Prosím o kontrolu logu

Zpráva

Vojta.ov · #1 Příspěvek od **Vojta.ov** » 08 bře 2013 21:39

Ahoj,

prosím o kontrolu logu. Zlobí mě nějaké virus.

[quote
======Uninstall list======

-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
-->MsiExec /X{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}
64 Bit HP CIO Components Installer-->MsiExec.exe /I{C788B026-20BD-4E96-B698-533F1D6C5013}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{B7B3E9B3-FB14-4927-894B-E9124509AF5A}
Adobe Reader XI (11.0.02) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Aktualizace NVIDIA 1.11.3-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{77E41ECA-AEDD-4C0B-B93D-7AEF76EFA902}\NVI2.DLL",UninstallPackage Display.Update
ASUS Xonar DG Audio Driver-->C:\Windows\System32\cmeauoxy.exe /rm /ppcioxygen
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{7F9EE107-FB63-4790-8B1B-023B2D69AAAE}" "1029" "0"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Customer Participation Program 14.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 14.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7-->C:\Program Files (x86)\HP\Digital Imaging\{81830FEF-866C-4DC0-9435-B6287B1EDD8A}\setup\hpzscr40.exe -datfile hposcr51.dat -onestop -forcereboot
HP Smart Web Printing 4.60-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 14.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
Java 7 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217013FF}
LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {8B531332-0D5D-4B3B-A22C-8330DEA695A7} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{8B531332-0D5D-4B3B-A22C-8330DEA695A7}
LogMeIn-->MsiExec.exe /I{36E0F777-19FE-4454-BB2D-84206758EA85}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-1000-0000000FF1CE}" "{AEC2C00D-1E7E-45E3-9058-81EA2446B3CD}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-1000-0000000FF1CE}" "{70A3169E-288F-454F-A08D-20DF66639B50}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-1000-0000000FF1CE}" "{0242505C-4E90-407F-9299-B5B275F50D86}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041B-1000-0000000FF1CE}" "{4B806706-B352-42E8-8C8B-5CEBCEDBC4E0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0405-1000-0000000FF1CE}" "{715203B3-AD16-41A4-B13C-E1065EAB8963}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0405-1000-0000000FF1CE}" "{15D45352-C443-406A-9DF2-EF4A750A40CF}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-1000-0000000FF1CE}" "{4B8654FE-410D-462C-9B3C-09D031BF4534}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0405-1000-0000000FF1CE}" "{9F412D54-AC04-46F9-AFE7-FE15DC0147A0}" "1029" "0"
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-1000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-1000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-1000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-1000-0000000FF1CE}
Microsoft Office Office 32-bit Components 2010-->MsiExec.exe /X{90140000-0043-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-1000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-1000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-1000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-1000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-1000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-1000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-1000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-1000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (Czech) 2010-->MsiExec.exe /X{90140000-0043-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-1000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-1000-0000000FF1CE}
Microsoft Security Client-->MsiExec.exe /X{D954C6C2-544B-4091-A47F-11E77162883E}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA Ovladače grafiky 310.90-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{77E41ECA-AEDD-4C0B-B93D-7AEF76EFA902}\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /I{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}
NVIDIA Systémový software PhysX 9.12.1031-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{77E41ECA-AEDD-4C0B-B93D-7AEF76EFA902}\NVI2.DLL",UninstallPackage Display.PhysX
OpenAL-->"C:\Program Files (x86)\OpenAL\openalweax.exe" /U
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\Setup.exe" -runfromtemp -l0x0405 -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{D2EC0616-5207-48E4-8AC2-478F107EF383}" "1029" "0"
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{CE5FC4A7-94EC-40C7-B292-673DBA671209}" "1029" "0"
Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{5131017A-63D7-4B4D-9A15-C704C91177B2}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{527AC538-7A51-40A5-89D7-5C1FEBBEA4C3}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{C4BF81CC-3786-4CE4-9D9F-DD393678B9EC}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{0F6C4F72-6084-437B-9B35-F59B09E3C1B0}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{7C04E5C7-C747-43DE-B648-09B97811D93E}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{297E6E47-5F6E-4DD8-B880-75944B5C1C7C}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{2B4B504B-6620-4FFD-94CB-3D640AB3FCD2}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{19B568F6-93AF-4C11-A085-7277ADEF8F04}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{19B568F6-93AF-4C11-A085-7277ADEF8F04}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{9DAE52D2-834F-4743-ABF7-DEBAB9A932E5}" "1029" "0"
Security Update for Microsoft Visio 2010 (KB2687508) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{89993390-4A0D-4351-91E0-B43E20F5617D}" "1029" "0"
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{36B568AE-78F1-45EF-A7BF-EF0419904A21}" "1029" "0"
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{000B67CC-2C25-46AA-8D02-752BB0DD6D86}" "1029" "0"
Shop for HP Supplies-->C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 6.2-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Trillian-->C:\Program Files (x86)\Trillian\Trillian.exe /uninstall
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{57CEB66B-DD29-4883-92A2-671331657B52}" "1029" "0"
Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1029" "0"
Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0405-1000-0000000FF1CE}" "{E636FE63-842B-4F4B-9884-DA189ACC0B91}" "1029" "0"
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}" "1029" "0"
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{E24F10E6-7D9B-4E3A-B6CF-4C3257A382CD}" "1029" "0"
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{3E381AC3-30C3-41D7-9B27-B3F3E17BDCB8}" "1029" "0"
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-1000-0000000FF1CE}" "{AA6D5594-6D8A-4E53-A929-33E8FA9AA4C4}" "1029" "0"
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{CABC3FE9-02BD-47C8-8576-EA3E8BB1BE1A}" "1029" "0"
Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}" "1029" "0"
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-1000-0000000FF1CE}" "{2B00A738-659A-4E52-9391-D334FA0E64CB}" "1029" "0"
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-1000-0000000FF1CE}" "{2D507B6C-B472-447F-B61F-8EF54D9893A5}" "1029" "0"
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-1000-0000000FF1CE}" "{A8EC00BF-EDF5-46F0-B466-C4312722D8F3}" "1029" "0"
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{7750DF63-F5DC-4198-8B8B-AE03B212F462}" "1029" "0"
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{7750DF63-F5DC-4198-8B8B-AE03B212F462}" "1029" "0"
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{B6AD7E27-012A-4B63-82BA-AF62893E5435}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-1000-0000000FF1CE}" "{58C6A6DF-1367-4D06-A002-5498B4182EEB}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{A3E1581D-1628-43DB-98B6-84ACE7E74AAD}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{A3E1581D-1628-43DB-98B6-84ACE7E74AAD}" "1029" "0"
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{0977F620-BD31-41EC-B18C-31E341D5935E}" "1029" "0"
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-1000-0000000FF1CE}" "{C0BDCFB8-AD84-46A9-8F49-60A7A5EDFF93}" "1029" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{7861C766-2AA2-4A50-AB75-A57D451CEA76}" "1029" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-1000-0000000FF1CE}" "{37389B1A-BDF2-49D7-AF0D-B6B793863502}" "1029" "0"
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{AF61D314-0E39-485E-A603-2B2F03AB7376}" "1029" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{E1757044-ECB2-4551-B1D5-5E39F7E109CE}" "1029" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{E1757044-ECB2-4551-B1D5-5E39F7E109CE}" "1029" "0"
VLC media player 2.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vypínač na dobrou noc verze 2.0-->"C:\Program Files (x86)\Vypínač na dobrou noc\unins000.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}
WinRAR 4.20 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20101121035831.093172-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Diagnostic Policy Service byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20101121035831.093172-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 3
Source Name: EventLog
Time Written: 20130216094950.000000-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 6009
Message: Microsoft (R) Windows (R) 6.01. 7601 Service Pack 1 Multiprocessor Free.
Record Number: 2
Source Name: EventLog
Time Written: 20130216094950.000000-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 6011
Message: Název tohoto počítače v systémech DNS a NetBIOS byl změněn z 37L4247F27-25 na WIN-R27MDE2HGAO.
Record Number: 1
Source Name: EventLog
Time Written: 20130216094950.000000-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: Vojta-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 17885905
Source Name: NVIDIA OpenGL Driver
Time Written: 20130308103200.000000-000
Event Type: Upozornění
User:

Computer Name: Vojta-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 17885904
Source Name: NVIDIA OpenGL Driver
Time Written: 20130308103200.000000-000
Event Type: Upozornění
User:

Computer Name: Vojta-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 17885903
Source Name: NVIDIA OpenGL Driver
Time Written: 20130308103200.000000-000
Event Type: Upozornění
User:

Computer Name: Vojta-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 17885902
Source Name: NVIDIA OpenGL Driver
Time Written: 20130308103200.000000-000
Event Type: Upozornění
User:

Computer Name: Vojta-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 17885901
Source Name: NVIDIA OpenGL Driver
Time Written: 20130308103200.000000-000
Event Type: Upozornění
User:

=====Security event log=====

Computer Name: 37L4247F27-25
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247F27-25$
Doména účtu: WORKGROUP][/quote]

Vojta.ov · #2 Příspěvek od **Vojta.ov** » 08 bře 2013 21:40

ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130216094939.453650-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247F27-25$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130216094939.453650-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x31cb7
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130216094939.250850-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130216094938.080848-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130216094938.049648-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 08 bře 2013 21:42

Zdravim

Dejte mi sem log.txt, najdete jej v c:\rsit

Vojta.ov · #4 Příspěvek od **Vojta.ov** » 08 bře 2013 21:45

Run by Vojta at 2013-03-08 21:27:34
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 678 GB (71%) free of 954 GB
Total RAM: 8175 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:27:37, on 8.3.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Vojta\S-80-5849-4992-4820\winmgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Vojta.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Microsoft Windows Manager] C:\Users\Vojta\S-80-5849-4992-4820\winmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1419714345-1344723861-1238604088-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1419714345-1344723861-1238604088-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1419714345-1344723861-1238604088-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1419714345-1344723861-1238604088-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LogMeInRemoteUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10457 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\SysWOW64\srvany.exe
C:\Windows\Explorer.EXE
C:\Windows\KMService.exe
\??\C:\Windows\system32\conhost.exe "-843098998-8985027421370836565-1127674613-1173847283-632613892-10422263771824527660
"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe"
"C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe"
"C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"C:\Windows\SysWOW64\HsMgr.exe" Envoke
"C:\Windows\system\HsMgr64.exe" Envoke
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE"
WLIDSvcM.exe 2876
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Users\Vojta\S-80-5849-4992-4820\winmgr.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" ra_rc 3604534 1 1 893359492100 0 0 0 142894486 0 15 32 0 0 2280 1 0 0 0 0
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files\CCleaner\CCleaner64.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4564.0.1063938335\1980296070" --supports-dual-gpus=false --gpu-vendor-id=0x10de --gpu-device-id=0x0e22 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1090 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2013Q1/16/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/SideloadWipeout/Enabled/SpdyCwnd/cwndDynamic/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_82/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="4564.3.844070770\1123835571" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4564.4.229363746\1304821214" --lang=cs --ignored=" --type=renderer " /prefetch:13
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Vojta\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-16 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-16 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]
"LogMeIn GUI"=C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2012-11-29 57928]
"Cmaudio8788"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
"Cmaudio8788GX"=C:\Windows\syswow64\HsMgr.exe [2008-07-11 200704]
"Cmaudio8788GX64"=C:\Windows\system\HsMgr64.exe [2008-07-11 282112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Manager"=C:\Users\Vojta\S-80-5849-4992-4820\winmgr.exe [2013-03-08 662394]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2012-12-09 336992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2009-11-18 54576]
""= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-14 2255360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Vojta\S-80-5849-4992-4820\winmgr.exe"="C:\Users\Vojta\S-80-5849-4992-4820\winmgr.exe:*:Enabled:Microsoft Windows Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehshell.exe]
"Debugger=""C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-03-08 21:27:34 ----D---- C:\rsit
2013-03-08 21:27:34 ----D---- C:\Program Files\trend micro
2013-03-08 21:24:21 ----D---- C:\Program Files\CCleaner
2013-03-08 17:40:52 ----AH---- C:\Users\Vojta\AppData\Roaming\winsvcns.sys
2013-03-03 12:53:22 ----D---- C:\Users\Vojta\AppData\Roaming\.minecraft
2013-03-01 20:52:21 ----D---- C:\Fraps
2013-02-27 22:18:57 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2013-02-27 22:18:57 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2013-02-27 22:18:57 ----A---- C:\Windows\system32\UIAnimation.dll
2013-02-27 22:18:57 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2013-02-27 22:18:55 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2013-02-27 22:18:55 ----A---- C:\Windows\system32\WMPhoto.dll
2013-02-27 22:18:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 22:18:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 22:18:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 22:18:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 22:18:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 22:18:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 22:18:54 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 22:18:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 22:18:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 22:18:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 22:18:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 22:18:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 22:18:53 ----AH---- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 22:18:53 ----AH---- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 22:18:53 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 22:18:53 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 22:18:53 ----AH---- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 22:18:53 ----AH---- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 22:18:53 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2013-02-27 22:18:53 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2013-02-27 22:18:53 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2013-02-27 22:18:53 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2013-02-27 22:18:53 ----A---- C:\Windows\system32\d3d10warp.dll
2013-02-27 22:18:53 ----A---- C:\Windows\system32\d3d10_1.dll
2013-02-27 22:18:52 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2013-02-27 22:18:52 ----A---- C:\Windows\SYSWOW64\dxgi.dll
2013-02-27 22:18:52 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2013-02-27 22:18:52 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2013-02-27 22:18:52 ----A---- C:\Windows\SYSWOW64\d3d10core.dll
2013-02-27 22:18:52 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2013-02-27 22:18:52 ----A---- C:\Windows\SYSWOW64\d3d10.dll
2013-02-27 22:18:52 ----A---- C:\Windows\system32\XpsPrint.dll
2013-02-27 22:18:52 ----A---- C:\Windows\system32\dxgi.dll
2013-02-27 22:18:52 ----A---- C:\Windows\system32\d3d11.dll
2013-02-27 22:18:52 ----A---- C:\Windows\system32\d3d10level9.dll
2013-02-27 22:18:52 ----A---- C:\Windows\system32\d3d10core.dll
2013-02-27 22:18:52 ----A---- C:\Windows\system32\d3d10_1core.dll
2013-02-27 22:18:52 ----A---- C:\Windows\system32\d3d10.dll
2013-02-27 22:18:51 ----A---- C:\Windows\SYSWOW64\WindowsCodecsExt.dll
2013-02-27 22:18:51 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-02-27 22:18:51 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2013-02-27 22:18:51 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2013-02-27 22:18:51 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2013-02-27 22:18:51 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-02-27 22:18:51 ----A---- C:\Windows\system32\FntCache.dll
2013-02-27 22:18:51 ----A---- C:\Windows\system32\DWrite.dll
2013-02-27 22:18:51 ----A---- C:\Windows\system32\d2d1.dll
2013-02-24 11:04:53 ----D---- C:\Users\Vojta\AppData\Roaming\.techniclauncher
2013-02-17 20:33:57 ----D---- C:\Users\Vojta\AppData\Roaming\PowerISO
2013-02-16 23:34:36 ----D---- C:\Program Files (x86)\Vypínač na dobrou noc
2013-02-16 21:45:22 ----D---- C:\Program Files\Microsoft Games
2013-02-16 20:56:15 ----D---- C:\Users\Vojta\AppData\Roaming\TS3Client
2013-02-16 20:55:50 ----D---- C:\Program Files\TeamSpeak 3 Client
2013-02-16 20:03:28 ----D---- C:\ProgramData\Blizzard Entertainment
2013-02-16 20:03:08 ----D---- C:\ProgramData\Battle.net
2013-02-16 19:06:08 ----D---- C:\Users\Vojta\AppData\Roaming\vlc
2013-02-16 14:49:13 ----D---- C:\Users\Vojta\AppData\Roaming\NVIDIA
2013-02-16 14:47:20 ----D---- C:\Windows\pss
2013-02-16 14:37:30 ----D---- C:\Program Files (x86)\MSXML 4.0
2013-02-16 14:35:44 ----D---- C:\Users\Vojta\AppData\Roaming\ASUS
2013-02-16 14:35:42 ----D---- C:\Program Files (x86)\OpenAL
2013-02-16 14:35:42 ----A---- C:\Windows\SYSWOW64\wrap_oal.dll
2013-02-16 14:35:42 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2013-02-16 14:35:42 ----A---- C:\Windows\system32\wrap_oal.dll
2013-02-16 14:35:42 ----A---- C:\Windows\system32\OpenAL32.dll
2013-02-16 14:34:34 ----N---- C:\Windows\SYSWOW64\cmasiop.ini
2013-02-16 14:34:34 ----N---- C:\Windows\SYSWOW64\cmasiop.dll
2013-02-16 14:34:34 ----N---- C:\Windows\system32\cmasiopx.ini
2013-02-16 14:34:34 ----N---- C:\Windows\system32\cmasiopx.dll
2013-02-16 14:34:32 ----N---- C:\Windows\SYSWOW64\Cm_Oal.dll
2013-02-16 14:34:32 ----N---- C:\Windows\system32\Cm_Oal.dll
2013-02-16 14:34:31 ----N---- C:\Windows\SYSWOW64\HsSrv2.dll
2013-02-16 14:34:31 ----N---- C:\Windows\SYSWOW64\HsSrv.dll
2013-02-16 14:34:31 ----N---- C:\Windows\SYSWOW64\HsMgr.exe
2013-02-16 14:34:31 ----N---- C:\Windows\SYSWOW64\Cmpaoxy.dll
2013-02-16 14:34:30 ----N---- C:\Windows\SYSWOW64\VmixP8.dll
2013-02-16 14:34:30 ----N---- C:\Windows\SYSWOW64\CmiCnfgp.dll
2013-02-16 14:34:06 ----N---- C:\Windows\system32\Cmeauoxy.exe
2013-02-16 14:34:06 ----D---- C:\Program Files\ASUS Xonar DG Audio
2013-02-16 14:31:06 ----D---- C:\Program Files (x86)\VideoLAN
2013-02-16 14:30:41 ----D---- C:\Windows\Sun
2013-02-16 14:27:45 ----A---- C:\Windows\system32\LMIRfsClientNP.dll
2013-02-16 14:27:45 ----A---- C:\Windows\system32\LMIport.dll
2013-02-16 14:27:45 ----A---- C:\Windows\system32\drivers\LMIRfsDriver.sys
2013-02-16 14:27:42 ----A---- C:\Windows\system32\LMIinit.dll
2013-02-16 14:27:39 ----D---- C:\ProgramData\LogMeIn
2013-02-16 14:27:29 ----D---- C:\Program Files (x86)\LogMeIn
2013-02-16 14:21:13 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2013-02-16 14:16:25 ----D---- C:\Program Files (x86)\Adobe
2013-02-16 14:08:59 ----A---- C:\Windows\SYSWOW64\srvany.exe
2013-02-16 14:08:59 ----A---- C:\Windows\KMService.exe
2013-02-16 13:44:15 ----D---- C:\Program Files\Common Files\DESIGNER
2013-02-16 13:43:51 ----D---- C:\Program Files\Microsoft Synchronization Services
2013-02-16 13:43:39 ----D---- C:\Windows\PCHEALTH
2013-02-16 13:43:39 ----D---- C:\Program Files\Microsoft Sync Framework
2013-02-16 13:43:39 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2013-02-16 13:42:33 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-02-16 13:41:39 ----D---- C:\Program Files\Microsoft Analysis Services
2013-02-16 13:41:39 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2013-02-16 13:41:26 ----D---- C:\Program Files (x86)\Microsoft Office
2013-02-16 13:41:23 ----D---- C:\ProgramData\Microsoft Help
2013-02-16 13:41:23 ----D---- C:\Program Files\Microsoft Office
2013-02-16 13:41:13 ----RHD---- C:\MSOCache
2013-02-16 13:35:32 ----D---- C:\ProgramData\WEBREG
2013-02-16 13:35:23 ----D---- C:\Users\Vojta\AppData\Roaming\HP
2013-02-16 13:34:35 ----D---- C:\Program Files (x86)\Microsoft
2013-02-16 13:34:26 ----D---- C:\Program Files (x86)\MSN Toolbar Installer
2013-02-16 13:34:23 ----D---- C:\Users\Vojta\AppData\Roaming\HpUpdate
2013-02-16 13:33:45 ----D---- C:\ProgramData\HP Product Assistant
2013-02-16 13:33:25 ----D---- C:\Windows\SYSWOW64\Macromed
2013-02-16 13:32:20 ----A---- C:\Windows\system32\hpf3l101.dll
2013-02-16 13:28:56 ----A---- C:\Windows\system32\hpzids40.dll
2013-02-16 13:28:55 ----A---- C:\Windows\system32\hposwia_p04h.dll
2013-02-16 13:28:55 ----A---- C:\Windows\system32\hpost_p04h.dll
2013-02-16 13:28:55 ----A---- C:\Windows\system32\hposc_p04a.dll
2013-02-16 13:26:02 ----N---- C:\Windows\hpomdl51.dat
2013-02-16 13:26:02 ----A---- C:\Windows\hpoins51.dat
2013-02-16 13:02:10 ----HD---- C:\Config.Msi
2013-02-16 13:02:08 ----D---- C:\Program Files (x86)\HP
2013-02-16 13:01:40 ----D---- C:\ProgramData\HP
2013-02-16 13:01:07 ----D---- C:\Windows\system32\appmgmt
2013-02-16 12:56:55 ----D---- C:\Users\Vojta\AppData\Roaming\Macromedia
2013-02-16 12:56:31 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-02-16 12:48:30 ----D---- C:\Users\Vojta\AppData\Roaming\Adobe
2013-02-16 12:47:39 ----N---- C:\Windows\system32\CmiInstallResAll64.dll
2013-02-16 12:47:39 ----N---- C:\Windows\cmudaxp.ini
2013-02-16 12:47:39 ----A---- C:\Windows\difxapi.dll
2013-02-16 12:47:35 ----A---- C:\Windows\SYSWOW64\CmiFltr.dll
2013-02-16 12:47:35 ----A---- C:\Windows\system32\drivers\cmudaxp.sys
2013-02-16 12:47:35 ----A---- C:\Windows\system32\cmudaxp.dll
2013-02-16 12:45:37 ----D---- C:\ProgramData\Adobe
2013-02-16 12:43:33 ----D---- C:\Program Files (x86)\PowerISO
2013-02-16 12:43:33 ----A---- C:\Windows\system32\drivers\scdemu.sys
2013-02-16 12:06:11 ----D---- C:\Program Files\Microsoft Silverlight
2013-02-16 12:06:11 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-02-16 12:03:47 ----D---- C:\Users\Vojta\AppData\Roaming\Skype
2013-02-16 12:03:39 ----RD---- C:\Program Files (x86)\Skype
2013-02-16 12:01:12 ----D---- C:\ProgramData\Skype
2013-02-16 12:01:10 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2013-02-16 12:01:10 ----A---- C:\Windows\system32\drivers\usbport.sys
2013-02-16 12:01:10 ----A---- C:\Windows\system32\drivers\usbohci.sys
2013-02-16 12:01:10 ----A---- C:\Windows\system32\drivers\usbhub.sys
2013-02-16 12:01:10 ----A---- C:\Windows\system32\drivers\usbehci.sys
2013-02-16 12:01:10 ----A---- C:\Windows\system32\drivers\usbd.sys
2013-02-16 12:01:10 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2013-02-16 12:01:04 ----A---- C:\Windows\system32\esent.dll
2013-02-16 12:01:00 ----A---- C:\Windows\SYSWOW64\esent.dll
2013-02-16 12:01:00 ----A---- C:\Windows\system32\fsutil.exe
2013-02-16 12:01:00 ----A---- C:\Windows\system32\drivers\amdxata.sys
2013-02-16 12:00:59 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2013-02-16 12:00:59 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2013-02-16 12:00:59 ----A---- C:\Windows\system32\drivers\storport.sys
2013-02-16 12:00:59 ----A---- C:\Windows\system32\drivers\nvstor.sys
2013-02-16 12:00:59 ----A---- C:\Windows\system32\drivers\nvraid.sys
2013-02-16 12:00:59 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2013-02-16 12:00:59 ----A---- C:\Windows\system32\drivers\amdsata.sys
2013-02-16 11:59:09 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-02-16 11:52:20 ----D---- C:\Windows\SYSWOW64\Wat
2013-02-16 11:52:20 ----D---- C:\Windows\system32\Wat
2013-02-16 11:45:49 ----D---- C:\Users\Vojta\AppData\Roaming\WinRAR
2013-02-16 11:45:46 ----D---- C:\Program Files\WinRAR
2013-02-16 11:41:05 ----A---- C:\Windows\system32\MRT.exe
2013-02-16 11:40:27 ----D---- C:\Program Files (x86)\Microsoft Security Client
2013-02-16 11:40:25 ----D---- C:\Program Files\Microsoft Security Client
2013-02-16 11:39:08 ----A---- C:\Windows\system32\Wdfres.dll
2013-02-16 11:39:08 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2013-02-16 11:39:08 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-02-16 11:38:05 ----D---- C:\Users\Vojta\AppData\Roaming\uTorrent
2013-02-16 11:37:15 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2013-02-16 11:37:15 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2013-02-16 11:37:15 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll
2013-02-16 11:37:15 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2013-02-16 11:37:15 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2013-02-16 11:37:15 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2013-02-16 11:37:15 ----A---- C:\Windows\system32\wksprtPS.dll
2013-02-16 11:37:15 ----A---- C:\Windows\system32\wksprt.exe
2013-02-16 11:37:15 ----A---- C:\Windows\system32\TSWbPrxy.exe
2013-02-16 11:37:15 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-02-16 11:37:15 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-02-16 11:37:15 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-02-16 11:37:15 ----A---- C:\Windows\system32\tsgqec.dll
2013-02-16 11:37:15 ----A---- C:\Windows\system32\rdpudd.dll
2013-02-16 11:37:15 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-02-16 11:37:15 ----A---- C:\Windows\system32\rdpendp_winip.dll
2013-02-16 11:37:15 ----A---- C:\Windows\system32\mstsc.exe
2013-02-16 11:37:15 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2013-02-16 11:37:15 ----A---- C:\Windows\system32\drivers\TsUsbGD.sys
2013-02-16 11:37:15 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2013-02-16 11:37:15 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2013-02-16 11:37:15 ----A---- C:\Windows\system32\aaclient.dll
2013-02-16 11:37:14 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2013-02-16 11:37:14 ----A---- C:\Windows\system32\rdpcorets.dll
2013-02-16 11:37:14 ----A---- C:\Windows\system32\mstscax.dll
2013-02-16 11:34:36 ----A---- C:\Windows\system32\browserchoice.exe
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\wextract.exe
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\url.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\occache.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\msrating.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\msls31.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\mshta.exe
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\inseng.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\icardie.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2013-02-16 11:33:37 ----A---- C:\Windows\SYSWOW64\admparse.dll
2013-02-16 11:33:37 ----A---- C:\Windows\system32\wininet.dll
2013-02-16 11:33:37 ----A---- C:\Windows\system32\wextract.exe
2013-02-16 11:33:37 ----A---- C:\Windows\system32\webcheck.dll
2013-02-16 11:33:37 ----A---- C:\Windows\system32\vbscript.dll
2013-02-16 11:33:37 ----A---- C:\Windows\system32\urlmon.dll

#5 Příspěvek od **vyosek** » 08 bře 2013 21:51

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Vojta.ov · #6 Příspěvek od **Vojta.ov** » 09 bře 2013 10:49

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/09/2013 10:40:09 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\srvany.exe (PID: 1992) [WD-HEUR]
* C:\Windows\KMService.exe (PID: 1836) [WD-HEUR]
* C:\Windows\SysWOW64\HsMgr.exe (PID: 2392) [WD-HEUR]
* C:\Windows\system\HsMgr64.exe (PID: 2428) [WD-HEUR]
* C:\Users\Vojta\S-80-5849-4992-4820\winmgr.exe (PID: 3068) [UP-HEUR]

5 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Vojta\Desktop\rkill\rkill-03-09-2013-10-40-13.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/09/2013 10:40:16 AM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)

Vojta.ov · #7 Příspěvek od **Vojta.ov** » 09 bře 2013 10:49

ComboFix 13-03-07.03 - Vojta 09.03.2013 10:45:25.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8175.6235 [GMT 1:00]
Spuštěný z: c:\users\Vojta\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-09 do 2013-03-09 )))))))))))))))))))))))))))))))
.
.
2013-03-09 09:47 . 2013-03-09 09:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-09 09:35 . 2013-03-09 09:35 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{344CBAFB-EC5E-46F8-9454-C34D831DE6B8}\offreg.dll
2013-03-09 09:14 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{344CBAFB-EC5E-46F8-9454-C34D831DE6B8}\mpengine.dll
2013-03-08 20:27 . 2013-03-08 20:27 -------- d-----w- C:\rsit
2013-03-08 20:27 . 2013-03-08 20:27 -------- d-----w- c:\program files\trend micro
2013-03-08 20:24 . 2013-03-08 20:24 -------- d-----w- c:\program files\CCleaner
2013-03-08 08:06 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-01 19:52 . 2013-03-02 22:12 -------- d-----w- C:\Fraps
2013-02-16 22:34 . 2013-02-16 22:34 -------- d-----w- c:\program files (x86)\Vypínač na dobrou noc
2013-02-16 20:45 . 2013-02-16 20:45 -------- d-----w- c:\program files\Microsoft Games
2013-02-16 19:55 . 2013-02-16 19:55 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-02-16 19:03 . 2013-02-17 13:38 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2013-02-16 19:03 . 2013-02-16 19:03 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-02-16 19:03 . 2013-02-16 19:03 -------- d-----w- c:\programdata\Battle.net
2013-02-16 13:37 . 2013-02-16 13:37 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-02-16 13:35 . 2013-02-16 13:35 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-16 13:35 . 2013-02-16 13:35 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-02-16 13:35 . 2013-02-16 13:35 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-16 13:35 . 2013-02-16 13:35 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-02-16 13:35 . 2013-02-16 13:35 -------- d-----w- c:\program files (x86)\OpenAL
2013-02-16 13:31 . 2013-02-16 13:31 -------- d-----w- c:\program files (x86)\VideoLAN
2013-02-16 13:30 . 2013-02-16 13:30 -------- d-----w- c:\windows\Sun
2013-02-16 13:28 . 2013-02-16 13:28 -------- d-----w- c:\users\LogMeInRemoteUser
2013-02-16 13:27 . 2013-01-25 15:38 88448 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-02-16 13:27 . 2013-01-25 15:37 60776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2013-02-16 13:27 . 2013-01-25 15:37 35688 ----a-w- c:\windows\system32\LMIport.dll
2013-02-16 13:27 . 2012-11-29 10:56 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-02-16 13:27 . 2013-01-25 15:37 84328 ----a-w- c:\windows\system32\LMIinit.dll
2013-02-16 13:27 . 2013-03-09 09:04 -------- d-----w- c:\programdata\LogMeIn
2013-02-16 13:27 . 2013-02-16 13:28 -------- d-----w- c:\program files (x86)\LogMeIn
2013-02-16 13:21 . 2013-02-16 13:21 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-02-16 13:08 . 2013-02-16 13:08 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2013-02-16 13:08 . 2013-02-16 13:08 151552 ----a-w- c:\windows\KMService.exe
2013-02-16 12:44 . 2013-02-16 12:44 -------- d-----w- c:\program files\Common Files\DESIGNER
2013-02-16 12:43 . 2013-02-16 12:43 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-02-16 12:43 . 2013-02-16 12:43 -------- d-----w- c:\windows\PCHEALTH
2013-02-16 12:43 . 2013-02-16 12:43 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-02-16 12:43 . 2013-02-16 12:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-02-16 12:42 . 2013-02-16 12:42 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-02-16 12:41 . 2013-02-16 12:41 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-02-16 12:41 . 2013-02-16 12:41 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-02-16 12:41 . 2013-02-17 11:40 -------- d-----w- c:\programdata\Microsoft Help
2013-02-16 12:41 . 2013-02-16 12:43 -------- d-----w- c:\program files\Microsoft Office
2013-02-16 12:41 . 2013-02-16 12:41 -------- d-----r- C:\MSOCache
2013-02-16 12:35 . 2013-02-16 12:35 -------- d-----w- c:\programdata\WEBREG
2013-02-16 12:35 . 2010-01-06 13:33 253440 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp101.dll
2013-02-16 12:01 . 2013-02-16 12:35 -------- d-----w- c:\programdata\HP
2013-02-16 12:01 . 2013-02-16 12:24 -------- d-----w- c:\windows\system32\appmgmt
2013-02-16 11:56 . 2013-02-16 11:56 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-02-16 11:47 . 2009-08-19 15:00 359424 ------w- c:\windows\system32\CmiInstallResAll64.dll
2013-02-16 11:47 . 2006-10-06 04:45 524768 ----a-w- c:\windows\difxapi.dll
2013-02-16 11:47 . 2011-03-10 14:44 2725376 ----a-w- c:\windows\system32\drivers\cmudaxp.sys
2013-02-16 11:47 . 2007-04-19 14:12 32768 ----a-w- c:\windows\system32\cmudaxp.dll
2013-02-16 11:47 . 2004-04-14 10:28 315392 ----a-w- c:\windows\SysWow64\CmiFltr.dll
2013-02-16 11:47 . 2004-04-14 10:28 315392 ----a-w- c:\windows\system\CmiFltr.dll
2013-02-16 11:45 . 2013-02-16 13:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-02-16 11:43 . 2013-02-16 11:43 -------- d-----w- c:\program files (x86)\PowerISO
2013-02-16 11:43 . 2012-12-09 09:51 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2013-02-16 11:06 . 2013-02-16 11:06 -------- d-----w- c:\program files\Microsoft Silverlight
2013-02-16 11:06 . 2013-02-16 11:06 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-02-16 11:05 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 11:05 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 11:03 . 2013-02-16 11:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-16 11:03 . 2013-02-16 11:03 -------- d-----r- c:\program files (x86)\Skype
2013-02-16 11:01 . 2013-02-16 11:03 -------- d-----w- c:\programdata\Skype
2013-02-16 11:01 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-02-16 11:01 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-02-16 11:01 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-02-16 11:01 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-02-16 11:01 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-02-16 11:01 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-02-16 11:01 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-02-16 11:01 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2013-02-16 11:01 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-02-16 11:01 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2013-02-16 11:01 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2013-02-16 11:00 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2013-02-16 11:00 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-02-16 11:00 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-02-16 11:00 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-02-16 11:00 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-02-16 11:00 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2013-02-16 11:00 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2013-02-16 10:52 . 2013-02-16 10:52 -------- d-----w- c:\windows\SysWow64\Wat
2013-02-16 10:52 . 2013-02-16 10:52 -------- d-----w- c:\windows\system32\Wat
2013-02-16 10:45 . 2013-02-16 10:47 -------- d-----w- c:\program files\WinRAR
2013-02-16 10:42 . 2012-10-23 05:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C540EAF3-33CF-412F-B512-0719957AC109}\gapaengine.dll
2013-02-16 10:41 . 2013-02-04 21:49 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-16 10:40 . 2013-02-16 11:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-02-16 10:40 . 2013-02-16 11:05 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-16 10:39 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2013-02-16 10:39 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-02-16 10:39 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-02-16 10:39 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-02-16 10:34 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-02-16 10:31 . 2013-02-16 20:43 -------- d-----w- c:\program files (x86)\Trillian
2013-02-16 10:30 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-02-16 10:30 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-02-16 10:30 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-02-16 10:30 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-02-16 10:30 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-02-16 10:30 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-02-16 10:29 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-02-16 10:29 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-02-16 10:29 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-02-16 10:29 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-02-16 10:29 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-02-16 10:29 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-02-16 10:29 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-02-16 10:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-02-16 10:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-02-16 10:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-02-16 10:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-02-16 10:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-02-16 10:25 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-02-16 10:24 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-02-16 10:23 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-02-16 10:23 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-02-16 10:18 . 2013-01-18 11:15 9161176 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE4ABA7-8652-4803-BA13-F77F5508F147}\mpengine.dll
2013-02-16 10:18 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-02-16 10:18 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-02-16 10:18 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-02-16 10:18 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2013-02-16 10:18 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-02-16 10:18 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 21:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-16 10:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Manager"="c:\users\Vojta\S-80-5849-4992-4820\winmgr.exe" [2013-03-08 662394]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-14 2255360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-16 1255736]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304]
S2 KMService;KMService;c:\windows\system32\srvany.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-01-25 376168]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-11-29 15928]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-04 20:22 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16 09:56]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16 09:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-03-09 10:48:18
ComboFix-quarantined-files.txt 2013-03-09 09:48
.
Před spuštěním: Volných bajtů: 711 630 565 376
Po spuštění: Volných bajtů: 711 148 560 384
.
- - End Of File - - 79222632944FB94ACF40E4C7B5F6C856

#8 Příspěvek od **vyosek** » 10 bře 2013 11:14

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Driver::
KMService

Collect::
c:\windows\system32\srvany.exe 
c:\windows\SysWow64\srvany.exe
c:\users\Vojta\S-80-5849-4992-4820\winmgr.exe

Folder::
C:\Users\Vojta\S-80-5849-4992-4820

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Manager"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"HP Software Update"=-
"Adobe ARM"=-
"LogMeIn Hamachi Ui"=-

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Vojta.ov · #9 Příspěvek od **Vojta.ov** » 11 bře 2013 19:48

ComboFix 13-03-11.01 - Vojta 11.03.2013 19:35:23.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8175.6254 [GMT 1:00]
Spuštěný z: c:\users\Vojta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vojta\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-11 do 2013-03-11 )))))))))))))))))))))))))))))))
.
.
2013-03-11 18:37 . 2013-03-11 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-08 20:27 . 2013-03-08 20:27 -------- d-----w- C:\rsit
2013-03-08 20:27 . 2013-03-08 20:27 -------- d-----w- c:\program files\trend micro
2013-03-08 20:24 . 2013-03-08 20:24 -------- d-----w- c:\program files\CCleaner
2013-03-01 19:52 . 2013-03-02 22:12 -------- d-----w- C:\Fraps
2013-02-16 22:34 . 2013-02-16 22:34 -------- d-----w- c:\program files (x86)\Vypínač na dobrou noc
2013-02-16 20:45 . 2013-02-16 20:45 -------- d-----w- c:\program files\Microsoft Games
2013-02-16 19:55 . 2013-02-16 19:55 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-02-16 19:03 . 2013-02-17 13:38 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2013-02-16 19:03 . 2013-02-16 19:03 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-02-16 19:03 . 2013-02-16 19:03 -------- d-----w- c:\programdata\Battle.net
2013-02-16 13:37 . 2013-02-16 13:37 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-02-16 13:35 . 2013-02-16 13:35 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-16 13:35 . 2013-02-16 13:35 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-02-16 13:35 . 2013-02-16 13:35 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-16 13:35 . 2013-02-16 13:35 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-02-16 13:35 . 2013-02-16 13:35 -------- d-----w- c:\program files (x86)\OpenAL
2013-02-16 13:31 . 2013-02-16 13:31 -------- d-----w- c:\program files (x86)\VideoLAN
2013-02-16 13:30 . 2013-02-16 13:30 -------- d-----w- c:\windows\Sun
2013-02-16 13:28 . 2013-02-16 13:28 -------- d-----w- c:\users\LogMeInRemoteUser
2013-02-16 13:27 . 2013-01-25 15:38 88448 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-02-16 13:27 . 2013-01-25 15:37 60776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2013-02-16 13:27 . 2013-01-25 15:37 35688 ----a-w- c:\windows\system32\LMIport.dll
2013-02-16 13:27 . 2012-11-29 10:56 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-02-16 13:27 . 2013-01-25 15:37 84328 ----a-w- c:\windows\system32\LMIinit.dll
2013-02-16 13:27 . 2013-03-11 17:39 -------- d-----w- c:\programdata\LogMeIn
2013-02-16 13:27 . 2013-02-16 13:28 -------- d-----w- c:\program files (x86)\LogMeIn
2013-02-16 13:21 . 2013-02-16 13:21 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-02-16 13:08 . 2013-02-16 13:08 151552 ----a-w- c:\windows\KMService.exe
2013-02-16 12:44 . 2013-02-16 12:44 -------- d-----w- c:\program files\Common Files\DESIGNER
2013-02-16 12:43 . 2013-02-16 12:43 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-02-16 12:43 . 2013-02-16 12:43 -------- d-----w- c:\windows\PCHEALTH
2013-02-16 12:43 . 2013-02-16 12:43 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-02-16 12:43 . 2013-02-16 12:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-02-16 12:42 . 2013-02-16 12:42 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-02-16 12:41 . 2013-02-16 12:41 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-02-16 12:41 . 2013-02-16 12:41 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-02-16 12:41 . 2013-02-17 11:40 -------- d-----w- c:\programdata\Microsoft Help
2013-02-16 12:41 . 2013-02-16 12:43 -------- d-----w- c:\program files\Microsoft Office
2013-02-16 12:41 . 2013-02-16 12:41 -------- d-----r- C:\MSOCache
2013-02-16 12:35 . 2013-02-16 12:35 -------- d-----w- c:\programdata\WEBREG
2013-02-16 12:35 . 2010-01-06 13:33 253440 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp101.dll
2013-02-16 12:01 . 2013-02-16 12:35 -------- d-----w- c:\programdata\HP
2013-02-16 12:01 . 2013-02-16 12:24 -------- d-----w- c:\windows\system32\appmgmt
2013-02-16 11:56 . 2013-02-16 11:56 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-02-16 11:47 . 2009-08-19 15:00 359424 ------w- c:\windows\system32\CmiInstallResAll64.dll
2013-02-16 11:47 . 2006-10-06 04:45 524768 ----a-w- c:\windows\difxapi.dll
2013-02-16 11:47 . 2011-03-10 14:44 2725376 ----a-w- c:\windows\system32\drivers\cmudaxp.sys
2013-02-16 11:47 . 2007-04-19 14:12 32768 ----a-w- c:\windows\system32\cmudaxp.dll
2013-02-16 11:47 . 2004-04-14 10:28 315392 ----a-w- c:\windows\SysWow64\CmiFltr.dll
2013-02-16 11:47 . 2004-04-14 10:28 315392 ----a-w- c:\windows\system\CmiFltr.dll
2013-02-16 11:45 . 2013-02-16 13:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-02-16 11:43 . 2013-02-16 11:43 -------- d-----w- c:\program files (x86)\PowerISO
2013-02-16 11:43 . 2012-12-09 09:51 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2013-02-16 11:06 . 2013-02-16 11:06 -------- d-----w- c:\program files\Microsoft Silverlight
2013-02-16 11:06 . 2013-02-16 11:06 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-02-16 11:05 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 11:05 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 11:03 . 2013-02-16 11:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-16 11:03 . 2013-02-16 11:03 -------- d-----r- c:\program files (x86)\Skype
2013-02-16 11:01 . 2013-02-16 11:03 -------- d-----w- c:\programdata\Skype
2013-02-16 11:01 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-02-16 11:01 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-02-16 11:01 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-02-16 11:01 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-02-16 11:01 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-02-16 11:01 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-02-16 11:01 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-02-16 11:01 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2013-02-16 11:01 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-02-16 11:01 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2013-02-16 11:01 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2013-02-16 11:00 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2013-02-16 11:00 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-02-16 11:00 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-02-16 11:00 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-02-16 11:00 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-02-16 11:00 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2013-02-16 11:00 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2013-02-16 10:52 . 2013-02-16 10:52 -------- d-----w- c:\windows\SysWow64\Wat
2013-02-16 10:52 . 2013-02-16 10:52 -------- d-----w- c:\windows\system32\Wat
2013-02-16 10:45 . 2013-02-16 10:47 -------- d-----w- c:\program files\WinRAR
2013-02-16 10:42 . 2012-10-23 05:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C540EAF3-33CF-412F-B512-0719957AC109}\gapaengine.dll
2013-02-16 10:41 . 2013-02-04 21:49 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-16 10:40 . 2013-02-16 11:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-02-16 10:40 . 2013-02-16 11:05 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-16 10:39 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2013-02-16 10:39 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-02-16 10:39 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-02-16 10:39 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-02-16 10:34 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-02-16 10:31 . 2013-02-16 20:43 -------- d-----w- c:\program files (x86)\Trillian
2013-02-16 10:30 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-02-16 10:30 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-02-16 10:30 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-02-16 10:30 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-02-16 10:30 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-02-16 10:30 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-02-16 10:29 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-02-16 10:29 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-02-16 10:29 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-02-16 10:29 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-02-16 10:29 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-02-16 10:29 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-02-16 10:29 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-02-16 10:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-02-16 10:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-02-16 10:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-02-16 10:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-02-16 10:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-02-16 10:25 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-02-16 10:24 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-02-16 10:23 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-02-16 10:23 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-02-16 10:18 . 2013-01-18 11:15 9161176 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE4ABA7-8652-4803-BA13-F77F5508F147}\mpengine.dll
2013-02-16 10:18 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-02-16 10:18 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-02-16 10:18 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-02-16 10:18 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2013-02-16 10:18 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-02-16 10:18 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2013-02-16 10:18 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2013-02-16 10:18 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2013-02-16 10:18 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2013-02-16 10:18 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 21:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-16 10:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\ehshell.exe]
"Debugger"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-16 1255736]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-01-25 376168]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-11-29 15928]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-04 20:22 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehshell.exe]
"Debugger"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2013-03-11 19:43:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-11 18:43
ComboFix2.txt 2013-03-11 18:32
ComboFix3.txt 2013-03-09 09:48
.
Před spuštěním: Volných bajtů: 708 431 339 520
Po spuštění: Volných bajtů: 708 385 939 456
.
- - End Of File - - F6B7BE4800C20B84CF0717A3E601404A

#10 Příspěvek od **vyosek** » 11 bře 2013 20:14

Fajn, jak se chova PC

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu