installed).
Record Number: 44211
Source Name: Microsoft-Windows-Servicing
Time Written: 20111017013242.000000-000
Event Type: Informace
User:

Computer Name: Pavel-PC
Event Code: 4373
Message: Služba Windows Servicing úspěšně nastavila stav balíčku Package_287_for_KB967723~31bf3856ad364e35~x86~~6.0.1.7() na Nainstalováno(Installed).
Record Number: 44210
Source Name: Microsoft-Windows-Servicing
Time Written: 20111017013242.000000-000
Event Type: Informace
User:

Computer Name: Pavel-PC
Event Code: 4373
Message: Služba Windows Servicing úspěšně nastavila stav balíčku Package_286_for_KB967723~31bf3856ad364e35~x86~~6.0.1.7() na Nainstalováno(Installed).
Record Number: 44209
Source Name: Microsoft-Windows-Servicing
Time Written: 20111017013242.000000-000
Event Type: Informace
User:

Computer Name: Pavel-PC
Event Code: 4373
Message: Služba Windows Servicing úspěšně nastavila stav balíčku Package_285_for_KB967723~31bf3856ad364e35~x86~~6.0.1.7() na Nainstalováno(Installed).
Record Number: 44208
Source Name: Microsoft-Windows-Servicing
Time Written: 20111017013242.000000-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: Pavel-PC
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 977
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20111015032507.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: WIN-298UAPNRFJ0
Event Code: 103
Message: Windows (2780) Windows: Databázový stroj zastavil instanci (0).
Record Number: 976
Source Name: ESENT
Time Written: 20081025064750.000000-000
Event Type: Informace
User:

Computer Name: WIN-298UAPNRFJ0
Event Code: 1013
Message: Služba Windows Search byla řádně zastavena.

Record Number: 975
Source Name: Microsoft-Windows-Search
Time Written: 20081025064749.000000-000
Event Type: Informace
User:

Computer Name: WIN-298UAPNRFJ0
Event Code: 1003
Message: Služba Windows Search byla spuštěna.

Record Number: 974
Source Name: Microsoft-Windows-Search
Time Written: 20081025064743.000000-000
Event Type: Informace
User:

Computer Name: WIN-298UAPNRFJ0
Event Code: 102
Message: Windows (2780) Windows: Databázový stroj (6.00.6001.0000) spustil novou instanci (0).
Record Number: 973
Source Name: ESENT
Time Written: 20081025064739.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: WIN-298UAPNRFJ0
Event Code: 1100
Message: Služba protokolování událostí byla ukončena.
Record Number: 1189
Source Name: Microsoft-Windows-Eventlog
Time Written: 20081025065007.370000-000
Event Type: Úspěch auditu
User:

Computer Name: WIN-298UAPNRFJ0
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1188
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081025064738.575000-000
Event Type: Úspěch auditu
User:

Computer Name: WIN-298UAPNRFJ0
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: WIN-298UAPNRFJ0$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2e4
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 1187
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081025064738.575000-000
Event Type: Úspěch auditu
User:

Computer Name: WIN-298UAPNRFJ0
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: WIN-298UAPNRFJ0$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0x2e4
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 1186
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081025064738.575000-000
Event Type: Úspěch auditu
User:

Computer Name: WIN-298UAPNRFJ0
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-3893860497-2848573276-3783535434-500
Název účtu: Administrator
Název domény: WIN-298UAPNRFJ0
ID přihlášení: 0xbf162
Record Number: 1185
Source Name: Microsoft-Windows-Eventlog
Time Written: 20081025064736.828000-000
Event Type: Úspěch auditu
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"configsetroot"=%SystemRoot%\ConfigSetRoot
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 18 pro 2011 11:07

Zdravim a pekne nedelni dopoledne preji

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Odinstalujte Advanced SystemCare 4 a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

pajin · #4 Příspěvek od **pajin** » 18 pro 2011 14:25

RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Pavel [Admin rights]
Mode: Remove -- Date : 12/18/2011 14:24:41

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] cb5e8c898f21e65430f630a30e516edc
[BSP] 68a9a69bc00139773c4fa2984750dba9 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 [HIDDEN!] Offset (sectors): 63 | Size: 10487 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 20484096 | Size: 185751 Mo
2 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 383279104 | Size: 123832 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

pajin · #5 Příspěvek od **pajin** » 18 pro 2011 14:26

RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Pavel [Admin rights]
Mode: HOSTSFix -- Date : 12/18/2011 14:25:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

pajin · #6 Příspěvek od **pajin** » 18 pro 2011 14:26

RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Pavel [Admin rights]
Mode: ProxyFix -- Date : 12/18/2011 14:26:25

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#7 Příspěvek od **vyosek** » 18 pro 2011 15:30

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jejna plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

pajin · #8 Příspěvek od **pajin** » 18 pro 2011 15:44

Ve 14:48 se to zase seklo jenže tenhle čas tam není.Zde je log

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-18 15:36:51
-----------------------------
15:36:51.124 OS Version: Windows 6.0.6002 Service Pack 2
15:36:51.124 Number of processors: 2 586 0x1706
15:36:51.125 ComputerName: PAVEL-PC UserName: Pavel
15:36:58.764 Initialize success
15:36:58.859 AVAST engine defs: 11121800
15:37:01.793 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:37:01.795 Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3
15:37:03.827 Disk 0 MBR read successfully
15:37:03.830 Disk 0 MBR scan
15:37:03.834 Disk 0 unknown MBR code
15:37:03.851 Disk 0 scanning sectors +625139712
15:37:03.969 Disk 0 scanning C:\Windows\system32\drivers
15:37:21.386 Service scanning
15:37:22.308 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:37:22.889 Modules scanning
15:37:29.724 Disk 0 trace - called modules:
15:37:29.745 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys halmacpi.dll iaStor.sys sptd.sys
15:37:29.749 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e3c628]
15:37:29.755 3 CLASSPNP.SYS[8afa18b3] -> nt!IofCallDriver -> [0x85b65898]
15:37:29.760 5 acpi.sys[8a80f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b9b028]
15:37:30.573 AVAST engine scan C:\Windows
15:37:33.434 AVAST engine scan C:\Windows\system32
15:39:24.299 AVAST engine scan C:\Windows\system32\drivers
15:39:38.299 AVAST engine scan C:\Users\Pavel
15:41:56.400 AVAST engine scan C:\ProgramData
15:42:21.284 Scan finished successfully
15:42:30.363 Disk 0 MBR has been saved successfully to "C:\Users\Pavel\Desktop\MBR.dat"
15:42:30.368 The log file has been saved successfully to "C:\Users\Pavel\Desktop\aswMBR.txt"

#9 Příspěvek od **vyosek** » 18 pro 2011 15:52

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

C:\Users\Pavel\Desktop\MBR.dat
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

pajin · #10 Příspěvek od **pajin** » 18 pro 2011 16:08

http://www.virustotal.com/file-scan/rep ... 1324220359

#11 Příspěvek od **vyosek** » 18 pro 2011 16:09

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

pajin · #12 Příspěvek od **pajin** » 18 pro 2011 17:07

ComboFix 11-12-17.05 - Pavel 18.12.2011 16:40:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1895 [GMT 1:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-18 do 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 13:23 . 2011-12-18 13:26 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-18 13:15 . 2011-12-18 13:50 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{018505EB-E8F6-4BDC-8E59-20309969EC69}\offreg.dll
2011-12-18 07:41 . 2011-12-18 07:41 -------- d-----w- C:\rsit
2011-12-18 07:41 . 2011-12-18 07:41 -------- d-----w- c:\program files\trend micro
2011-12-18 07:10 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-12-17 09:15 . 2011-11-28 17:54 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-12-17 09:14 . 2011-11-28 17:53 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-12-17 09:14 . 2011-11-28 17:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-12-16 16:57 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{018505EB-E8F6-4BDC-8E59-20309969EC69}\mpengine.dll
2011-12-03 22:30 . 2011-12-03 22:30 -------- d-----w- c:\program files\AGEIA Technologies
2011-12-03 22:30 . 2011-12-03 22:30 -------- d-----w- c:\windows\system32\AGEIA
2011-12-03 22:29 . 2011-12-03 22:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-12-03 22:28 . 2011-12-03 22:28 -------- d-----w- c:\program files\Electronic Arts
2011-12-03 10:49 . 2011-12-17 10:54 -------- d-----w- c:\users\Pavel\AppData\Local\Facebook
2011-11-27 08:34 . 2006-02-16 02:14 5033984 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE
2011-11-27 08:34 . 2005-06-29 12:45 4085904 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\wmfdist.exe
2011-11-27 08:34 . 2004-09-15 14:36 245408 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\unicows.dll
2011-11-27 08:34 . 2002-06-08 23:42 41360 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\Tecsetup.exe
2011-11-27 08:34 . 2006-02-16 23:14 373248 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\protect.dll
2011-11-27 08:34 . 2003-03-18 20:14 499712 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\msvcp71.dll
2011-11-27 08:34 . 2003-03-18 19:04 765952 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\msvcp71d.dll
2011-11-27 08:34 . 2003-03-18 19:03 544768 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\msvcr71d.dll
2011-11-27 08:34 . 2003-02-21 04:42 348160 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\msvcr71.dll
2011-11-27 08:34 . 2005-08-09 09:39 372736 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\launcher.exe
2011-11-27 08:34 . 2004-09-15 14:36 806400 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\dbghelp.dll
2011-11-27 08:33 . 2005-02-18 12:15 176128 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\data\scripts\luac.exe
2011-11-27 07:38 . 2011-11-27 07:38 -------- d-----w- c:\users\Pavel\AppData\Local\SKIDROW
2011-11-26 23:10 . 2011-12-18 15:28 -------- d-----w- c:\users\Pavel\AppData\Roaming\ICQ
2011-11-26 23:10 . 2011-12-18 13:44 -------- d-----w- c:\program files\ICQ7.7
2011-11-26 19:17 . 2011-11-26 19:17 -------- d-----w- c:\users\Pavel\AppData\Local\M-Photo_Ltd
2011-11-26 19:16 . 2011-11-26 19:16 -------- d-----w- c:\programdata\M-Photo
2011-11-26 19:16 . 2011-11-27 18:47 -------- d-----w- C:\Kalvos
2011-11-26 19:16 . 2011-11-26 19:16 -------- d-----w- c:\program files\Kalvos
2011-11-26 19:16 . 2011-11-26 19:16 9527937 ----a-w- c:\windows\system32\Kalvos_Kalvos Designer_uninstaller.exe
2011-11-23 18:51 . 1999-09-03 13:58 995383 ----a-w- c:\windows\system32\temp.011
2011-11-23 18:51 . 1999-03-07 21:00 598288 ----a-w- c:\windows\system32\temp.012
2011-11-23 18:51 . 1999-03-07 21:00 164112 ----a-w- c:\windows\system32\temp.013
2011-11-23 18:51 . 1999-10-14 14:22 77878 ----a-w- c:\windows\system32\temp.00D
2011-11-23 18:51 . 1999-02-10 23:33 266293 ----a-w- c:\windows\system32\temp.00F
2011-11-23 18:51 . 1998-08-19 13:24 1124864 ----a-w- c:\windows\system32\WEBPRO32.OCX
2011-11-23 18:51 . 1997-02-12 22:00 326656 ----a-w- c:\windows\system32\temp.00E
2011-11-23 18:51 . 1997-02-12 22:00 253952 ----a-w- c:\windows\system32\temp.010
2011-11-23 18:51 . 1999-10-14 14:22 401462 ----a-w- c:\windows\system32\temp.00C
2011-11-23 18:51 . 1999-10-14 13:58 61440 ----a-w- c:\windows\system32\gdiw.hdi
2011-11-23 18:51 . 1999-07-19 23:00 78336 ----a-w- c:\windows\system32\dbjavio6.dll
2011-11-23 18:51 . 1999-07-19 23:00 77312 ----a-w- c:\windows\system32\dbauth6.dll
2011-11-23 18:50 . 2004-07-30 00:35 31654 ----a-w- c:\windows\system32\Ckldrv.sys
2011-11-23 18:50 . 2004-04-15 22:07 73728 ----a-w- c:\windows\system32\Crypserv.exe
2011-11-23 18:50 . 1999-06-18 21:49 165888 ----a-w- c:\windows\Ckconfig.exe
2011-11-23 18:50 . 1996-05-03 17:21 27648 ----a-r- c:\windows\Setup_ck.exe
2011-11-23 18:50 . 1996-05-03 15:36 18432 ----a-w- c:\windows\Setup_ck.dll
2011-11-23 18:50 . 1995-07-04 18:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2011-11-23 18:50 . 2011-12-18 13:34 -------- d-----w- c:\programdata\ELIT eTECH
2011-11-23 18:50 . 2003-09-11 21:42 16384 ----a-w- c:\windows\system32\FileOps.exe
2011-11-23 18:50 . 2011-11-23 18:50 -------- d-----w- c:\windows\system32\Adobe
2011-11-20 18:49 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-20 18:49 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-20 18:49 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-20 18:49 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-20 18:49 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-20 18:49 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-20 18:49 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-11-20 18:49 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-20 18:48 . 2011-11-20 18:48 -------- d-----w- c:\programdata\AVAST Software
2011-11-20 18:48 . 2011-11-20 18:48 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 13:50 . 2011-10-14 18:32 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-11-20 16:07 . 2011-10-14 18:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 15:54 . 2011-11-09 15:54 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-30 12:05 . 2011-10-15 05:15 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-05 07:07 . 2011-10-14 18:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-10-25 20:38 . 2011-10-14 19:34 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-01-24 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-10-25 3054136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-25 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 135664]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.sys [2007-11-16 54400]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-10-30 436792]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S3 NETwNv32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [2010-07-14 6680064]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 18:44]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-14 18:44]
.
2011-12-18 c:\windows\Tasks\User_Feed_Synchronization-{B8258E05-34E5-4CC3-8932-304D961C9A3F}.job
- c:\windows\system32\msfeedssync.exe [2011-12-16 04:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 212.96.161.6 212.96.160.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\u1sdupan.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://zinkwink.com/?clid=891fa181add34fb3bdfa894358acb448&prt=corsairzwbho&tmp=nemo_results&keywords=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{B4FBA8C3-2083-4ED8-A35B-148478739826} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 17:02
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4468)
c:\windows\system32\btmmhook.dll
.
Celkový čas: 2011-12-18 17:05:08
ComboFix-quarantined-files.txt 2011-12-18 16:05
.
Před spuštěním: Volných bajtů: 98 313 953 280
Po spuštění: Volných bajtů: 98 267 516 928
.
- - End Of File - - EE19B2A61D3C6F3B3DAE4110284171A2

#13 Příspěvek od **vyosek** » 18 pro 2011 19:42

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\users\Pavel\AppData\Local\Facebook

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Driver::
gupdate
gupdatem

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{B8258E05-34E5-4CC3-8932-304D961C9A3F}.job

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1098640
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

Firefox::
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\u1sdupan.default\
FF - prefs.js: keyword.URL - hxxp://zinkwink.com/?clid=891fa181add34 ... &keywords=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

pajin · #14 Příspěvek od **pajin** » 18 pro 2011 21:00

ComboFix 11-12-17.05 - Pavel 18.12.2011 20:45:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1619 [GMT 1:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavel\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\User_Feed_Synchronization-{B8258E05-34E5-4CC3-8932-304D961C9A3F}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pavel\AppData\Local\Facebook
c:\users\Pavel\AppData\Local\Facebook\Video\Common\FacebookVideoCalling
c:\users\Pavel\AppData\Local\Facebook\Video\Common\fb#3aac7hk69ofy5fxrbtudro_kjtp-hkvlfgcas_xfbwwcbkcautxybgt13id0g-qbf9--w\call256.dbb
c:\users\Pavel\AppData\Local\Facebook\Video\Common\fb#3aac7hk69ofy5fxrbtudro_kjtp-hkvlfgcas_xfbwwcbkcautxybgt13id0g-qbf9--w\callmember256.dbb
c:\users\Pavel\AppData\Local\Facebook\Video\Common\fb#3aac7hk69ofy5fxrbtudro_kjtp-hkvlfgcas_xfbwwcbkcautxybgt13id0g-qbf9--w\callmember512.dbb
c:\users\Pavel\AppData\Local\Facebook\Video\Common\fb#3aac7hk69ofy5fxrbtudro_kjtp-hkvlfgcas_xfbwwcbkcautxybgt13id0g-qbf9--w\config.lck
c:\users\Pavel\AppData\Local\Facebook\Video\Common\fb#3aac7hk69ofy5fxrbtudro_kjtp-hkvlfgcas_xfbwwcbkcautxybgt13id0g-qbf9--w\config.xml
c:\users\Pavel\AppData\Local\Facebook\Video\Common\fb#3aac7hk69ofy5fxrbtudro_kjtp-hkvlfgcas_xfbwwcbkcautxybgt13id0g-qbf9--w\contactgroup256.dbb
c:\users\Pavel\AppData\Local\Facebook\Video\Common\fb#3aac7hk69ofy5fxrbtudro_kjtp-hkvlfgcas_xfbwwcbkcautxybgt13id0g-qbf9--w\index2.dat
c:\users\Pavel\AppData\Local\Facebook\Video\Common\fb#3aac7hk69ofy5fxrbtudro_kjtp-hkvlfgcas_xfbwwcbkcautxybgt13id0g-qbf9--w\main.lock
c:\users\Pavel\AppData\Local\Facebook\Video\Common\fb#3aac7hk69ofy5fxrbtudro_kjtp-hkvlfgcas_xfbwwcbkcautxybgt13id0g-qbf9--w\profile256.dbb
c:\users\Pavel\AppData\Local\Facebook\Video\Common\shared.lck
c:\users\Pavel\AppData\Local\Facebook\Video\Common\shared.xml
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{B8258E05-34E5-4CC3-8932-304D961C9A3F}.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-18 do 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 19:51 . 2011-12-18 19:51 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{018505EB-E8F6-4BDC-8E59-20309969EC69}\offreg.dll
2011-12-18 19:50 . 2011-12-18 19:56 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2011-12-18 13:23 . 2011-12-18 13:26 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-18 07:41 . 2011-12-18 07:41 -------- d-----w- C:\rsit
2011-12-18 07:41 . 2011-12-18 07:41 -------- d-----w- c:\program files\trend micro
2011-12-18 07:10 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-12-17 09:15 . 2011-11-28 17:54 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-12-17 09:14 . 2011-11-28 17:53 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-12-17 09:14 . 2011-11-28 17:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-12-16 16:57 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{018505EB-E8F6-4BDC-8E59-20309969EC69}\mpengine.dll
2011-12-03 22:30 . 2011-12-03 22:30 -------- d-----w- c:\program files\AGEIA Technologies
2011-12-03 22:30 . 2011-12-03 22:30 -------- d-----w- c:\windows\system32\AGEIA
2011-12-03 22:29 . 2011-12-03 22:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-12-03 22:28 . 2011-12-03 22:28 -------- d-----w- c:\program files\Electronic Arts
2011-11-27 08:34 . 2006-02-16 02:14 5033984 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE
2011-11-27 08:34 . 2005-06-29 12:45 4085904 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\wmfdist.exe
2011-11-27 08:34 . 2004-09-15 14:36 245408 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\unicows.dll
2011-11-27 08:34 . 2002-06-08 23:42 41360 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\Tecsetup.exe
2011-11-27 08:34 . 2006-02-16 23:14 373248 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\protect.dll
2011-11-27 08:34 . 2003-03-18 20:14 499712 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\msvcp71.dll
2011-11-27 08:34 . 2003-03-18 19:04 765952 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\msvcp71d.dll
2011-11-27 08:34 . 2003-03-18 19:03 544768 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\msvcr71d.dll
2011-11-27 08:34 . 2003-02-21 04:42 348160 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\msvcr71.dll
2011-11-27 08:34 . 2005-08-09 09:39 372736 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\launcher.exe
2011-11-27 08:34 . 2004-09-15 14:36 806400 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\dbghelp.dll
2011-11-27 08:33 . 2005-02-18 12:15 176128 ----a-w- c:\program files\Mozilla Firefox\Worms 4 Mayhem\data\scripts\luac.exe
2011-11-27 07:38 . 2011-11-27 07:38 -------- d-----w- c:\users\Pavel\AppData\Local\SKIDROW
2011-11-26 23:10 . 2011-12-18 16:12 -------- d-----w- c:\users\Pavel\AppData\Roaming\ICQ
2011-11-26 23:10 . 2011-12-18 13:44 -------- d-----w- c:\program files\ICQ7.7
2011-11-26 19:17 . 2011-11-26 19:17 -------- d-----w- c:\users\Pavel\AppData\Local\M-Photo_Ltd
2011-11-26 19:16 . 2011-11-26 19:16 -------- d-----w- c:\programdata\M-Photo
2011-11-26 19:16 . 2011-11-27 18:47 -------- d-----w- C:\Kalvos
2011-11-26 19:16 . 2011-11-26 19:16 -------- d-----w- c:\program files\Kalvos
2011-11-26 19:16 . 2011-11-26 19:16 9527937 ----a-w- c:\windows\system32\Kalvos_Kalvos Designer_uninstaller.exe
2011-11-23 18:51 . 1999-09-03 13:58 995383 ----a-w- c:\windows\system32\temp.011
2011-11-23 18:51 . 1999-03-07 21:00 598288 ----a-w- c:\windows\system32\temp.012
2011-11-23 18:51 . 1999-03-07 21:00 164112 ----a-w- c:\windows\system32\temp.013
2011-11-23 18:51 . 1999-10-14 14:22 77878 ----a-w- c:\windows\system32\temp.00D
2011-11-23 18:51 . 1999-02-10 23:33 266293 ----a-w- c:\windows\system32\temp.00F
2011-11-23 18:51 . 1998-08-19 13:24 1124864 ----a-w- c:\windows\system32\WEBPRO32.OCX
2011-11-23 18:51 . 1997-02-12 22:00 326656 ----a-w- c:\windows\system32\temp.00E
2011-11-23 18:51 . 1997-02-12 22:00 253952 ----a-w- c:\windows\system32\temp.010
2011-11-23 18:51 . 1999-10-14 14:22 401462 ----a-w- c:\windows\system32\temp.00C
2011-11-23 18:51 . 1999-10-14 13:58 61440 ----a-w- c:\windows\system32\gdiw.hdi
2011-11-23 18:51 . 1999-07-19 23:00 78336 ----a-w- c:\windows\system32\dbjavio6.dll
2011-11-23 18:51 . 1999-07-19 23:00 77312 ----a-w- c:\windows\system32\dbauth6.dll
2011-11-23 18:50 . 2004-07-30 00:35 31654 ----a-w- c:\windows\system32\Ckldrv.sys
2011-11-23 18:50 . 2004-04-15 22:07 73728 ----a-w- c:\windows\system32\Crypserv.exe
2011-11-23 18:50 . 1999-06-18 21:49 165888 ----a-w- c:\windows\Ckconfig.exe
2011-11-23 18:50 . 1996-05-03 17:21 27648 ----a-r- c:\windows\Setup_ck.exe
2011-11-23 18:50 . 1996-05-03 15:36 18432 ----a-w- c:\windows\Setup_ck.dll
2011-11-23 18:50 . 1995-07-04 18:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2011-11-23 18:50 . 2011-12-18 13:34 -------- d-----w- c:\programdata\ELIT eTECH
2011-11-23 18:50 . 2003-09-11 21:42 16384 ----a-w- c:\windows\system32\FileOps.exe
2011-11-23 18:50 . 2011-11-23 18:50 -------- d-----w- c:\windows\system32\Adobe
2011-11-20 18:49 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-20 18:49 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-20 18:49 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-20 18:49 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-20 18:49 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-20 18:49 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-20 18:49 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-11-20 18:49 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-20 18:48 . 2011-11-20 18:48 -------- d-----w- c:\programdata\AVAST Software
2011-11-20 18:48 . 2011-11-20 18:48 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 19:52 . 2011-10-14 18:32 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-11-20 16:07 . 2011-10-14 18:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 15:54 . 2011-11-09 15:54 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-30 12:05 . 2011-10-15 05:15 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-05 07:07 . 2011-10-14 18:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-10-25 20:38 . 2011-10-14 19:34 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-01-24 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-10-25 3054136]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-25 30192]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.sys [2007-11-16 54400]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-10-30 436792]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
S3 NETwNv32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [2010-07-14 6680064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-18 c:\windows\Tasks\User_Feed_Synchronization-{B8258E05-34E5-4CC3-8932-304D961C9A3F}.job
- c:\windows\system32\msfeedssync.exe [2011-12-16 04:44]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 212.96.161.6 212.96.160.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\u1sdupan.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 20:53
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4464)
c:\windows\system32\btmmhook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\crypserv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Celkový čas: 2011-12-18 20:58:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-18 19:58
ComboFix2.txt 2011-12-18 16:05
.
Před spuštěním: Volných bajtů: 94 475 055 104
Po spuštění: Volných bajtů: 94 050 824 192
.
- - End Of File - - 9F70352B32EC9D0DA1E687B5767BECD7

pajin · #15 Příspěvek od **pajin** » 18 pro 2011 21:08

Hned po vložení logu sem pc okamžite zamrzl a nešlo nic dělat

VIRY.CZ

Prosím o kontrolu logu Děkuji

Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji

Re: Prosím o kontrolu logu Děkuji