Zavirované PC

Zpráva

monikash · #1 Příspěvek od **monikash** » 03 dub 2011 09:26

Prosím o radu. V tomto počítači bylo několik Malware a trojanů. Dokonce zmizela většina ikon a W7 se tvářily jako nelegální (černá plocha). Po obnovení z uložené zálohy se wokna stále nechovají, jak mají, většina programů nešla rozjet, pomohlo jen přeinstalování. Pročistila jsem registry, projela SUPERAntySpywarem, eset smartem. Systém je stále zpomalený.
Tady je log z Hyjacku (rozjela jsem UPM, ale ten neotevřel a neuložil log.)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:10, on 3.4.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\V0530Mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\download\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boskovice.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search

Helper\SEPsearchhelperie.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live

\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [WheelMouse] C:\FULL-S~2\wh_exec.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [V0530Mon.exe] C:\Windows\V0530Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib

\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F}

- C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-

491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: http://cs-cz.facebook.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\bandoo\bndhook.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~2\Bandoo\Bandoo.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA

Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file

missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

(file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file

missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

(file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files

(x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10487 bytes

#2 Příspěvek od **vyosek** » 03 dub 2011 09:40

Zdravim a pekny den preji

Predpokladam ze vsak windows a eset legalni jsou

Poprosim o log z RSIT - viz muj podpis - je podrobnejsi nez HJT - a dejte mi sem oba logy - log.txt i info.txt - budou ulozeny v c:\rsit

monikash · #3 Příspěvek od **monikash** » 03 dub 2011 09:55

Ano, sw je legální. Přítel je ale pařan, tak si tam natáhl nějaké hry, které nemusely být košer. Ale některým lidem nevysvětlíte, že tohle je nejlepší cesta do pekel.
--------------------------

Logfile of random's system information tool 1.08 (written by random/random)
Run by Mirek at 2011-04-03 10:51:18
Microsoft Windows 7 Home Premium
System drive C: has 72 GB (54%) free of 134 GB
Total RAM: 4095 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:21, on 3.4.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\V0530Mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Mirek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boskovice.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [WheelMouse] C:\FULL-S~2\wh_exec.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [V0530Mon.exe] C:\Windows\V0530Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://cs-cz.facebook.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\bandoo\bndhook.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~2\Bandoo\Bandoo.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10461 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\IoctlSvc.exe
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1680
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Windows\V0530Mon.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\AUDIODG.EXE 0x160
"C:\download\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-04 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FF99715-3016-4381-84CE-E4E4C9673020}

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-01-26 15026056]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-01-13 2988784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastTVSync]
C:\Program Files (x86)\Common Files\InterVideo\FastTVSync\FastTVSync.exe [2003-12-26 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2010-12-08 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
C:\PROGRA~2\INTERV~1\DVD5R\SchSvr.exe [2003-12-26 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~2\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-12-26 184320]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-10-28 2763776]
"WheelMouse"=C:\FULL-S~2\wh_exec.exe [2008-10-09 98304]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-02-23 3451496]
"V0530Mon.exe"=C:\Windows\V0530Mon.exe [2008-02-19 28672]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-04-03 10:51:18 ----D---- C:\rsit
2011-04-03 10:51:18 ----D---- C:\Program Files\trend micro
2011-04-03 10:00:27 ----D---- C:\Program Files (x86)\Ultimate Process Manager
2011-04-02 21:00:36 ----D---- C:\Windows\pss
2011-04-02 20:52:16 ----HDC---- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2011-04-02 20:52:11 ----D---- C:\ProgramData\Lavasoft
2011-04-02 20:52:11 ----D---- C:\Program Files (x86)\Lavasoft
2011-04-02 20:12:57 ----D---- C:\Program Files (x86)\Microsoft Works
2011-04-02 20:12:42 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-04-02 20:12:15 ----D---- C:\Windows\PCHEALTH
2011-04-02 20:12:15 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-04-02 20:10:29 ----D---- C:\Program Files\Microsoft Office
2011-04-02 20:10:24 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-04-02 20:09:52 ----D---- C:\Program Files (x86)\Microsoft Office
2011-04-02 20:08:18 ----RHD---- C:\MSOCache
2011-04-02 20:00:20 ----D---- C:\Users\Mirek\AppData\Roaming\Vso
2011-04-02 19:56:13 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-04-02 19:54:44 ----D---- C:\ProgramData\NVIDIA Corporation
2011-04-02 19:54:13 ----A---- C:\Windows\system32\nvhdap64.dll
2011-04-02 19:54:13 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2011-04-02 19:54:12 ----A---- C:\Windows\system32\nvgenco64hda.dll
2011-04-02 19:54:10 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-04-02 19:54:10 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-04-02 19:54:10 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-04-02 19:54:10 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-04-02 19:54:10 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-04-02 19:54:10 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-04-02 19:54:10 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-04-02 19:54:10 ----A---- C:\Windows\system32\OpenCL.dll
2011-04-02 19:54:10 ----A---- C:\Windows\system32\nvoglv64.dll
2011-04-02 19:54:10 ----A---- C:\Windows\system32\nvgenco642040.dll
2011-04-02 19:54:10 ----A---- C:\Windows\system32\nvdispco642090.dll
2011-04-02 19:54:10 ----A---- C:\Windows\system32\nvd3dumx.dll
2011-04-02 19:54:10 ----A---- C:\Windows\system32\nvcuvid.dll
2011-04-02 19:54:10 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-04-02 19:54:10 ----A---- C:\Windows\system32\nvcuda.dll
2011-04-02 19:54:10 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-04-02 19:54:09 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-04-02 19:54:09 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2011-04-02 19:54:09 ----A---- C:\Windows\system32\nvcompiler.dll
2011-04-02 19:53:14 ----D---- C:\NVIDIA
2011-04-02 19:44:22 ----D---- C:\Windows\Panther
2011-04-02 18:42:53 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-04-02 18:42:53 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2011-04-02 18:42:53 ----A---- C:\Windows\SYSWOW64\msls31.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\msrating.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2011-04-02 18:42:52 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\wextract.exe
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\url.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\inseng.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\icardie.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2011-04-02 18:42:51 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2011-04-02 18:42:50 ----A---- C:\Windows\SYSWOW64\occache.dll
2011-04-02 18:42:50 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-04-02 18:42:50 ----A---- C:\Windows\SYSWOW64\mshta.exe
2011-04-02 18:42:50 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2011-04-02 18:42:50 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2011-04-02 18:42:50 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2011-04-02 18:42:50 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2011-04-02 18:42:50 ----A---- C:\Windows\SYSWOW64\admparse.dll
2011-04-02 18:42:48 ----A---- C:\Windows\system32\wininet.dll
2011-04-02 18:42:48 ----A---- C:\Windows\system32\urlmon.dll
2011-04-02 18:42:48 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-04-02 18:42:48 ----A---- C:\Windows\system32\msls31.dll
2011-04-02 18:42:48 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\pngfilt.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\occache.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\msrating.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\mshtml.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\mshta.exe
2011-04-02 18:42:47 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-02 18:42:47 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\jscript9.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\jscript.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\imgutil.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\ieUnatt.exe
2011-04-02 18:42:47 ----A---- C:\Windows\system32\iertutil.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\iepeers.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\ieakui.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\ieaksie.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-04-02 18:42:47 ----A---- C:\Windows\system32\admparse.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\webcheck.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\url.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-04-02 18:42:46 ----A---- C:\Windows\system32\mshtmler.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\ieui.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\iesysprep.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\iesetup.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\iernonce.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\ieframe.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\ieapfltr.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\ieakeng.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\ie4uinit.exe
2011-04-02 18:42:46 ----A---- C:\Windows\system32\icardie.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\dxtrans.dll
2011-04-02 18:42:46 ----A---- C:\Windows\system32\dxtmsft.dll
2011-04-02 18:42:45 ----A---- C:\Windows\system32\wextract.exe
2011-04-02 18:42:45 ----A---- C:\Windows\system32\vbscript.dll
2011-04-02 18:42:45 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-02 18:42:45 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-02 18:42:45 ----A---- C:\Windows\system32\inseng.dll
2011-04-02 18:42:45 ----A---- C:\Windows\system32\iexpress.exe
2011-04-02 18:35:23 ----D---- C:\ProgramData\Media Center Programs
2011-04-02 18:35:09 ----D---- C:\Program Files (x86)\Microsoft SDKs
2011-04-02 18:08:47 ----D---- C:\Program Files (x86)\PEKI dictionary
2011-04-02 18:04:22 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-04-02 18:03:42 ----D---- C:\Users\Mirek\AppData\Roaming\DAEMON Tools Lite
2011-04-02 17:57:11 ----D---- C:\Program Files (x86)\Adobe
2011-04-02 17:34:43 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-04-02 17:22:35 ----D---- C:\Users\Mirek\AppData\Roaming\Ahead
2011-04-02 17:22:17 ----D---- C:\ProgramData\Ahead
2011-04-02 16:41:02 ----D---- C:\Program Files (x86)\Kyodai
2011-04-02 16:36:16 ----D---- C:\Users\Mirek\AppData\Roaming\NVIDIA
2011-04-02 16:34:07 ----D---- C:\ProgramData\InterVideo
2011-04-02 16:27:25 ----D---- C:\ProgramData\Adobe
2011-04-02 16:01:46 ----D---- C:\Users\Mirek\AppData\Roaming\WinRAR
2011-04-02 16:00:03 ----D---- C:\Users\Mirek\AppData\Roaming\SUPERAntiSpyware.com
2011-04-02 16:00:03 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-04-02 15:59:24 ----D---- C:\ProgramData\!SASCORE
2011-04-02 15:58:58 ----D---- C:\Program Files\SUPERAntiSpyware
2011-04-02 15:25:50 ----D---- C:\Users\Mirek\AppData\Roaming\Softland
2011-04-02 15:25:40 ----A---- C:\Windows\system32\dopdfmn7.dll
2011-04-02 15:25:40 ----A---- C:\Windows\system32\dopdfmi7.dll
2011-04-02 15:25:34 ----A---- C:\Windows\system32\GdiPlus.dll
2011-04-02 15:25:23 ----D---- C:\Program Files\Softland
2011-04-02 15:00:32 ----D---- C:\Program Files (x86)\ESET
2011-04-01 20:53:48 ----D---- C:\Users\Mirek\AppData\Roaming\vlc
2011-04-01 20:42:05 ----D---- C:\Users\Mirek\AppData\Roaming\.purple
2011-04-01 20:41:15 ----D---- C:\Program Files (x86)\ICQ7.4
2011-04-01 20:39:39 ----D---- C:\Users\Mirek\AppData\Roaming\Bandoo
2011-04-01 20:38:12 ----D---- C:\Users\Mirek\AppData\Roaming\Macromedia
2011-04-01 19:43:21 ----D---- C:\Users\Mirek\AppData\Roaming\skypePM
2011-04-01 19:38:01 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-04-01 19:05:04 ----D---- C:\Windows\Logs
2011-04-01 18:49:07 ----D---- C:\ProgramData\Bandoo VIR
2011-04-01 18:43:16 ----D---- C:\Windows\Prefetch
2011-04-01 18:42:00 ----D---- C:\Users\Mirek\AppData\Roaming\InterVideo
2011-04-01 18:41:47 ----D---- C:\ProgramData\NVIDIA
2011-03-15 17:17:10 ----D---- C:\Program Files (x86)\Duty Calls
2011-03-15 15:56:38 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2011-03-15 15:56:38 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2011-03-15 15:56:38 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2011-03-15 15:56:38 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2011-03-15 15:56:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2011-03-15 15:56:38 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-03-15 15:56:38 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-03-15 15:56:38 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-03-15 15:56:38 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-03-15 15:56:38 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-03-15 15:56:37 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2011-03-15 15:56:37 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2011-03-15 15:56:37 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2011-03-15 15:56:37 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-03-15 15:56:37 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-03-15 15:56:37 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-03-15 15:56:36 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-03-15 15:56:36 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2011-03-15 15:56:36 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-03-15 15:56:36 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-03-15 15:56:36 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-03-15 15:56:36 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-03-15 15:56:36 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-03-15 15:56:36 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-03-15 15:56:36 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-03-15 15:56:36 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-03-15 15:56:35 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-03-15 15:56:35 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-03-15 15:56:35 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-03-15 15:56:35 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-03-15 15:56:33 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-03-15 15:56:33 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-03-15 15:56:31 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-03-15 15:56:31 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-03-15 15:56:30 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-03-15 15:56:30 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-03-15 15:56:28 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2011-03-15 15:56:28 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2011-03-15 15:56:28 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-03-15 15:56:28 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-03-15 15:56:27 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-03-15 15:56:27 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2011-03-15 15:56:27 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-03-15 15:56:27 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-03-15 15:56:27 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-03-15 15:56:27 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-03-15 15:56:26 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-03-15 15:56:26 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-03-15 15:56:26 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-03-15 15:56:26 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-03-15 15:56:25 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-03-15 15:56:25 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-03-15 15:56:25 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-03-15 15:56:25 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-03-15 15:56:24 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2011-03-15 15:56:24 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-03-15 15:56:23 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-03-15 15:56:23 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-03-15 15:56:23 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-03-15 15:56:23 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-03-15 15:56:23 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-03-15 15:56:23 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-03-15 15:56:23 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-03-15 15:56:23 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-03-15 15:56:22 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-03-15 15:56:22 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-03-15 15:56:22 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-03-15 15:56:22 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-03-15 15:56:22 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-03-15 15:56:22 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-03-12 19:42:39 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-03-12 19:42:39 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-03-12 19:42:39 ----A---- C:\Windows\SYSWOW64\java.exe
2011-03-09 19:36:03 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2011-03-09 19:36:03 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2011-03-09 19:36:03 ----A---- C:\Windows\system32\FntCache.dll
2011-03-09 19:36:03 ----A---- C:\Windows\system32\DWrite.dll
2011-03-09 19:36:03 ----A---- C:\Windows\system32\d2d1.dll
2011-03-09 19:36:02 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-03-09 19:36:02 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2011-03-09 19:36:02 ----A---- C:\Windows\system32\EncDec.dll
2011-03-09 19:36:02 ----A---- C:\Windows\system32\CPFilters.dll
2011-03-09 19:36:01 ----A---- C:\Windows\SYSWOW64\sbe.dll
2011-03-09 19:36:01 ----A---- C:\Windows\system32\sbe.dll
2011-03-09 19:36:00 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2011-03-09 19:36:00 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2011-03-09 19:36:00 ----A---- C:\Windows\system32\mstscax.dll
2011-03-09 19:36:00 ----A---- C:\Windows\system32\mstsc.exe

======List of files/folders modified in the last 1 months======

2011-04-03 10:51:19 ----D---- C:\Windows\Temp
2011-04-03 10:51:18 ----RD---- C:\Program Files
2011-04-03 10:50:35 ----D---- C:\download
2011-04-03 10:43:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-04-03 10:05:24 ----D---- C:\Windows\system32\config
2011-04-03 10:05:20 ----D---- C:\Windows\winsxs
2011-04-03 10:00:27 ----RD---- C:\Program Files (x86)
2011-04-03 09:59:42 ----D---- C:\bat
2011-04-03 09:52:43 ----D---- C:\Windows\System32
2011-04-03 09:52:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-03 09:52:42 ----D---- C:\Windows\inf
2011-04-03 09:48:55 ----D---- C:\Users\Mirek\AppData\Roaming\Skype
2011-04-02 22:23:24 ----SHD---- C:\Windows\Installer
2011-04-02 22:23:24 ----D---- C:\ProgramData\Microsoft Help
2011-04-02 22:23:07 ----SHD---- C:\System Volume Information
2011-04-02 22:21:59 ----RSD---- C:\Windows\assembly
2011-04-02 22:20:29 ----A---- C:\Windows\win.ini
2011-04-02 21:58:04 ----HD---- C:\ProgramData
2011-04-02 21:55:57 ----D---- C:\Program Files (x86)\Windows Searchqu Toolbar
2011-04-02 21:53:25 ----D---- C:\Program Files (x86)\Zoner
2011-04-02 21:05:58 ----D---- C:\Windows\Tasks
2011-04-02 21:00:36 ----D---- C:\Windows
2011-04-02 20:56:51 ----D---- C:\Windows\system32\Tasks
2011-04-02 20:56:50 ----D---- C:\Windows\system32\catroot
2011-04-02 20:56:42 ----D---- C:\Windows\system32\drivers
2011-04-02 20:31:43 ----D---- C:\Program Files (x86)\Kouzelné dárky
2011-04-02 20:24:00 ----D---- C:\Program Files (x86)\ABCgames Cheater
2011-04-02 20:14:45 ----SD---- C:\Users\Mirek\AppData\Roaming\Microsoft
2011-04-02 20:12:56 ----D---- C:\Windows\SysWOW64
2011-04-02 20:12:48 ----D---- C:\Program Files (x86)\MSBuild
2011-04-02 20:12:42 ----D---- C:\Program Files (x86)\Common Files
2011-04-02 20:12:39 ----D---- C:\Windows\ShellNew
2011-04-02 20:12:20 ----RSD---- C:\Windows\Fonts
2011-04-02 20:12:15 ----SD---- C:\ProgramData\Microsoft
2011-04-02 20:11:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-04-02 20:05:10 ----D---- C:\Program Files (x86)\DVDFab 7
2011-04-02 19:57:02 ----D---- C:\Windows\system32\DriverStore
2011-04-02 19:57:02 ----D---- C:\Windows\system32\catroot2
2011-04-02 19:55:23 ----D---- C:\Program Files\NVIDIA Corporation
2011-04-02 19:08:55 ----D---- C:\Windows\SYSWOW64\migration
2011-04-02 19:08:55 ----D---- C:\Windows\SYSWOW64\en-US
2011-04-02 19:08:55 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-04-02 19:08:55 ----D---- C:\Windows\system32\cs-CZ
2011-04-02 19:08:55 ----D---- C:\Program Files\Internet Explorer
2011-04-02 19:08:55 ----D---- C:\Program Files (x86)\Internet Explorer
2011-04-02 19:08:54 ----D---- C:\Windows\system32\migration
2011-04-02 19:08:54 ----D---- C:\Windows\system32\en-US
2011-04-02 19:08:54 ----D---- C:\Windows\PolicyDefinitions
2011-04-02 18:35:10 ----D---- C:\Windows\ehome
2011-04-02 18:27:26 ----D---- C:\Program Files (x86)\InterVideo
2011-04-02 18:20:40 ----D---- C:\Users\Mirek\AppData\Roaming\Winamp
2011-04-02 18:18:13 ----D---- C:\Program Files (x86)\Winamp
2011-04-02 18:17:12 ----D---- C:\Program Files (x86)\Winamp Detect
2011-04-02 18:06:07 ----D---- C:\Program Files (x86)\IrfanView
2011-04-02 18:02:18 ----D---- C:\Program Files\CCleaner
2011-04-02 18:00:31 ----D---- C:\Users\Mirek\AppData\Roaming\ICQ
2011-04-02 17:58:17 ----D---- C:\Users\Mirek\AppData\Roaming\Adobe
2011-04-02 17:50:46 ----A---- C:\Windows\Kyor.ini
2011-04-02 17:34:42 ----D---- C:\Program Files\Windows Sidebar
2011-04-02 17:30:27 ----D---- C:\Users\Mirek\AppData\Roaming\Zoner
2011-04-02 17:21:13 ----D---- C:\Program Files (x86)\Nero
2011-04-02 17:05:03 ----D---- C:\Program Files (x86)\DVDFab 8
2011-04-02 16:54:41 ----D---- C:\ProgramData\Nero
2011-04-02 16:46:28 ----D---- C:\totalcmd
2011-04-02 16:39:16 ----A---- C:\Windows\Zumma deluxe Setup Log.txt
2011-04-02 16:39:14 ----D---- C:\Program Files (x86)\Zumma deluxe
2011-04-02 16:38:46 ----A---- C:\Windows\iun6002.exe
2011-04-01 20:45:48 ----D---- C:\Program Files (x86)\Pidgin
2011-04-01 20:41:32 ----D---- C:\Windows\SYSWOW64\wbem
2011-04-01 20:41:31 ----D---- C:\ProgramData\ICQ
2011-04-01 20:41:31 ----D---- C:\Program Files (x86)\ICQ6Toolbar
2011-04-01 20:41:30 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-04-01 20:31:06 ----D---- C:\Windows\system32\LogFiles
2011-04-01 20:07:26 ----D---- C:\Users\Mirek\AppData\Roaming\Mozilla
2011-04-01 20:04:13 ----D---- C:\Program Files (x86)\Opera
2011-04-01 19:43:21 ----D---- C:\ProgramData\Skype
2011-04-01 19:42:45 ----D---- C:\Users\Mirek\AppData\Roaming\IrfanView
2011-04-01 19:37:10 ----D---- C:\Windows\system32\wfp
2011-04-01 19:37:09 ----D---- C:\Windows\Microsoft.NET
2011-04-01 19:37:07 ----D---- C:\Program Files (x86)\ViaVoice TTS
2011-04-01 19:37:07 ----D---- C:\Program Files (x86)\GameSpy Arcade
2011-04-01 19:37:07 ----D---- C:\EVEREST_Ultimate_Edition_4.20.1170_FiNAL_CZ-SK-iND
2011-04-01 19:37:06 ----D---- C:\Windows\system32\wbem
2011-04-01 19:35:37 ----RSD---- C:\Windows\Media
2011-04-01 19:35:36 ----RD---- C:\Users
2011-04-01 19:35:36 ----D---- C:\Program Files\Common Files\Services
2011-04-01 19:35:34 ----D---- C:\Windows\TAPI
2011-04-01 19:35:33 ----D---- C:\Windows\SYSWOW64\Recovery
2011-04-01 19:35:33 ----D---- C:\Windows\SYSWOW64\drivers\cs-CZ
2011-04-01 19:35:33 ----D---- C:\Windows\SYSWOW64\cs
2011-04-01 19:35:33 ----D---- C:\Windows\Offline Web Pages
2011-04-01 19:35:32 ----D---- C:\Windows\Downloaded Program Files
2011-04-01 19:35:32 ----D---- C:\Windows\cs-CZ
2011-04-01 19:35:32 ----D---- C:\Program Files\Windows Mail
2011-04-01 19:35:32 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-04-01 19:35:32 ----D---- C:\Program Files (x86)\Windows Mail
2011-04-01 19:35:30 ----D---- C:\Windows\Vss
2011-04-01 19:35:30 ----D---- C:\Windows\twain_32
2011-04-01 19:35:30 ----D---- C:\Windows\SYSWOW64\xlive
2011-04-01 19:35:30 ----D---- C:\Windows\SYSWOW64\wdi
2011-04-01 19:35:29 ----D---- C:\Windows\SYSWOW64\drivers
2011-04-01 19:35:29 ----D---- C:\Windows\SYSWOW64\com
2011-04-01 19:35:27 ----D---- C:\Windows\Speech
2011-04-01 19:35:27 ----D---- C:\Windows\Setup
2011-04-01 19:35:26 ----D---- C:\Windows\security
2011-04-01 19:35:26 ----D---- C:\Windows\PLA
2011-04-01 19:35:26 ----D---- C:\Windows\msagent
2011-04-01 19:35:19 ----D---- C:\Windows\lhsp
2011-04-01 19:35:12 ----D---- C:\Windows\IME
2011-04-01 19:35:12 ----D---- C:\Windows\Help
2011-04-01 19:35:11 ----D---- C:\Windows\cs
2011-04-01 19:35:00 ----D---- C:\Windows\AppPatch
2011-04-01 19:35:00 ----D---- C:\Windows\AppCompat
2011-04-01 19:34:59 ----D---- C:\Users\Mirek\AppData\Roaming\ScummVM
2011-04-01 19:34:59 ----D---- C:\Users\Mirek\AppData\Roaming\Opera
2011-04-01 19:34:56 ----D---- C:\Users\Mirek\AppData\Roaming\gtk-2.0
2011-04-01 19:34:56 ----D---- C:\Users\Mirek\AppData\Roaming\GHISLER
2011-04-01 19:34:50 ----D---- C:\TopCD
2011-04-01 19:34:46 ----D---- C:\Program Files\WinRAR
2011-04-01 19:34:46 ----D---- C:\Program Files\Windows Live
2011-04-01 19:34:46 ----D---- C:\Program Files\Microsoft Games
2011-04-01 19:34:45 ----D---- C:\Program Files\Java
2011-04-01 19:34:45 ----D---- C:\Program Files\Common Files
2011-04-01 19:34:44 ----D---- C:\Program Files (x86)\Windows Media Player
2011-04-01 19:34:44 ----D---- C:\Program Files (x86)\Windows Live
2011-04-01 19:34:41 ----RD---- C:\Program Files (x86)\Skype
2011-04-01 19:34:41 ----D---- C:\Program Files (x86)\VideoLAN
2011-04-01 19:34:41 ----D---- C:\Program Files (x86)\VIA
2011-04-01 19:34:41 ----D---- C:\Program Files (x86)\Ve stínu havrana
2011-04-01 19:34:41 ----D---- C:\Program Files (x86)\Trust
2011-04-01 19:34:39 ----D---- C:\Program Files (x86)\OpenAL
2011-04-01 19:34:38 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-04-01 19:34:38 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-04-01 19:34:35 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-04-01 19:34:34 ----D---- C:\Program Files (x86)\Java
2011-04-01 19:34:30 ----D---- C:\Program Files (x86)\GODS
2011-04-01 19:34:29 ----D---- C:\Program Files (x86)\EA GAMES
2011-04-01 19:34:28 ----D---- C:\Program Files (x86)\Conduit
2011-04-01 19:34:22 ----D---- C:\Program Files (x86)\BRS
2011-04-01 19:34:21 ----D---- C:\Program Files (x86)\Auralog
2011-04-01 19:34:20 ----D---- C:\Program Files (x86)\Activision
2011-04-01 19:34:20 ----D---- C:\Program Files (x86)\7-Zip
2011-04-01 19:34:19 ----D---- C:\Live! Cam
2011-04-01 19:34:19 ----D---- C:\Kyodai1
2011-04-01 19:34:19 ----D---- C:\Full-size Wireless Mouse
2011-04-01 19:34:18 ----SHD---- C:\$RECYCLE.BIN
2011-04-01 19:34:18 ----D---- C:\Full-size Mouse
2011-04-01 19:34:18 ----D---- C:\DVDFab 5
2011-04-01 19:34:18 ----D---- C:\Acer lcd
2011-04-01 19:34:06 ----D---- C:\Windows\registration
2011-04-01 19:33:46 ----D---- C:\Windows\SYSWOW64\config
2011-04-01 19:24:10 ----D---- C:\Program Files\Common Files\System
2011-04-01 19:06:50 ----D---- C:\Windows\SoftwareDistribution
2011-04-01 18:39:55 ----D---- C:\Windows\debug
2011-03-12 19:23:23 ----D---- C:\Windows\system32\CodeIntegrity
2011-03-09 20:55:14 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-11-22 69152]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-12-31 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-02-23 31064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-02-23 505176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-02-23 280408]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-02-23 53592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-02-23 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 64344]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-11-12 155752]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-09-03 82816]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-19 239616]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-10-21 1270784]
S3 aucv6ly4;aucv6ly4; C:\Windows\system32\drivers\aucv6ly4.sys []
S3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2010-11-22 17440]
S3 V0530Dev;Creative Camera VF0530 Driver; C:\Windows\system32\DRIVERS\V0530Vid.sys [2009-12-15 319488]
S3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-26 9600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-02-23 42184]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 1005160]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S2 Bandoo Coordinator;Bandoo Coordinator; C:\PROGRA~2\Bandoo\Bandoo.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-04-02 1375992]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-03 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2011-04-03 10:51:22

======Uninstall list======

-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\CtDrvIns.exe -uninstall -script VF0530.uns -unsext NTamd64 -plugin V0530Pin.dll -pluginres CtCamPin.crl -langid 0x0405
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
7-Zip 9.20-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}\Ad-AwareInstall.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}\Ad-AwareInstall.exe
Adobe Flash Player 10 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_10_2_161_ActiveX.exe -maintain activex
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin
Adobe Reader X - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA0000000001}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Call of Duty(R) 2-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Creative Live! Cam Chat IM (VF0530) (1.02.02.00)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0530.uns -unsext NTamd64 -plugin V0530Pin.dll -pluginres CtCamPin.crl -langid 0x0405
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Devices and Printers icon for Trust 16232-->"C:\Program Files (x86)\Trust\16232-DMP\Uninstall.exe"
Devices and Printers icon for Trust 16441-->"C:\Program Files (x86)\Trust\16441-DMP\Uninstall.exe"
doPDF 7.2 printer-->"C:\Program Files\Softland\doPDF 7\unins000.exe"
Duty Calls-->MsiExec.exe /I{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}
DVDFab 7.0.6.2 (20/05/2010)-->"C:\Program Files (x86)\DVDFab 7\unins001.exe"
DVDFab 8.0.6.6 (30/12/2010)-->"C:\Program Files (x86)\DVDFab 8\unins001.exe"
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Full-size Mouse 6.0.0.005-->C:\FULL-S~2\uninst.exe
GameSpy Software-->C:\PROGRA~2\GAMESP~1\UNWISE.EXE C:\PROGRA~2\GAMESP~1\INSTALL.LOG
GODS Lands of Infinity CZ 1.2a-->"C:\Program Files (x86)\GODS\unins000.exe"
HijackThis 2.0.2-->"C:\download\HijackThis.exe" /uninstall
IBM ViaVoice TTS Runtime v5.0 - Deutsch-->C:\Windows\IsUn0407.exe -f"C:\Program Files (x86)\ViaVoice TTS\vvol50Gr_GR.isu" -c"C:\Program Files (x86)\ViaVoice TTS\vo50u_GR.dll"
IBM ViaVoice TTS Runtime v5.0 - Français-->C:\Windows\IsUn040c.exe -f"C:\Program Files (x86)\ViaVoice TTS\vvol50Fr_FR.isu" -c"C:\Program Files (x86)\ViaVoice TTS\vo50u_FR.dll"
ICQ7.4-->"C:\Program Files (x86)\InstallShield Installation Information\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
InterVideo WinDVD Recorder 5-->"C:\Program Files (x86)\InstallShield Installation Information\{0B168FED-B9EC-4DA8-AC17-9A41F284640B}\setup.exe" REMOVEALL
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 21 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416021FF}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Kouzelné dárky-->C:\Program Files (x86)\Kouzelné dárky\Uninstall.exe
Kyodai-->"C:\Program Files (x86)\Kyodai\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, Uninstall
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{B44F3823-52DD-45CA-A916-8B320778715D}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{1FDA5A37-B22D-43FF-B582-B8964050DC13}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows Media Center SDK 5.3-->MsiExec.exe /I{7FE2549F-361D-4F9F-BB3E-75D08EFEB313}
Mozilla Firefox (3.6.16)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Premium-->MsiExec.exe /X{91C0B95B-B83A-4828-A775-BBE2DD421029}
Nero 7 Premium-->MsiExec.exe /X{C6115A28-F277-4E82-B067-84D28BF21029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Ovladač 3D Vision 266.58-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovladač HD audia 1.1.13.1-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA Ovladače grafiky 266.58-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Systémový software PhysX 9.10.0514-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
Opera 11.01-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení-->MsiExec.exe /I{B6190387-0036-4BEB-8D74-A0AFC5F14706}
PEKI dictionary 1.21-->C:\Program Files (x86)\PEKI dictionary\uninst.exe
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
PowerArchiver 2010-->MsiExec.exe /I{00907498-E114-4D7F-8421-B2F51801F28A}
Puzzle Rocks 1.0-->"C:\Program Files (x86)\Puzzle Rocks\unins000.exe"
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Rapture3D 2.3.26 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Skype Toolbars-->MsiExec.exe /I{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
UberSoldier-->"C:\TopCD\UberSoldier\unins001.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Outlook 2007 Junk Email Filter (KB2508979)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D2137BBA-250B-4548-BC1C-19E5009893D7}
VIA Platforma Ovladače zařízení-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\SysWOW64\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.1.8-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Family Safety-->MsiExec.exe /I{701D8EE6-6A5A-4509-9740-35F551193CE0}
Windows Live Family Safety-->MsiExec.exe /X{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C454280F-3C3E-4929-B60E-9E6CED5717E7}
Windows Live Mesh-->MsiExec.exe /I{80E8C65A-8F70-4585-88A2-ABC54BABD576}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{50300123-F8FC-4B50-B449-E847D04F1BA2}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live Remote Client Resources-->MsiExec.exe /I{3921492E-82D2-4180-8124-E347AD2F2DB4}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{1407B87C-36E3-4FC1-9051-D08B21E1096F}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{AB78C965-5C67-409B-8433-D7B5BDB12073}
Windows Live Writer-->MsiExec.exe /X{4264C020-850B-4F08-ACBE-98205D9C336C}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Zoner Photo Studio 11-->"C:\Program Files (x86)\Zoner\Photo Studio 11\unins000.exe" /SILENT
Zumma deluxe-->C:\Windows\iun6002.exe "C:\Program Files (x86)\Zumma deluxe\irunin.ini"

======System event log======

Computer Name: Mirek-PC
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 11712
Source Name: EventLog
Time Written: 20101025074802.000000-000
Event Type: Informace
User:

Computer Name: Mirek-PC
Event Code: 6009
Message: Microsoft (R) Windows (R) 6.01. 7600 Multiprocessor Free.
Record Number: 11711
Source Name: EventLog
Time Written: 20101025074802.000000-000
Event Type: Informace
User:

Computer Name: Mirek-PC
Event Code: 7036
Message: Stav služby Hostitel zařízení UPnP byl změněn na: Zastaveno
Record Number: 11710
Source Name: Service Control Manager
Time Written: 20101024180319.100946-000
Event Type: Informace
User:

Computer Name: Mirek-PC
Event Code: 7036
Message: Stav služby Windows Search byl změněn na: Zastaveno
Record Number: 11709
Source Name: Service Control Manager
Time Written: 20101024180319.069746-000
Event Type: Informace
User:

Computer Name: Mirek-PC
Event Code: 7036
Message: Stav služby Šifrování byl změněn na: Zastaveno
Record Number: 11708
Source Name: Service Control Manager
Time Written: 20101024180318.664145-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x64
P2: ACPI\ATK0110
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMIFA84.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_7b90e53f6497da36d01d2c8167badd7549330a6_cab_06d5fb00

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 31ea76a2-b775-11df-b399-a071076be641
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100903160623.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100903160518.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100903160513.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100903160509.755296-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100903160509.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100903160457.119274-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x1c4
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100903160457.119274-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x307c9
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100903160453.687268-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100903160452.080465-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100903160452.018065-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602

-----------------EOF-----------------

monikash · #4 Příspěvek od **monikash** » 03 dub 2011 11:07

Taky tam nic nevidíte, že? Nelíbí se mi to Bandoo, protože mi esetsmart před obnovením vyhodil, že ten trojan je bandoo. :-/

#5 Příspěvek od **vyosek** » 03 dub 2011 11:47

Ja tam havet vidim

Stahnete na plochu CKScanner

Spustte a kliknete na Search for files
Po dokonceni skenu kliknete na Save List to File a nasledne OK
Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

monikash · #6 Příspěvek od **monikash** » 03 dub 2011 12:21

CKScanner - Additional Security Risks - These are not necessarily bad
c:\bat\dvdfab 7.0.6.2 - final\dvdfab.v7062 final crack\dvdfab.exe
c:\bat\masseffect\funkcni crack a keygen\keygen.exe
c:\bat\masseffect\funkcni crack a keygen\me\me-dtn.nfo
c:\bat\zuma deluxe\zuma deluxe_keygen.exe
scanner sequence 3.CA.11
----- EOF -----

1. a 4 keygen zcela jistě nebyl spuštěn.
Předpokládám, že nyní mám spustit Cobofix

#7 Příspěvek od **vyosek** » 03 dub 2011 12:27

Ano spustte nyni CFko...

monikash · #8 Příspěvek od **monikash** » 03 dub 2011 12:34

Tak to proběhlo. Něco málo smazalo:

ComboFix 11-04-02.03 - Mirek 03.04.2011 13:28:09.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.2863 [GMT 2:00]
Spuštěný z: c:\users\Mirek\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Searchqu Toolbar
c:\users\Mirek\AppData\Roaming\inst.exe
c:\users\Mirek\Documents\cc_20110401_195052.reg
c:\users\Mirek\Documents\cc_20110401_195133.reg
c:\users\Mirek\Documents\cc_20110402_165804.reg
c:\users\Mirek\Documents\cc_20110402_165833.reg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-03 do 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2011-04-03 11:31 . 2011-04-03 11:31 -------- d-----w- c:\users\Anička\AppData\Local\temp
2011-04-03 11:01 . 2007-02-23 20:53 33792 ----a-w- c:\windows\system32\Spool\prtprocs\x64\xrxs1pc.dll
2011-04-03 09:27 . 2011-04-03 09:27 -------- d-----w- c:\users\Anička\AppData\Roaming\Ahead
2011-04-03 09:27 . 2011-04-03 09:27 -------- d-----w- c:\users\Anička\AppData\Local\Ahead
2011-04-03 09:25 . 2011-04-03 09:26 -------- d-----w- c:\users\Anička\AppData\Roaming\Zoner
2011-04-03 08:51 . 2011-04-03 08:51 -------- d-----w- C:\rsit
2011-04-03 08:51 . 2011-04-03 08:51 -------- d-----w- c:\program files\trend micro
2011-04-03 08:00 . 2011-04-03 08:00 -------- d-----w- c:\program files (x86)\Ultimate Process Manager
2011-04-02 20:21 . 2011-04-02 20:21 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-04-02 18:53 . 2011-04-02 18:53 -------- d-----w- c:\users\Mirek\AppData\Local\Sunbelt Software
2011-04-02 18:52 . 2011-04-03 11:12 -------- d-----w- c:\programdata\Lavasoft
2011-04-02 18:12 . 2011-04-02 20:21 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-04-02 18:12 . 2011-04-02 18:12 -------- d-----w- c:\windows\PCHEALTH
2011-04-02 18:12 . 2011-04-02 18:12 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-04-02 18:10 . 2011-04-02 18:10 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-04-02 18:08 . 2011-04-02 18:08 -------- d-----r- C:\MSOCache
2011-04-02 18:00 . 2011-04-02 18:00 -------- d-----w- c:\users\Mirek\AppData\Roaming\Vso
2011-04-02 17:56 . 2011-04-02 17:56 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-04-02 17:53 . 2011-04-02 17:53 -------- d-----w- C:\NVIDIA
2011-04-02 17:44 . 2011-04-02 17:44 -------- d-----w- c:\windows\Panther
2011-04-02 16:35 . 2011-04-02 16:35 -------- d-----w- c:\programdata\Media Center Programs
2011-04-02 16:35 . 2011-04-02 16:35 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-04-02 16:08 . 2011-04-02 16:08 -------- d-----w- c:\program files (x86)\PEKI dictionary
2011-04-02 16:04 . 2011-04-02 16:04 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-04-02 16:03 . 2011-04-02 16:03 -------- d-----w- c:\users\Mirek\AppData\Roaming\DAEMON Tools Lite
2011-04-02 15:57 . 2011-04-02 15:57 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-04-02 15:34 . 2011-02-23 13:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-02 15:22 . 2011-04-02 15:22 -------- d-----w- c:\users\Mirek\AppData\Roaming\Ahead
2011-04-02 15:22 . 2011-04-02 15:22 -------- d-----w- c:\programdata\Ahead
2011-04-02 14:41 . 2011-04-02 14:41 -------- d-----w- c:\program files (x86)\Kyodai
2011-04-02 14:36 . 2011-04-02 14:36 -------- d-----w- c:\users\Mirek\AppData\Roaming\NVIDIA
2011-04-02 14:34 . 2011-04-02 17:45 -------- d-----w- c:\programdata\InterVideo
2011-04-02 14:22 . 2011-04-02 14:22 -------- d-----w- c:\users\Mirek\AppData\Local\ElevatedDiagnostics
2011-04-02 14:00 . 2011-04-02 14:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-02 13:25 . 2011-04-02 13:25 -------- d-----w- c:\users\Mirek\AppData\Roaming\Softland
2011-04-02 13:25 . 2011-02-15 14:31 24912 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-04-02 13:25 . 2011-02-15 14:30 20816 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-04-02 13:25 . 2010-02-05 12:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-04-02 13:25 . 2011-04-02 13:25 -------- d-----w- c:\program files\Softland
2011-04-02 13:20 . 2011-04-02 13:20 -------- d-----w- c:\users\Mirek\AppData\Local\GHISLER
2011-04-02 13:00 . 2011-04-02 13:00 -------- d-----w- c:\program files (x86)\ESET
2011-04-01 18:53 . 2011-04-01 18:55 -------- d-----w- c:\users\Mirek\AppData\Roaming\vlc
2011-04-01 18:47 . 2011-04-02 15:58 -------- d-----w- c:\users\Mirek\AppData\Local\Adobe
2011-04-01 18:42 . 2011-04-02 14:13 -------- d-----w- c:\users\Mirek\AppData\Roaming\.purple
2011-04-01 18:41 . 2011-04-01 18:41 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2011-04-01 18:41 . 2011-04-02 13:15 -------- d-----w- c:\program files (x86)\ICQ7.4
2011-04-01 18:39 . 2011-04-01 18:39 -------- d-----w- c:\users\Mirek\AppData\Roaming\Bandoo
2011-04-01 17:43 . 2011-04-03 07:48 -------- d-----w- c:\users\Mirek\AppData\Roaming\skypePM
2011-04-01 17:41 . 2011-03-23 08:11 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E78806A1-18A6-4AAD-9254-B531A6737A5B}\mpengine.dll
2011-04-01 17:38 . 2011-04-01 17:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-04-01 17:05 . 2011-04-02 16:43 -------- d-----w- c:\windows\Logs
2011-04-01 16:49 . 2011-04-01 17:37 -------- d-----w- c:\programdata\Bandoo VIR
2011-04-01 16:42 . 2011-04-02 14:34 -------- d-----w- c:\users\Mirek\AppData\Roaming\InterVideo
2011-04-01 16:41 . 2011-04-03 11:15 -------- d-----w- c:\programdata\NVIDIA
2011-03-15 15:17 . 2011-04-02 15:46 -------- d-----w- c:\program files (x86)\Duty Calls
2011-03-12 17:42 . 2011-04-01 17:34 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-02 14:38 . 2010-12-28 15:35 720896 ----a-w- c:\windows\iun6002.exe
2011-03-14 11:16 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-23 14:04 . 2010-09-03 16:42 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2010-09-03 16:42 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-23 14:04 . 2011-01-22 12:21 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:57 . 2010-09-03 16:42 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2010-09-03 16:42 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-09-03 16:42 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:55 . 2010-09-03 16:42 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 13:54 . 2010-09-03 16:42 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 20:40 . 2010-09-04 06:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 16:11 . 2010-09-03 16:40 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 11:49 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 11:49 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 11:49 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-08 03:27 . 2010-07-10 03:38 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-01-08 03:27 . 2010-07-10 03:38 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-01-07 18:50 . 2011-01-07 18:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-07 18:50 . 2011-01-07 18:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 18:49 . 2011-01-07 18:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-07 18:49 . 2011-01-07 18:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 18:49 . 2011-01-07 18:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 18:49 . 2011-01-07 18:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 08:07 . 2011-02-23 09:45 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 08:07 . 2011-02-23 09:45 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 08:06 . 2011-02-09 11:48 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:31 . 2011-02-23 09:45 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 09:45 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 11:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 11:48 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 11:48 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 04:00 . 2011-02-09 11:49 3127808 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"WheelMouse"="c:\full-s~2\wh_exec.exe" [2008-10-08 98304]
"V0530Mon.exe"="c:\windows\V0530Mon.exe" [2008-02-19 28672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 V0530Dev;Creative Camera VF0530 Driver;c:\windows\system32\DRIVERS\V0530Vid.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.boskovice.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
Trusted Zone: facebook.com\cs-cz
FF - ProfilePath - c:\users\Mirek\AppData\Roaming\Mozilla\Firefox\Profiles\jx6l8rpu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.boskovice.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
WebBrowser-{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - (no file)
AddRemove-Puzzle Rocks_is1 - c:\program files (x86)\Puzzle Rocks\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-04-03 13:32:41
ComboFix-quarantined-files.txt 2011-04-03 11:32
.
Před spuštěním: Volných bajtů: 84 204 589 056
Po spuštění: Volných bajtů: 86 072 971 264
.
- - End Of File - - BCB40267D601C003C40C00D9854EF744

#9 Příspěvek od **vyosek** » 03 dub 2011 14:15

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\windows\system32\Spool\prtprocs\x64\xrxs1pc.dll
c:\windows\iun6002.exe
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

monikash · #10 Příspěvek od **monikash** » 03 dub 2011 14:32

http://www.virustotal.com/file-scan/rea ... 1301837158

http://www.virustotal.com/file-scan/rea ... 1301837508

#11 Příspěvek od **vyosek** » 03 dub 2011 17:35

Jak se chova PC

monikash · #12 Příspěvek od **monikash** » 03 dub 2011 17:41

Po ComboFixu zmizela ikona Avastu v liště v pravo dole. Ale pokud byl napadená, tak, si zasloužil uninstal a po restartu novou instalaci.
Jinak programy i internet jedou.

Doplňuji, Ubersoldier nešel spustit, hlásí chybějící knihovnu sv.dll. Jedná se o originál z ABC, ten by neměl obsahovat viry. Provedla jsem reinstal abeze změny.

monikash · #13 Příspěvek od **monikash** » 03 dub 2011 18:07

No, je vidět, že nehraju hry. Chybělo tomu medium v mechanice.......

#14 Příspěvek od **vyosek** » 03 dub 2011 19:02

Takze PC se nyni chova korektne

monikash · #15 Příspěvek od **monikash** » 03 dub 2011 19:11

Nezmizely odinstalované ikony v Ilonech oznamovací oblasti a stále se obnobuje odinstalovaný PowerArchiwer v seznamu nainstalovaného SW.

VIRY.CZ

Zavirované PC

Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC

Re: Zavirované PC