Pomalé načítání

[Attistar]

ComboFix 14-07-21.01 - Matěj 21.07.2014 18:37:14.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.1013.134 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVG
c:\program files\AVG\AVG PC Tuneup 2011\rdboot.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-21 do 2014-07-21 )))))))))))))))))))))))))))))))
.
.
2014-07-21 16:53 . 2014-07-21 16:53 -------- d-----w- c:\users\uživatel\AppData\Local\temp
2014-07-21 13:59 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F597B779-0A70-4F2F-88C3-A5B4DB32A7AA}\mpengine.dll
2014-07-21 11:57 . 2014-07-21 11:57 -------- d-----w- c:\program files\Defraggler
2014-07-20 19:30 . 2014-07-20 19:30 -------- d-----w- c:\program files\FastStone Capture
2014-07-20 12:29 . 2014-07-20 12:29 -------- d-----w- c:\programdata\Malwarebytes
2014-07-20 11:05 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-20 10:43 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-19 17:15 . 2014-07-21 11:58 -------- d-----w- c:\program files\trend micro
2014-07-19 14:15 . 2014-07-19 14:20 -------- d-----w- c:\program files\Project Snowblind
2014-07-18 16:00 . 2014-07-18 16:00 -------- d-----w- c:\program files\directx
2014-07-18 15:59 . 2014-07-18 15:59 -------- d-----w- c:\program files\Wanadoo Edition
2014-07-18 15:40 . 2014-07-18 15:40 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-07-18 15:40 . 2014-07-18 15:40 -------- d-----w- c:\program files\DAEMON Tools Lite
2014-07-18 15:38 . 2014-07-18 15:58 -------- d-----w- c:\programdata\DAEMON Tools Lite
2014-07-18 10:39 . 2014-07-18 10:39 -------- d-----w- c:\program files\GOG.com
2014-07-16 15:52 . 2014-07-16 15:52 -------- d-----w- c:\program files\Common Files\Java
2014-07-16 15:51 . 2014-07-11 01:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-16 15:38 . 2014-07-21 11:58 -------- d-----w- c:\users\Matěj
2014-07-15 19:26 . 2014-05-03 20:05 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9046719B-DA43-4FBF-A77D-467FFDD72C11}\gapaengine.dll
2014-07-15 19:20 . 2014-06-06 09:44 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-15 19:19 . 2014-05-30 06:25 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-15 19:15 . 2014-07-15 19:15 -------- d-sh--w- c:\users\uživatel\AppData\Local\EmieUserList
2014-07-15 19:15 . 2014-07-15 19:15 -------- d-sh--w- c:\users\uživatel\AppData\Local\EmieSiteList
2014-07-15 18:58 . 2014-06-30 01:40 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-15 18:58 . 2014-06-30 01:36 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-15 18:58 . 2014-06-05 14:16 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-15 18:58 . 2014-06-05 14:16 1060864 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-15 18:49 . 2014-07-15 18:49 -------- d-----w- C:\70aecd3afafc04fb51
2014-07-15 18:36 . 2014-07-15 18:37 -------- d-----w- c:\program files\CCleaner
2014-06-28 19:25 . 2014-06-28 19:25 -------- d-----w- c:\program files\Common Files\Skype
2014-06-28 18:40 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-06-28 18:40 . 2014-03-26 02:13 1236992 ----a-w- c:\windows\system32\msxml3.dll
2014-06-28 18:40 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-28 18:40 . 2014-03-26 02:10 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-28 18:40 . 2014-04-05 02:16 1310144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-28 18:40 . 2014-04-05 02:16 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-28 18:40 . 2014-04-05 02:16 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-06-28 18:40 . 2014-04-25 01:58 626688 ----a-w- c:\windows\system32\usp10.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-22 16:13 . 2014-01-27 09:35 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-22 16:13 . 2014-01-27 09:35 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-03 20:05 . 2014-02-18 07:50 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-10 7399968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-26 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2014-01-28 1343400]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-04-29 291840]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-07-18 243128]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-12-11 5120]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 01:37 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254 8.8.8.8
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3292)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Celkový čas: 2014-07-21 19:02:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-21 17:02
ComboFix2.txt 2014-07-21 16:01
.
Před spuštěním: Volných bajtů: 216 141 549 568
Po spuštění: Volných bajtů: 215 837 405 184
.
- - End Of File - - 528B449DA83C45E2C21961A3B8159370
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Dejte novy log z RSIT

[Attistar]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Matěj at 2014-07-21 19:10:18
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 206 GB (67%) free of 305 GB
Total RAM: 1013 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:10:30, on 21.7.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Matěj\Desktop\RSIT.exe
C:\Program Files\trend micro\Matěj.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

--
End of file - 3500 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-11 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-11 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-04-30 642304]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-04-10 7399968]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-05-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-05-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-05-26 150552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-05-26 218112]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-07-21 19:10:18 ----D---- C:\rsit
2014-07-21 19:02:42 ----D---- C:\Windows\temp
2014-07-21 19:02:39 ----A---- C:\ComboFix.txt
2014-07-21 18:59:36 ----SHD---- C:\$RECYCLE.BIN
2014-07-21 18:28:36 ----R---- C:\ComboFix.exe
2014-07-21 17:33:17 ----A---- C:\Windows\zip.exe
2014-07-21 17:33:17 ----A---- C:\Windows\SWSC.exe
2014-07-21 17:33:17 ----A---- C:\Windows\SWREG.exe
2014-07-21 17:33:17 ----A---- C:\Windows\sed.exe
2014-07-21 17:33:17 ----A---- C:\Windows\PEV.exe
2014-07-21 17:33:17 ----A---- C:\Windows\NIRCMD.exe
2014-07-21 17:33:17 ----A---- C:\Windows\MBR.exe
2014-07-21 17:33:17 ----A---- C:\Windows\grep.exe
2014-07-21 17:32:49 ----D---- C:\Qoobox
2014-07-21 17:32:07 ----D---- C:\Windows\erdnt
2014-07-21 13:57:20 ----D---- C:\Program Files\Defraggler
2014-07-20 21:31:16 ----D---- C:\Users\Matěj\AppData\Roaming\FastStone
2014-07-20 21:30:42 ----D---- C:\Program Files\FastStone Capture
2014-07-20 20:15:46 ----A---- C:\log.txt
2014-07-20 14:29:51 ----D---- C:\ProgramData\Malwarebytes
2014-07-20 12:43:56 ----A---- C:\Windows\system32\sqlite3.dll
2014-07-20 00:20:58 ----AD---- C:\ProgramData\TEMP
2014-07-19 19:15:46 ----D---- C:\Program Files\trend micro
2014-07-19 16:15:10 ----D---- C:\Program Files\Project Snowblind
2014-07-19 05:59:48 ----D---- C:\Users\Matěj\AppData\Roaming\BitTorrent
2014-07-19 03:58:23 ----D---- C:\Users\Matěj\AppData\Roaming\library_dir
2014-07-18 18:00:51 ----D---- C:\Program Files\directx
2014-07-18 17:59:51 ----D---- C:\Program Files\Wanadoo Edition
2014-07-18 17:40:53 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2014-07-18 17:40:36 ----D---- C:\Users\Matěj\AppData\Roaming\DAEMON Tools Lite
2014-07-18 17:40:06 ----D---- C:\Program Files\DAEMON Tools Lite
2014-07-18 17:38:05 ----D---- C:\ProgramData\DAEMON Tools Lite
2014-07-18 12:39:13 ----D---- C:\Program Files\GOG.com
2014-07-16 20:18:20 ----D---- C:\Users\Matěj\AppData\Roaming\FLV and Media Player
2014-07-16 20:17:11 ----D---- C:\Users\Matěj\AppData\Roaming\WinRAR
2014-07-16 17:52:30 ----D---- C:\Program Files\Common Files\Java
2014-07-16 17:52:21 ----A---- C:\Windows\system32\javaws.exe
2014-07-16 17:51:51 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2014-07-16 17:51:51 ----A---- C:\Windows\system32\javaw.exe
2014-07-16 17:51:51 ----A---- C:\Windows\system32\java.exe
2014-07-16 17:41:58 ----D---- C:\Users\Matěj\AppData\Roaming\ATI
2014-07-16 17:40:51 ----D---- C:\Users\Matěj\AppData\Roaming\Identities
2014-07-16 17:39:28 ----D---- C:\Users\Matěj\AppData\Roaming\Adobe
2014-07-16 17:38:56 ----SD---- C:\Users\Matěj\AppData\Roaming\Microsoft
2014-07-16 17:38:56 ----D---- C:\Users\Matěj\AppData\Roaming\Media Center Programs
2014-07-15 21:22:27 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-15 21:22:26 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-07-15 21:22:26 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-07-15 21:22:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-15 21:22:21 ----A---- C:\Windows\system32\iernonce.dll
2014-07-15 21:22:20 ----A---- C:\Windows\system32\urlmon.dll
2014-07-15 21:22:18 ----A---- C:\Windows\system32\jsproxy.dll
2014-07-15 21:22:18 ----A---- C:\Windows\system32\ieUnatt.exe
2014-07-15 21:22:18 ----A---- C:\Windows\system32\iedkcs32.dll
2014-07-15 21:22:16 ----A---- C:\Windows\system32\ieapfltr.dll
2014-07-15 21:22:16 ----A---- C:\Windows\system32\dxtmsft.dll
2014-07-15 21:22:15 ----A---- C:\Windows\system32\msfeeds.dll
2014-07-15 21:22:10 ----A---- C:\Windows\system32\msrating.dll
2014-07-15 21:22:09 ----A---- C:\Windows\system32\ie4uinit.exe
2014-07-15 21:22:08 ----A---- C:\Windows\system32\iesetup.dll
2014-07-15 21:22:06 ----A---- C:\Windows\system32\wininet.dll
2014-07-15 21:22:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-07-15 21:22:02 ----A---- C:\Windows\system32\dxtrans.dll
2014-07-15 21:21:59 ----A---- C:\Windows\system32\ieui.dll
2014-07-15 21:21:57 ----A---- C:\Windows\system32\ieframe.dll
2014-07-15 21:21:54 ----A---- C:\Windows\system32\mshtmled.dll
2014-07-15 21:21:53 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-07-15 21:21:51 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-07-15 21:21:48 ----A---- C:\Windows\system32\iertutil.dll
2014-07-15 21:21:41 ----A---- C:\Windows\system32\jscript9diag.dll
2014-07-15 21:21:38 ----A---- C:\Windows\system32\mshtml.dll
2014-07-15 21:21:31 ----A---- C:\Windows\system32\vbscript.dll
2014-07-15 21:21:29 ----A---- C:\Windows\system32\jscript9.dll
2014-07-15 21:21:14 ----A---- C:\Windows\system32\win32k.sys
2014-07-15 21:21:12 ----A---- C:\Windows\system32\osk.exe
2014-07-15 21:20:09 ----A---- C:\Windows\system32\qedit.dll
2014-07-15 21:19:57 ----A---- C:\Windows\system32\drivers\afd.sys
2014-07-15 20:58:49 ----A---- C:\Windows\system32\aepdu.dll
2014-07-15 20:58:43 ----A---- C:\Windows\system32\aeinv.dll
2014-07-15 20:58:27 ----A---- C:\Windows\system32\schannel.dll
2014-07-15 20:58:27 ----A---- C:\Windows\system32\lsasrv.dll
2014-07-15 20:49:27 ----D---- C:\70aecd3afafc04fb51
2014-07-15 20:36:22 ----D---- C:\Program Files\CCleaner
2014-06-28 21:25:07 ----D---- C:\Program Files\Common Files\Skype
2014-06-28 20:40:44 ----A---- C:\Windows\system32\msxml6.dll
2014-06-28 20:40:44 ----A---- C:\Windows\system32\msxml3.dll
2014-06-28 20:40:43 ----A---- C:\Windows\system32\msxml6r.dll
2014-06-28 20:40:43 ----A---- C:\Windows\system32\msxml3r.dll
2014-06-28 20:40:37 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-06-28 20:40:36 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-06-28 20:40:35 ----A---- C:\Windows\system32\drivers\netio.sys
2014-06-28 20:40:22 ----A---- C:\Windows\system32\usp10.dll

======List of files/folders modified in the last 1 month======

2014-07-21 19:10:30 ----D---- C:\Windows\Prefetch
2014-07-21 19:02:45 ----D---- C:\Windows\system32\drivers
2014-07-21 19:02:42 ----D---- C:\Windows
2014-07-21 18:55:26 ----A---- C:\Windows\system.ini
2014-07-21 18:55:07 ----D---- C:\Windows\system32\drivers\etc
2014-07-21 18:54:55 ----D---- C:\Windows\inf
2014-07-21 18:51:31 ----RD---- C:\Program Files
2014-07-21 18:46:07 ----D---- C:\Windows\System32
2014-07-21 18:46:07 ----D---- C:\Windows\AppPatch
2014-07-21 18:46:01 ----D---- C:\Program Files\Common Files
2014-07-21 18:20:36 ----SHD---- C:\Windows\Installer
2014-07-21 18:20:35 ----RD---- C:\Program Files\Skype
2014-07-21 18:20:19 ----SHD---- C:\System Volume Information
2014-07-21 16:21:36 ----D---- C:\Drivers
2014-07-21 14:20:44 ----D---- C:\Windows\system32\config
2014-07-21 14:06:54 ----D---- C:\Windows\SoftwareDistribution
2014-07-21 13:23:41 ----D---- C:\Windows\Tasks
2014-07-20 23:23:06 ----D---- C:\Program Files\ATI Technologies
2014-07-20 20:21:36 ----D---- C:\Windows\ShellNew
2014-07-20 14:29:51 ----D---- C:\ProgramData
2014-07-20 12:45:35 ----D---- C:\Windows\system32\Tasks
2014-07-20 00:31:47 ----D---- C:\Windows\Downloaded Program Files
2014-07-19 19:48:08 ----HD---- C:\Program Files\InstallShield Installation Information
2014-07-18 22:33:56 ----D---- C:\Windows\system32\catroot2
2014-07-18 18:09:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-18 17:58:49 ----D---- C:\Program Files\Common Files\InstallShield
2014-07-18 17:42:49 ----D---- C:\Windows\system32\catroot
2014-07-18 17:42:27 ----D---- C:\Windows\system32\DriverStore
2014-07-16 19:50:33 ----D---- C:\PerfLogs
2014-07-16 19:46:58 ----SD---- C:\ProgramData\Microsoft
2014-07-16 17:53:19 ----D---- C:\ProgramData\Oracle
2014-07-16 17:51:50 ----D---- C:\Program Files\Java
2014-07-16 17:38:55 ----RD---- C:\Users
2014-07-16 12:56:15 ----D---- C:\Windows\debug
2014-07-16 12:46:45 ----D---- C:\Windows\winsxs
2014-07-16 12:43:15 ----D---- C:\Windows\system32\en-US
2014-07-16 12:43:15 ----D---- C:\Program Files\Windows Journal
2014-07-16 12:43:14 ----D---- C:\Program Files\Internet Explorer
2014-07-16 12:43:11 ----D---- C:\Windows\ehome
2014-07-16 12:43:10 ----D---- C:\Windows\system32\Dism
2014-07-16 12:43:09 ----SD---- C:\Windows\system32\CompatTel
2014-07-16 12:41:58 ----D---- C:\ProgramData\Microsoft Help
2014-07-16 12:24:59 ----D---- C:\Windows\system32\MRT
2014-07-16 12:12:36 ----A---- C:\Windows\system32\MRT.exe
2014-07-16 12:07:00 ----RSD---- C:\Windows\assembly
2014-07-15 20:42:08 ----D---- C:\Windows\Panther
2014-07-15 20:41:59 ----D---- C:\Windows\Logs
2014-06-28 21:25:37 ----D---- C:\ProgramData\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-01-11 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2012-01-11 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-07-18 243128]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-01-11 48640]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2007-12-11 5120]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-12-14 1245696]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-05-26 4806144]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-04-10 2358112]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
S1 DritekPortIO;Dritek General Port I/O; \??\C:\Program Files\Launch Manager\DPortIO.sys []
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2007-12-11 41984]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 10070016]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-04-30 290304]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-01-11 78336]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2013-02-23 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2012-01-11 60416]
S3 catchme;catchme; \??\C:\Users\MATJ~1\AppData\Local\Temp\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
S3 mbr;mbr; \??\C:\Users\MATJ~1\AppData\Local\Temp\mbr.sys []
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2012-01-11 133632]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-02-27 141408]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2012-01-11 21504]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 108032]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 4846168]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2012-01-11 21504]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2012-01-11 21504]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2012-01-11 21504]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-28 1343400]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-04-30 217088]
S4 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-04-30 291840]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2012-01-11 21504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]

-----------------EOF-----------------

[Attistar]

info.txt logfile of random's system information tool 1.10 2014-07-21 19:10:37

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A59D593C400008020210007DF130C000800000020030000DF140C07FEFFFF0028030000B83F25000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

4MCAD 14 Classic-->C:\4MCAD14CLASSIC\unins000.exe
Adobe Flash Player 13 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -maintain activex
Adobe Reader XI (11.0.07) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
AIDA64 Extreme v4.00-->"C:\Program Files\FinalWire\AIDA64 Extreme\unins000.exe"
AMD Accelerated Video Transcoding-->MsiExec.exe /X{7F644A4B-C9A7-E419-BFD9-75DFA0EE57DB}
AMD APP SDK Runtime-->MsiExec.exe /I{A25FF1C0-80B6-4B8B-A551-DC525697A408}
AMD Drag and Drop Transcoding-->MsiExec.exe /X{DBA18992-B9F3-950D-E973-6ED23422EA73}
AMD Media Foundation Decoders-->MsiExec.exe /X{3DF7D356-6225-8717-AFC2-91D5C1521036}
Arabic Fonetic Keyboard (CZ) 0.9.1-->MsiExec.exe /I{1EDC89D9-8EA3-41DA-A545-672CA95FE3E7}
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_x86_neutral_73c28da64803cefc\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_x86_neutral_13826104cd8e800f\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_52F0DFAA648E25523CF0EE10FEDF6AC712ED34DB\pccsmcfd.inf
Catalyst Control Center - Branding-->MsiExec.exe /I{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CzRus QWERTY Caps 2.0.2-->MsiExec.exe /I{C841483C-8A64-452A-93C8-53D5CDE03F8A}
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}" "1029" "0"
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{65480649-2AA6-4C5C-AAE8-DB35335D98A7}" "1029" "0"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Duke Nukem - Manhattan Project-->"C:\Program Files\GOG.com\Duke Nukem - Manhattan Project\unins000.exe"
EPSON B-510DN Printer Uninstall-->C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSFKA.EXE /R /APD /P:"EPSON B-510DN"
EpsonNet Print-->C:\Program Files\InstallShield Installation Information\{3E31400D-274E-4647-916C-2CACC3741799}\ENPSETUP.exe -runfromtemp -l0x0009 -EPSON -removeonly
Euro Truck Simulator 2-->"C:\Program Files\Euro Truck Simulator 2\unins000.exe"
FastStone Capture 7.8-->C:\Program Files\FastStone Capture\uninst.exe
FloorPlan 3D v8-->MsiExec.exe /I{93538CBE-F87E-4B79-872C-D0D098EB42EE}
FLV and Media Player 4.2.1.1-->C:\Program Files\Applian Technologies\FLV and Media Player\uninstall.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\36.0.1985.125\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google+ Auto Backup-->MsiExec.exe /X{A50DE037-B5C0-4C8A-8049-B0C576B313D1}
Hebrew Phonetic Keyboard 0.9.0-->MsiExec.exe /I{E39A80F3-7C45-460F-8DBD-C29F25A865EA}
HydraVision-->MsiExec.exe /X{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java 7 Update 65-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217051FF}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Lenovo_Wireless_Driver-->C:\Program Files\InstallShield Installation Information\{28ABE740-47F3-441B-9437-852F6A64EFF8}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 4.5.1 (CSY)-->MsiExec.exe /X{123F4E9B-80E6-3A84-BDD4-3CB3AC59ABF0}
Microsoft .NET Framework 4.5.1 (čeština)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\CSY\\Setup.exe /repair /x86 /lcid 1029
Microsoft .NET Framework 4.5.1-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86
Microsoft .NET Framework 4.5.1-->MsiExec.exe /X{4903D172-DCCB-392F-93A3-34CA9D47FE3D}
Microsoft Office 2010 pro podnikatele-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Korrekturhilfen 2013 - Deutsch-->MsiExec.exe /X{90150000-001F-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office OSM MUI (Czech) 2013-->MsiExec.exe /X{90150000-00E1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2013-->MsiExec.exe /X{90150000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2013 - English-->MsiExec.exe /X{90150000-001F-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2013-->MsiExec.exe /X{90150000-006E-0405-0000-0000000FF1CE}
Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft PowerPoint Viewer-->MsiExec.exe /X{95140000-00AF-0405-0000-0000000FF1CE}
Microsoft Report Viewer Redistributable 2008 SP1-->c:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2008 (KB971119)\install.exe
Microsoft Security Client-->MsiExec.exe /X{36A345C9-0691-45A1-AEEF-29ECEC8B5014}
Microsoft Security Essentials-->"C:\Program Files\Microsoft Security Client\Setup.exe" /x
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Word 2013-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\setup.exe" /uninstall WORD /dll OSETUP.DLL
Microsoft Word 2013-->MsiExec.exe /X{90150000-001B-0000-0000-0000000FF1CE}
Microsoft Word MUI (Czech) 2013-->MsiExec.exe /X{90150000-001B-0405-0000-0000000FF1CE}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP3 Parser (KB2758694)-->MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština-->MsiExec.exe /X{90150000-001F-0405-0000-0000000FF1CE}
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina-->MsiExec.exe /X{90150000-001F-041B-0000-0000000FF1CE}
Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{A57025CC-5F2E-4D01-B387-06DB10500D43}
Nokia PC Suite-->C:\ProgramData\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Nokia_PC_Suite_ALL.exe
Nokia PC Suite-->MsiExec.exe /I{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}
Nokia Software Updater-->MsiExec.exe /X{7130468A-F53F-4698-8C09-A339EA3B05E6}
PC Connectivity Solution-->MsiExec.exe /I{644F4910-E812-49AD-93EC-86828CB81A0D}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Project: Snowblind 1.0-->C:\Program Files\Project Snowblind\uninstsb.exe
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Růžový panter: Honba za pokladem-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A7A2804D-7EF9-4F2A-AC16-A40E9F1C1CF6}
Samsung SCX-4x24 Series-->C:\Program Files\Samsung\Samsung SCX-4x24 Series\Install\Setup.exe /R
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {8086EDC0-3409-3560-B108-44FC46882443}
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {FED9B2BC-E6D7-3409-B4C9-99AF8AC65725}
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {054F96E9-E89B-3DDB-AA70-A65194B921B4}
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{0665F3BA-FCE2-4CB1-ACDD-19544B0E4C14}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{049FE6FA-0D59-4C24-960E-FDA1DDF045EE}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{1EE5FA17-F624-438C-B7AC-7C5A41E90FA2}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{5EE42B42-1159-435C-898A-2A3298453B20}" "1029" "0"
Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{90E7A66B-723D-4790-824A-6E4EEC0C2CBA}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0405-0000-0000000FF1CE}" "{78A9943A-5DB1-4B90-8AEF-5CE30456FB6E}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0405-0000-0000000FF1CE}" "{0A504FDF-F8F7-4792-9360-1F45E38F005D}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0407-0000-0000000FF1CE}" "{55A588B8-2D30-4B60-AB09-5DB57C592B81}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0409-0000-0000000FF1CE}" "{1F79A96A-2A70-45B3-8A5C-79DA61952879}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-041B-0000-0000000FF1CE}" "{F1B4FD6F-C4F9-42B7-9B9E-BF3B24A8192D}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-002C-0405-0000-0000000FF1CE}" "{7C7CDE76-1FF8-411F-9DA4-B4F91DBB58F5}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0405-0000-0000000FF1CE}" "{DBBAB83F-8D50-4AFB-B0FF-8B90CA68B215}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00E1-0405-0000-0000000FF1CE}" "{78A9943A-5DB1-4B90-8AEF-5CE30456FB6E}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-0000-0000000FF1CE}" "{A71E3AD4-5545-4D59-9F11-75F363563C6A}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{8925227F-C7B5-4C95-AB58-4FCF2433DAEE}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{09A9DF49-DA06-4093-A2FD-F339211E39EA}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041B-0000-0000000FF1CE}" "{0C337AF5-E6A7-4B6B-8F8E-08F9C6F956B4}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0405-0000-0000000FF1CE}" "{EA82267F-4AAB-46BA-AD6A-9EBB544D0EF7}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{2C911571-C8B6-400B-B323-417C1806E866}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Skype™ 6.16-->MsiExec.exe /X{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
STORMWARE GLX CZ Mini-->MsiExec.exe /X{9D5101BD-3010-4D6D-8ED5-19656286A07E}
STORMWARE PDF Printer 8.2.0.1406-->"C:\Program Files\STORMWARE\PDF Printer\unins000.exe"
STORMWARE POHODA CZ Premium-->MsiExec.exe /X{E9BEA8AF-D21F-4D9F-B791-9C7F09144655}
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}" "1029" "0"
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{4ACD847E-547D-493F-9A86-F73EAE1B5174}" "1029" "0"
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{122B0E69-64AF-41BE-B3F6-D387A7E7E687}" "1029" "0"
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0405-0000-0000000FF1CE}" "{122B0E69-64AF-41BE-B3F6-D387A7E7E687}" "1029" "0"
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{302A8FE3-EBF5-486C-A431-16A1CD914443}" "1029" "0"
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}" "1029" "0"
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}" "1029" "0"
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1029" "0"
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{287A1E92-9E41-4BC1-8920-B3D0E9220800}" "1029" "0"
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{9D69691D-823D-4C3E-9B12-563A3F520366}" "1029" "0"
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1029" "0"
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{35698CB7-AAA2-4577-B505-DBFF504AEF23}" "1029" "0"
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{5AA578BB-759C-40FD-9661-A737C0884541}" "1029" "0"
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}" "1029" "0"
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}" "1029" "0"
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B0D672F7-883E-4279-8E75-D97A5445AB46}" "1029" "0"
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-0000-0000000FF1CE}" "{A5B39813-17B0-4481-B19E-9C57C0BF1EE0}" "1029" "0"
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}" "1029" "0"
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}" "1029" "0"
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{C0BDC1DE-C35E-422B-8CBD-C1D555468720}" "1029" "0"
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}" "1029" "0"
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{45B7D395-EB9B-414F-9E46-5849B42326E2}" "1029" "0"
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{66421820-D3CA-450A-898C-78D7E40108E6}" "1029" "0"
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{B7EA8070-C37F-4617-82F4-52CF3304595A}" "1029" "0"
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{AD7045B8-1D75-4B4C-8120-12F045D206C7}" "1029" "0"
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}" "1029" "0"
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{5D6439FF-D651-4B13-B52E-2508AB9DE19D}" "1029" "0"
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0405-0000-0000000FF1CE}" "{5D6439FF-D651-4B13-B52E-2508AB9DE19D}" "1029" "0"
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}" "1029" "0"
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}" "1029" "0"
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{07017577-FBD6-45E2-A796-659E8F428057}" "1029" "0"
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0405-0000-0000000FF1CE}" "{07017577-FBD6-45E2-A796-659E8F428057}" "1029" "0"
Update for Microsoft Office 2013 (KB2881074) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{B23AED0C-4813-4B49-9870-2F0968824E87}" "1029" "0"
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0405-0000-0000000FF1CE}" "{91D1087B-37AB-49AC-B243-29274412F011}" "1029" "0"
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0407-0000-0000000FF1CE}" "{E249DF0B-9318-47AC-A6C2-A860FF1BEC3C}" "1029" "0"
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0409-0000-0000000FF1CE}" "{56962EB1-4DD3-48BB-934B-EA4C4516D89A}" "1029" "0"
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-041B-0000-0000000FF1CE}" "{06E334A5-EFE4-41C9-A276-6DA9800C13D7}" "1029" "0"
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{02DB183E-6F67-4906-A391-325874C5DA87}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{51CCA922-A0CC-47C4-8910-6936D97CAC2E}" "1029" "0"
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{D02AE7ED-5B00-4251-B7D5-F9590899EEEA}" "1029" "0"
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{2AB483F1-C86E-427A-83B4-23889B03512D}" "1029" "0"
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{1BCA67A6-5329-48D0-A088-C097AC7A14BD}" "1029" "0"
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-0000-0000000FF1CE}" "{7F5448C9-AC6C-41E4-8C35-66288813014C}" "1029" "0"
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}" "1029" "0"
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{7B29D8B8-6A87-496C-A65E-B935E740448A}" "1029" "0"
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{38CF30E4-3348-4BD1-A859-B630C355A56F}" "1029" "0"
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{25C61889-2E44-4BE1-9E96-9364BFDCF501}" "1029" "0"
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0405-0000-0000000FF1CE}" "{25C61889-2E44-4BE1-9E96-9364BFDCF501}" "1029" "0"
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}" "1029" "0"
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{A7CD05CC-CA85-428C-91FD-74A908D126E1}" "1029" "0"
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0000-0000-0000000FF1CE}" "{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}" "1029" "0"
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0405-0000-0000000FF1CE}" "{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}" "1029" "0"
VLC media player 2.0.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinRAR 5.01 beta 1 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: uživatel-PC
Event Code: 33
Message: Nejstarší stínová kopie svazku C: byla odstraněna, aby byl zachován uživatelem definovaný limit místa na disku používaného pro stínové kopie svazku C:.
Record Number: 26080
Source Name: volsnap
Time Written: 20140719224812.542549-000
Event Type: Informace
User:

Computer Name: uživatel-PC
Event Code: 7036
Message: Stav služby Office Software Protection Platform byl změněn na: Spuštěno
Record Number: 26079
Source Name: Service Control Manager
Time Written: 20140719224728.737672-000
Event Type: Informace
User:

Computer Name: uživatel-PC
Event Code: 33
Message: Nejstarší stínová kopie svazku C: byla odstraněna, aby byl zachován uživatelem definovaný limit místa na disku používaného pro stínové kopie svazku C:.
Record Number: 26078
Source Name: volsnap
Time Written: 20140719224310.599750-000
Event Type: Informace
User:

Computer Name: uživatel-PC
Event Code: 33
Message: Nejstarší stínová kopie svazku C: byla odstraněna, aby byl zachován uživatelem definovaný limit místa na disku používaného pro stínové kopie svazku C:.
Record Number: 26077
Source Name: volsnap
Time Written: 20140719223923.244951-000
Event Type: Informace
User:

Computer Name: uživatel-PC
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 26076
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140719223831.983261-000
Event Type: Informace
User: uživatel-PC\Matěj

=====Application event log=====

Computer Name: uživatel-PC
Event Code: 9003
Message: Nebylo možné spustit Správce oken plochy, protože se nepoužívá rozvržený motiv.
Record Number: 10782
Source Name: Desktop Window Manager
Time Written: 20140719225111.000000-000
Event Type: Informace
User:

Computer Name: uživatel-PC
Event Code: 9010
Message: Proces (Side-Scrolling Arcade-Action Game) zadal požadavek na zakázání Správce oken plochy.
Record Number: 10781
Source Name: Desktop Window Manager
Time Written: 20140719225105.000000-000
Event Type: Informace
User:

Computer Name: uživatel-PC
Event Code: 902
Message: The Software Protection service has started.
15.0.169.500
Record Number: 10780
Source Name: Office Software Protection Platform Service
Time Written: 20140719224737.000000-000
Event Type: Informace
User:

Computer Name: uživatel-PC
Event Code: 1066
Message: Initialization status for service objects.
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000

Record Number: 10779
Source Name: Office Software Protection Platform Service
Time Written: 20140719224737.000000-000
Event Type: Informace
User:

Computer Name: uživatel-PC
Event Code: 900
Message: The Software Protection service is starting.

Record Number: 10778
Source Name: Office Software Protection Platform Service
Time Written: 20140719224728.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: uživatel-PC
Event Code: 4634
Message: Účet byl odhlášen.

Předmět:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x2b44271

Typ přihlášení: 3

Tato událost je generována, pokud je zničena relace přihlášení. Může být spojena s událostí přihlášení pomocí hodnoty ID přihlášení. Hodnoty ID přihlášení jsou jednoznačné pouze v rámci jednotlivých restartů stejného počítače.
Record Number: 10305
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140719224117.920752-000
Event Type: Úspěšný audit
User:

Computer Name: uživatel-PC
Event Code: 4634
Message: Účet byl odhlášen.

Předmět:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x2b4422d

Typ přihlášení: 3

Tato událost je generována, pokud je zničena relace přihlášení. Může být spojena s událostí přihlášení pomocí hodnoty ID přihlášení. Hodnoty ID přihlášení jsou jednoznačné pouze v rámci jednotlivých restartů stejného počítače.
Record Number: 10304
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140719224117.905152-000
Event Type: Úspěšný audit
User:

Computer Name: uživatel-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 3

Nové přihlášení:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x2b44271
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x0
Název procesu: -

Informace o síti:
Název pracovní stanice: SIGERS
Adresa zdrojové sítě 192.168.0.105
Zdrojový port: 53787

Podrobné informace o ověření:
Proces přihlášení: NtLmSsp
Balíček ověření: NTLM
Přenosové služby: -
Název balíčku (pouze NTLM): NTLM V1
Délka klíče: 128

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 10303
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140719224102.851126-000
Event Type: Úspěšný audit
User:

Computer Name: uživatel-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 3

Nové přihlášení:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x2b4422d
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x0
Název procesu: -

Informace o síti:
Název pracovní stanice: SIGERS
Adresa zdrojové sítě 192.168.0.105
Zdrojový port: 53786

Podrobné informace o ověření:
Proces přihlášení: NtLmSsp
Balíček ověření: NTLM
Přenosové služby: -
Název balíčku (pouze NTLM): NTLM V1
Délka klíče: 128

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 10302
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140719224100.557922-000
Event Type: Úspěšný audit
User:

Computer Name: uživatel-PC
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-2962489488-1740152995-2069433674-1004
Název účtu: Matěj
Název domény: uživatel-PC
ID přihlášení: 0x23604
Record Number: 10301
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140719223831.764861-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\AMD APP\bin\x86;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%systemroot%\System32\WindowsPowerShell\v1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=1c0a
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"AMDAPPSDKROOT"=C:\Program Files\AMD APP\

-----------------EOF-----------------

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Nastala nejaka zmena?

[Attistar]

Problém, ComboFix stále běží dokola a dokola a dokola...

[Márty84]

Tak ho smazte rucne a pak pouzijte T-Cleaner.

[Attistar]

Všechno je hotovo, jinak PC je svižnějším, takže super

[Márty84]

Vic s tim nenadelam, logy uz jsou ciste.

Jeste muzete...

Kliknete na START -> Spustit -> napiste msconfig -> OK
V okne najdete zalozku Po spuštění a povypinejte vse, co nepotrebujete aby se spoustelo hned pri startu pc. Tedy to, co si muzete spustit rucne az v pripade potreby.

No a tim jsem vycerpal sve moznosti

[Attistar]

Dobrá, tak já Vám děkuji za ochotu A nashle

[Márty84]

Nemate zac

Mejte se a treba zase nekdy