Cycbot.B

Zpráva

FaethorCZ · #1 Příspěvek od **FaethorCZ** » 10 dub 2011 21:41

Ahoj,

uhnízdil se mi cycbot.B a nemůžu ho vyhnat, poradíte mi? Díky moc předem...Tady je log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:53, on 10.4.2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Users\Aperta\AppData\Roaming\dwm.exe
C:\Users\Aperta\AppData\Local\Temp\csrss.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Users\Aperta\AppData\Roaming\Microsoft\conhost.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Aperta\Documents\Downloads\Programs\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:55636
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Aperta\AppData\Local\Temp\csrss.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [conhost] C:\Users\Aperta\AppData\Roaming\Microsoft\conhost.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - C:\windows\SYSTEM32\DeviceNP.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - c:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13675 bytes

#2 Příspěvek od **Rudy** » 10 dub 2011 21:45

Dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 . Je podrobnější, než HijackThis.

FaethorCZ · #3 Příspěvek od **FaethorCZ** » 11 dub 2011 06:57

Tady to je...

info.txt logfile of random's system information tool 1.08 2011-04-11 07:56:00

======Uninstall list======

-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
2007 Microsoft Office system-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
ActivClient x64-->MsiExec.exe /X{86E45973-5352-439F-A115-2E8EE4D40140}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
AnyToISO-->"C:\Program Files (x86)\AnyToISO\unins000.exe"
Balíček ovladače systému Windows - Nokia Modem (06/09/2010 7.01.0.8)-->C:\PROGRA~1\DIFX\0169CE3A95F06636\dpinst.exe /u C:\windows\System32\DriverStore\FileRepository\nokbtmdm.inf_amd64_neutral_68b2fb14204f3667\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia Modem (10/07/2010 4.6)-->C:\PROGRA~1\DIFX\0169CE3A95F06636\dpinst.exe /u C:\windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_amd64_neutral_875547a32190c11c\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\F4092DA208C2C970\dpinst.exe /u C:\windows\system32\DRVSTORE\pccsmcfdx6_8A3BAB842294F8D9255C3CF2A3B1CECAEEB8EA7E\pccsmcfdx64.inf
Bing Bar-->MsiExec.exe /X{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}
Bing Rewards Client Installer-->MsiExec.exe /X{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}
Broadcom 2070 Bluetooth 2.1 + EDR-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Call of Duty(R) - World at War(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0405
Call of Duty(R) 2-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374}
Catalyst Control Center - Branding-->MsiExec.exe /I{16CA9DAC-6A40-4204-A826-33C4D52A266C}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Device Access Manager for HP ProtectTools-->MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
DirectX 9 Runtime-->MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
Drive Encryption for HP ProtectTools-->msiexec.exe /i {34E6F14D-68F9-486D-87BA-6AA8431F3F44}
eMule-->"C:\eMule\Uninstall.exe"
Energy Star Digital Logo-->MsiExec.exe /I{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}
File Sanitizer For HP ProtectTools-->MsiExec.exe /I{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}
Gothic III-->C:\Program Files (x86)\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe -runfromtemp -l0x0005 -removeonly
HP 3D DriveGuard-->MsiExec.exe /X{299625B9-6C69-462C-9CEA-8E06D878B1C5}
HP Advisor-->MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Documentation-->MsiExec.exe /X{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}
HP ESU for Microsoft Windows 7-->MsiExec.exe /X{722A2876-B382-4AB5-8CC9-007FF5B28641}
HP HotKey Support-->MsiExec.exe /X{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}
HP Power Assistant-->MsiExec.exe /X{3C33FD2E-6B21-4CD3-B41A-A7331D467617}
HP Power Data-->MsiExec.exe /X{42DBA167-C25D-49CE-BBAF-DEC25E737DA8}
HP ProtectTools Security Manager-->c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\setup.exe
HP ProtectTools Security Manager-->MsiExec.exe /X{9D06DE3F-0B91-4E1F-B791-619A9D1B53EF}
HP QuickLook-->MsiExec.exe /X{3B392D0A-F3F6-41EA-8DDB-D657ABA70168}
HP QuickWeb-->MsiExec.exe /X{7861911B-4270-498A-8F7A-FCF0570F4877}
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}\setup.exe" -l0x9 -removeonly
HP SoftPaq Download Manager-->MsiExec.exe /I{2DA697D7-FED3-4DE2-A174-92A2A12F9688}
HP Software Framework-->MsiExec.exe /X{DA200FDD-DE3D-4958-8465-C4FBC869544B}
HP Software Setup-->MsiExec.exe /X{04801E42-B1A6-4C52-9F3D-CADB5A050433}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Web Camera-->MsiExec.exe /I{C7AE4EC3-9C13-4213-8457-74D16B353F91}
HP Webcam Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}\setup.exe" -runfromtemp -l0x0009 -removeonly
HP Webcam-->C:\ProgramData\Uninstall\{1D61E881-43CD-447B-9E6B-D2C6138B2862}\setup.exe /x {1D61E881-43CD-447B-9E6B-D2C6138B2862}
HP Wireless Assistant-->MsiExec.exe /X{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Inkscape 0.48.1 -->C:\Inkscape\Uninstall.exe
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel(R) Turbo Boost Technology Driver-->C:\Program Files (x86)\Intel\Intel(R) Turbo Boost Technology Driver\Uninstall\setup.exe -uninstall -iips
Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Internet Download Manager-->C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
Java Card Security for HP ProtectTools-->MsiExec.exe /X{F4477CC0-7293-414A-93BC-20EE897A80F0}
LightScribe System Software-->MsiExec.exe /X{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}
LSI HDA Modem-->C:\windows\agrsmdel
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Antimalware Service CS-CZ Language Pack-->MsiExec.exe /X{F6197679-051D-4E3E-9757-4D5CDA6D658B}
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Default Manager-->MsiExec.exe /X{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{1FDA5A37-B22D-43FF-B582-B8964050DC13}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Security Client CS-CZ Language Pack-->MsiExec.exe /I{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}
Microsoft Security Client-->MsiExec.exe /I{E77543EE-6FB5-4FF6-AB70-635392C8C756}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Mozilla Firefox (3.6.16)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVC80_x64_v2-->MsiExec.exe /I{4D668D4F-FAA2-4726-834C-31F4614F312E}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x64-->MsiExec.exe /I{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{4216D328-0FE8-48B8-85B8-BD300E6F080F}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{3553E875-F00E-4031-BDEC-75FB1DFEB093}
Nokia Ovi Suite-->C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer.exe
Nokia Ovi Suite-->MsiExec.exe /X{3FC42713-B6E7-49AA-A553-A224FE9828A8}
Nokia PC Suite-->C:\ProgramData\Installations\{F38FD0E4-B991-462B-873D-F2115EADD093}\Nokia_PC_Suite_cze_web.exe
Nokia PC Suite-->MsiExec.exe /I{F38FD0E4-B991-462B-873D-F2115EADD093}
Ovi Desktop Sync Engine-->MsiExec.exe /X{28191B83-1D60-44B6-9B08-E854EF6632D5}
OviMPlatform-->MsiExec.exe /I{08600005-5228-4BF6-845E-E9A957AFDCB4}
PC Connectivity Solution-->MsiExec.exe /I{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}
PDF Complete Special Edition-->C:\Program Files (x86)\PDF Complete\uninstall.exe
Privacy Manager for HP ProtectTools-->MsiExec.exe /I{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}
PunkBuster Services-->C:\windows\system32\pbsvc.exe -u
RICOH Media Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{F5CC2EF8-20A4-4366-A681-3FE849E65809}\SETUP.EXE" -runfromtemp -l0x0009 anything -removeonly
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Business v10-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Business-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD-->MsiExec.exe /I{30A2A953-DEB1-466A-B660-F4399C7C6B9D}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sniper Elite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A979B2D8-E3EE-4523-A26C-4AF0A6809280}\setup.exe"
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Theft Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}\setup.exe" -runfromtemp -l0x0409 -removeonly
Theft Recovery-->MsiExec.exe /X{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}
Titan Quest-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x5 -removeonly
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TuneUp Utilities 2011-->C:\Program Files (x86)\TuneUp Utilities 2011\TUInstallHelper.exe --Trigger-Uninstall
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft Office Outlook 2007 (KB2412171)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
Update for Outlook 2007 Junk Email Filter (KB2508979)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D2137BBA-250B-4548-BC1C-19E5009893D7}
Validity Fingerprint Driver-->MsiExec.exe /X{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}
VD64Inst-->MsiExec.exe /I{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}
VLC media player 1.1.8-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Web'n'walk Manager-->C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\uninstall.exe
Windows 7 Default Setting-->MsiExec.exe /I{5BF8E079-D6E2-4323-B794-75152371122A}
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbtums-vistax64-brcm.inf_amd64_neutral_669857059b361c7a\bcbtums-vistax64-brcm.inf
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbtums-win7x64-brcm.inf_amd64_neutral_be703d2a1f4813d8\bcbtums-win7x64-brcm.inf
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbthid64.inf_amd64_neutral_737f347105a3e66a\bcbthid64.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{D07A61E5-A59C-433C-BCBD-22025FA2287B}
Windows Live Messenger-->MsiExec.exe /X{50300123-F8FC-4B50-B449-E847D04F1BA2}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
WinRAR 4.00 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
WinZip 14.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
Zoner Photo Studio 12-->"C:\Program Files (x86)\Zoner\Photo Studio 12\unins000.exe" /SILENT

======System event log======

Computer Name: Aperta-HP
Event Code: 7036
Message: Stav služby SeaPort byl změněn na: Spuštěno
Record Number: 3139
Source Name: Service Control Manager
Time Written: 20110311110957.369066-000
Event Type: Informace
User:

Computer Name: Aperta-HP
Event Code: 7036
Message: Stav služby SeaPort byl změněn na: Zastaveno
Record Number: 3138
Source Name: Service Control Manager
Time Written: 20110311110954.451861-000
Event Type: Informace
User:

Computer Name: Aperta-HP
Event Code: 20001
Message: Správa ovladačů dokončila proces instalace ovladače FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.inf pro ID instance zařízení STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3 s následujícím stavem: 0x0.
Record Number: 3137
Source Name: Microsoft-Windows-UserPnp
Time Written: 20110311110935.154627-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Aperta-HP
Event Code: 206
Message: Služba Pomocník s kompatibilitou programů úspěšně provedla inicializaci druhé fáze.
Record Number: 3136
Source Name: Microsoft-Windows-Application-Experience
Time Written: 20110311110917.978997-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Aperta-HP
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 3135
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110311110911.380185-000
Event Type: Informace
User: Aperta-HP\Aperta

=====Application event log=====

Computer Name: Aperta-HP
Event Code: 11707
Message: Produkt: Norton Online Backup - Instalace byla úspěšně dokončena.
Record Number: 1449
Source Name: MsiInstaller
Time Written: 20110311110940.000000-000
Event Type: Informace
User: Aperta-HP\Aperta

Computer Name: Aperta-HP
Event Code: 1042
Message: Probíhá ukončování transakce Instalační služby systému Windows: C:\Users\Aperta\AppData\Local\Temp\7zS3D7C.tmp\ActivationInstaller.msi. ID procesu klienta: 3968
Record Number: 1448
Source Name: MsiInstaller
Time Written: 20110311110940.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Aperta-HP
Event Code: 10000
Message: Zahajování relace 0 – ?2011?-?03?-?11T11:09:38.149832500Z.
Record Number: 1447
Source Name: Microsoft-Windows-RestartManager
Time Written: 20110311110938.149832-000
Event Type: Informace
User: Aperta-HP\Aperta

Computer Name: Aperta-HP
Event Code: 8194
Message: Bod obnovení byl úspěšně vytvořen (Proces = C:\windows\system32\msiexec.exe /V; Popis = Installed Norton Online Backup).
Record Number: 1446
Source Name: System Restore
Time Written: 20110311110938.000000-000
Event Type: Informace
User:

Computer Name: Aperta-HP
Event Code: 1040
Message: Probíhá zahajování transakce Instalační služby systému Windows: C:\Users\Aperta\AppData\Local\Temp\7zS3D7C.tmp\ActivationInstaller.msi. ID procesu klienta: 3968
Record Number: 1445
Source Name: MsiInstaller
Time Written: 20110311110924.000000-000
Event Type: Informace
User: Aperta-HP\Aperta

=====Security event log=====

Computer Name: Aperta-HP
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 697
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110311111323.364196-000
Event Type: Úspěšný audit
User:

Computer Name: Aperta-HP
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: APERTA-HP$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2e8
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 696
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110311111323.364196-000
Event Type: Úspěšný audit
User:

Computer Name: Aperta-HP
Event Code: 4905
Message: Došlo k pokusu zrušit registraci zdroje události zabezpečení.

Předmět
ID zabezpečení: S-1-5-18
Název účtu: APERTA-HP$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Proces:
ID procesu: 0x498
Název procesu: C:\Windows\System32\VSSVC.exe

Zdroj události:
Název zdroje: VSSAudit
ID zdroje události: 0x2b56ab
Record Number: 695
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110311110944.358643-000
Event Type: Úspěšný audit
User:

Computer Name: Aperta-HP
Event Code: 4904
Message: Došlo k pokusu zaregistrovat zdroj události zabezpečení.

Předmět :
ID zabezpečení: S-1-5-18
Název účtu: APERTA-HP$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Proces:
ID procesu: 0x498
Název procesu: C:\Windows\System32\VSSVC.exe

Zdroj události:
Název zdroje: VSSAudit
ID zdroje události: 0x2b56ab
Record Number: 694
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110311110944.358643-000
Event Type: Úspěšný audit
User:

Computer Name: Aperta-HP
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-1548352304-4032370743-874254612-1002
Název účtu: Aperta
Název domény: Aperta-HP
ID přihlášení: 0x12e129
Record Number: 693
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110311110911.395785-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files\Hewlett-Packard\Drive Encryption\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;;C:\Program Files\Broadcom\Broadcom 802.11\Driver;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=2505
"OnlineServices"=Online Services
"Platform"=BNB
"PCBRAND"=b
"PTSM_install_path"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin
"RoxioCentral"=c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\
"EMC_AUTOPLAY"=c:\Program Files (x86)\Common Files\Roxio Shared\

-----------------EOF-----------------

FaethorCZ · #4 Příspěvek od **FaethorCZ** » 11 dub 2011 06:58

Tady to je...

info.txt logfile of random's system information tool 1.08 2011-04-11 07:56:00

======Uninstall list======

-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
2007 Microsoft Office system-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
ActivClient x64-->MsiExec.exe /X{86E45973-5352-439F-A115-2E8EE4D40140}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
AnyToISO-->"C:\Program Files (x86)\AnyToISO\unins000.exe"
Balíček ovladače systému Windows - Nokia Modem (06/09/2010 7.01.0.8)-->C:\PROGRA~1\DIFX\0169CE3A95F06636\dpinst.exe /u C:\windows\System32\DriverStore\FileRepository\nokbtmdm.inf_amd64_neutral_68b2fb14204f3667\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia Modem (10/07/2010 4.6)-->C:\PROGRA~1\DIFX\0169CE3A95F06636\dpinst.exe /u C:\windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_amd64_neutral_875547a32190c11c\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\F4092DA208C2C970\dpinst.exe /u C:\windows\system32\DRVSTORE\pccsmcfdx6_8A3BAB842294F8D9255C3CF2A3B1CECAEEB8EA7E\pccsmcfdx64.inf
Bing Bar-->MsiExec.exe /X{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}
Bing Rewards Client Installer-->MsiExec.exe /X{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}
Broadcom 2070 Bluetooth 2.1 + EDR-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Call of Duty(R) - World at War(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0405
Call of Duty(R) 2-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374}
Catalyst Control Center - Branding-->MsiExec.exe /I{16CA9DAC-6A40-4204-A826-33C4D52A266C}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Device Access Manager for HP ProtectTools-->MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
DirectX 9 Runtime-->MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
Drive Encryption for HP ProtectTools-->msiexec.exe /i {34E6F14D-68F9-486D-87BA-6AA8431F3F44}
eMule-->"C:\eMule\Uninstall.exe"
Energy Star Digital Logo-->MsiExec.exe /I{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}
File Sanitizer For HP ProtectTools-->MsiExec.exe /I{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}
Gothic III-->C:\Program Files (x86)\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe -runfromtemp -l0x0005 -removeonly
HP 3D DriveGuard-->MsiExec.exe /X{299625B9-6C69-462C-9CEA-8E06D878B1C5}
HP Advisor-->MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Documentation-->MsiExec.exe /X{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}
HP ESU for Microsoft Windows 7-->MsiExec.exe /X{722A2876-B382-4AB5-8CC9-007FF5B28641}
HP HotKey Support-->MsiExec.exe /X{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}
HP Power Assistant-->MsiExec.exe /X{3C33FD2E-6B21-4CD3-B41A-A7331D467617}
HP Power Data-->MsiExec.exe /X{42DBA167-C25D-49CE-BBAF-DEC25E737DA8}
HP ProtectTools Security Manager-->c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\setup.exe
HP ProtectTools Security Manager-->MsiExec.exe /X{9D06DE3F-0B91-4E1F-B791-619A9D1B53EF}
HP QuickLook-->MsiExec.exe /X{3B392D0A-F3F6-41EA-8DDB-D657ABA70168}
HP QuickWeb-->MsiExec.exe /X{7861911B-4270-498A-8F7A-FCF0570F4877}
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}\setup.exe" -l0x9 -removeonly
HP SoftPaq Download Manager-->MsiExec.exe /I{2DA697D7-FED3-4DE2-A174-92A2A12F9688}
HP Software Framework-->MsiExec.exe /X{DA200FDD-DE3D-4958-8465-C4FBC869544B}
HP Software Setup-->MsiExec.exe /X{04801E42-B1A6-4C52-9F3D-CADB5A050433}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Web Camera-->MsiExec.exe /I{C7AE4EC3-9C13-4213-8457-74D16B353F91}
HP Webcam Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}\setup.exe" -runfromtemp -l0x0009 -removeonly
HP Webcam-->C:\ProgramData\Uninstall\{1D61E881-43CD-447B-9E6B-D2C6138B2862}\setup.exe /x {1D61E881-43CD-447B-9E6B-D2C6138B2862}
HP Wireless Assistant-->MsiExec.exe /X{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Inkscape 0.48.1 -->C:\Inkscape\Uninstall.exe
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel(R) Turbo Boost Technology Driver-->C:\Program Files (x86)\Intel\Intel(R) Turbo Boost Technology Driver\Uninstall\setup.exe -uninstall -iips
Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Internet Download Manager-->C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
Java Card Security for HP ProtectTools-->MsiExec.exe /X{F4477CC0-7293-414A-93BC-20EE897A80F0}
LightScribe System Software-->MsiExec.exe /X{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}
LSI HDA Modem-->C:\windows\agrsmdel
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Antimalware Service CS-CZ Language Pack-->MsiExec.exe /X{F6197679-051D-4E3E-9757-4D5CDA6D658B}
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Default Manager-->MsiExec.exe /X{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{1FDA5A37-B22D-43FF-B582-B8964050DC13}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Security Client CS-CZ Language Pack-->MsiExec.exe /I{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}
Microsoft Security Client-->MsiExec.exe /I{E77543EE-6FB5-4FF6-AB70-635392C8C756}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Mozilla Firefox (3.6.16)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVC80_x64_v2-->MsiExec.exe /I{4D668D4F-FAA2-4726-834C-31F4614F312E}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x64-->MsiExec.exe /I{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{4216D328-0FE8-48B8-85B8-BD300E6F080F}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{3553E875-F00E-4031-BDEC-75FB1DFEB093}
Nokia Ovi Suite-->C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer.exe
Nokia Ovi Suite-->MsiExec.exe /X{3FC42713-B6E7-49AA-A553-A224FE9828A8}
Nokia PC Suite-->C:\ProgramData\Installations\{F38FD0E4-B991-462B-873D-F2115EADD093}\Nokia_PC_Suite_cze_web.exe
Nokia PC Suite-->MsiExec.exe /I{F38FD0E4-B991-462B-873D-F2115EADD093}
Ovi Desktop Sync Engine-->MsiExec.exe /X{28191B83-1D60-44B6-9B08-E854EF6632D5}
OviMPlatform-->MsiExec.exe /I{08600005-5228-4BF6-845E-E9A957AFDCB4}
PC Connectivity Solution-->MsiExec.exe /I{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}
PDF Complete Special Edition-->C:\Program Files (x86)\PDF Complete\uninstall.exe
Privacy Manager for HP ProtectTools-->MsiExec.exe /I{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}
PunkBuster Services-->C:\windows\system32\pbsvc.exe -u
RICOH Media Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{F5CC2EF8-20A4-4366-A681-3FE849E65809}\SETUP.EXE" -runfromtemp -l0x0009 anything -removeonly
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Business v10-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Business-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD-->MsiExec.exe /I{30A2A953-DEB1-466A-B660-F4399C7C6B9D}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sniper Elite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A979B2D8-E3EE-4523-A26C-4AF0A6809280}\setup.exe"
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Theft Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}\setup.exe" -runfromtemp -l0x0409 -removeonly
Theft Recovery-->MsiExec.exe /X{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}
Titan Quest-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x5 -removeonly
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TuneUp Utilities 2011-->C:\Program Files (x86)\TuneUp Utilities 2011\TUInstallHelper.exe --Trigger-Uninstall
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft Office Outlook 2007 (KB2412171)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
Update for Outlook 2007 Junk Email Filter (KB2508979)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D2137BBA-250B-4548-BC1C-19E5009893D7}
Validity Fingerprint Driver-->MsiExec.exe /X{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}
VD64Inst-->MsiExec.exe /I{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}
VLC media player 1.1.8-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Web'n'walk Manager-->C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\uninstall.exe
Windows 7 Default Setting-->MsiExec.exe /I{5BF8E079-D6E2-4323-B794-75152371122A}
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbtums-vistax64-brcm.inf_amd64_neutral_669857059b361c7a\bcbtums-vistax64-brcm.inf
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbtums-win7x64-brcm.inf_amd64_neutral_be703d2a1f4813d8\bcbtums-win7x64-brcm.inf
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbthid64.inf_amd64_neutral_737f347105a3e66a\bcbthid64.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{D07A61E5-A59C-433C-BCBD-22025FA2287B}
Windows Live Messenger-->MsiExec.exe /X{50300123-F8FC-4B50-B449-E847D04F1BA2}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
WinRAR 4.00 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
WinZip 14.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
Zoner Photo Studio 12-->"C:\Program Files (x86)\Zoner\Photo Studio 12\unins000.exe" /SILENT

======System event log======

Computer Name: Aperta-HP
Event Code: 7036
Message: Stav služby SeaPort byl změněn na: Spuštěno
Record Number: 3139
Source Name: Service Control Manager
Time Written: 20110311110957.369066-000
Event Type: Informace
User:

Computer Name: Aperta-HP
Event Code: 7036
Message: Stav služby SeaPort byl změněn na: Zastaveno
Record Number: 3138
Source Name: Service Control Manager
Time Written: 20110311110954.451861-000
Event Type: Informace
User:

Computer Name: Aperta-HP
Event Code: 20001
Message: Správa ovladačů dokončila proces instalace ovladače FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.inf pro ID instance zařízení STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3 s následujícím stavem: 0x0.
Record Number: 3137
Source Name: Microsoft-Windows-UserPnp
Time Written: 20110311110935.154627-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Aperta-HP
Event Code: 206
Message: Služba Pomocník s kompatibilitou programů úspěšně provedla inicializaci druhé fáze.
Record Number: 3136
Source Name: Microsoft-Windows-Application-Experience
Time Written: 20110311110917.978997-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Aperta-HP
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 3135
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110311110911.380185-000
Event Type: Informace
User: Aperta-HP\Aperta

=====Application event log=====

Computer Name: Aperta-HP
Event Code: 11707
Message: Produkt: Norton Online Backup - Instalace byla úspěšně dokončena.
Record Number: 1449
Source Name: MsiInstaller
Time Written: 20110311110940.000000-000
Event Type: Informace
User: Aperta-HP\Aperta

Computer Name: Aperta-HP
Event Code: 1042
Message: Probíhá ukončování transakce Instalační služby systému Windows: C:\Users\Aperta\AppData\Local\Temp\7zS3D7C.tmp\ActivationInstaller.msi. ID procesu klienta: 3968
Record Number: 1448
Source Name: MsiInstaller
Time Written: 20110311110940.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Aperta-HP
Event Code: 10000
Message: Zahajování relace 0 – ?2011?-?03?-?11T11:09:38.149832500Z.
Record Number: 1447
Source Name: Microsoft-Windows-RestartManager
Time Written: 20110311110938.149832-000
Event Type: Informace
User: Aperta-HP\Aperta

Computer Name: Aperta-HP
Event Code: 8194
Message: Bod obnovení byl úspěšně vytvořen (Proces = C:\windows\system32\msiexec.exe /V; Popis = Installed Norton Online Backup).
Record Number: 1446
Source Name: System Restore
Time Written: 20110311110938.000000-000
Event Type: Informace
User:

Computer Name: Aperta-HP
Event Code: 1040
Message: Probíhá zahajování transakce Instalační služby systému Windows: C:\Users\Aperta\AppData\Local\Temp\7zS3D7C.tmp\ActivationInstaller.msi. ID procesu klienta: 3968
Record Number: 1445
Source Name: MsiInstaller
Time Written: 20110311110924.000000-000
Event Type: Informace
User: Aperta-HP\Aperta

=====Security event log=====

Computer Name: Aperta-HP
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 697
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110311111323.364196-000
Event Type: Úspěšný audit
User:

Computer Name: Aperta-HP
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: APERTA-HP$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2e8
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 696
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110311111323.364196-000
Event Type: Úspěšný audit
User:

Computer Name: Aperta-HP
Event Code: 4905
Message: Došlo k pokusu zrušit registraci zdroje události zabezpečení.

Předmět
ID zabezpečení: S-1-5-18
Název účtu: APERTA-HP$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Proces:
ID procesu: 0x498
Název procesu: C:\Windows\System32\VSSVC.exe

Zdroj události:
Název zdroje: VSSAudit
ID zdroje události: 0x2b56ab
Record Number: 695
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110311110944.358643-000
Event Type: Úspěšný audit
User:

Computer Name: Aperta-HP
Event Code: 4904
Message: Došlo k pokusu zaregistrovat zdroj události zabezpečení.

Předmět :
ID zabezpečení: S-1-5-18
Název účtu: APERTA-HP$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Proces:
ID procesu: 0x498
Název procesu: C:\Windows\System32\VSSVC.exe

Zdroj události:
Název zdroje: VSSAudit
ID zdroje události: 0x2b56ab
Record Number: 694
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110311110944.358643-000
Event Type: Úspěšný audit
User:

Computer Name: Aperta-HP
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-1548352304-4032370743-874254612-1002
Název účtu: Aperta
Název domény: Aperta-HP
ID přihlášení: 0x12e129
Record Number: 693
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110311110911.395785-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files\Hewlett-Packard\Drive Encryption\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;;C:\Program Files\Broadcom\Broadcom 802.11\Driver;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=2505
"OnlineServices"=Online Services
"Platform"=BNB
"PCBRAND"=b
"PTSM_install_path"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin
"RoxioCentral"=c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\
"EMC_AUTOPLAY"=c:\Program Files (x86)\Common Files\Roxio Shared\

-----------------EOF-----------------

#5 Příspěvek od **Rudy** » 11 dub 2011 17:03

Ještě poprosím o sken ComboFix a log.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

FaethorCZ · #6 Příspěvek od **FaethorCZ** » 12 dub 2011 06:07

tady to je...

ComboFix 11-04-11.02 - Aperta 12.04.2011 6:53.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3951.2094 [GMT 2:00]
Spuštěný z: c:\users\Aperta\Documents\Downloads\Programs\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\users\Aperta\AppData\Roaming\dwm.exe
c:\users\Aperta\AppData\Roaming\Microsoft\conhost.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-12 do 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-12 04:59 . 2011-04-12 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-12 04:37 . 2011-04-12 04:37 -------- d-----w- c:\program files\ESET
2011-04-12 04:25 . 2011-04-12 04:25 -------- d-----w- c:\program files (x86)\ESET
2011-04-11 12:17 . 2011-04-11 12:17 -------- d-----w- c:\users\Aperta\AppData\Local\GHISLER
2011-04-11 11:03 . 2011-04-11 11:03 -------- d-----w- c:\programdata\LightScribe
2011-04-11 11:00 . 2011-04-11 11:03 -------- d-----w- c:\users\Aperta\AppData\Local\Ahead
2011-04-11 10:59 . 2011-04-11 11:04 -------- d-----w- c:\users\Aperta\AppData\Roaming\Ahead
2011-04-11 10:59 . 2011-04-11 10:59 -------- d-----w- c:\programdata\Ahead
2011-04-11 10:54 . 2011-04-11 10:54 -------- d-----w- c:\programdata\Nero
2011-04-11 10:54 . 2011-04-11 10:54 -------- d-----w- c:\program files (x86)\Nero
2011-04-11 10:54 . 2011-04-11 19:35 -------- d-----w- c:\program files (x86)\Common Files\Ahead
2011-04-11 06:40 . 2011-03-23 08:11 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0309807-7158-4280-BF39-DC1D99595DE3}\mpengine.dll
2011-04-11 06:25 . 2011-04-11 07:39 -------- d-----w- c:\users\Aperta\DoctorWeb
2011-04-11 06:23 . 2011-04-11 06:23 77824 ----atw- c:\windows\SysWow64\DRWEBSP.DLL
2011-04-11 06:23 . 2011-04-12 04:27 -------- d-----w- c:\program files (x86)\DrWeb
2011-04-11 06:10 . 2011-04-11 06:10 -------- d-----w- c:\users\Aperta\AppData\Local\{A5DE6078-0793-4204-8595-092292377AD2}
2011-04-11 06:05 . 2011-04-11 06:05 -------- d-----w- c:\users\Aperta\AppData\Local\{A38FFB52-6304-418B-AEB2-F12F420914D5}
2011-04-11 05:55 . 2011-04-11 05:56 -------- d-----w- C:\rsit
2011-04-11 05:55 . 2011-04-11 05:55 -------- d-----w- c:\program files\trend micro
2011-04-10 18:56 . 2011-04-10 19:06 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-10 17:53 . 2006-04-29 12:25 40960 ----a-w- c:\windows\SysWow64\psfind.dll
2011-04-10 17:45 . 2006-02-07 13:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-04-10 17:45 . 2006-02-07 13:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-04-10 17:45 . 2006-02-07 13:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-04-10 17:45 . 2006-02-07 13:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-04-10 17:45 . 2006-02-07 13:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-04-10 17:45 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-04-10 17:45 . 2011-04-10 17:45 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-04-10 17:45 . 2011-04-10 17:45 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-04-08 21:27 . 2011-04-10 18:47 -------- d-----w- c:\users\Aperta\AppData\Local\PunkBuster
2011-04-08 21:27 . 2011-04-08 21:27 -------- d-----w- c:\users\Aperta\AppData\Local\Activision
2011-04-08 21:24 . 2011-04-10 19:17 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-08 21:24 . 2011-04-10 18:56 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-08 21:24 . 2011-04-08 21:24 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-04-08 21:21 . 2011-04-10 18:25 -------- d-----w- c:\program files (x86)\Activision
2011-04-08 20:56 . 2011-04-08 21:07 -------- d-----w- c:\program files (x86)\AnyToISO
2011-04-07 21:34 . 2010-11-23 15:16 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-04-07 21:34 . 2010-11-23 15:11 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-04-07 21:34 . 2010-11-23 15:11 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-04-07 21:34 . 2010-11-23 15:11 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-07 21:34 . 2010-11-23 15:11 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-04-07 21:34 . 2011-04-07 21:34 -------- d-----w- c:\users\Aperta\AppData\Roaming\TuneUp Software
2011-04-07 21:34 . 2011-04-07 21:34 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-04-07 21:33 . 2011-04-07 21:35 -------- d-----w- c:\programdata\TuneUp Software
2011-04-07 21:33 . 2011-04-07 21:33 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-07 21:04 . 2011-04-07 21:04 18048 ----a-w- c:\windows\SysWow64\drivers\lirsgt.sys
2011-04-07 20:35 . 2011-04-07 21:20 -------- d-----w- c:\program files (x86)\Atari
2011-04-07 12:31 . 2011-04-11 06:22 -------- d-----w- c:\users\Aperta\AppData\Roaming\IDM
2011-04-07 12:31 . 2011-04-07 12:34 -------- d-----w- c:\program files (x86)\Internet Download Manager
2011-04-07 11:55 . 2011-04-11 18:37 -------- d-----w- c:\users\Aperta\AppData\Roaming\DMCache
2011-04-07 11:47 . 2011-04-07 11:48 -------- d-----w- c:\users\Aperta\AppData\Roaming\Zoner
2011-04-07 11:47 . 2011-04-07 11:47 -------- d-----w- c:\users\Aperta\AppData\Local\Zoner
2011-04-07 11:43 . 2011-04-07 11:43 -------- d-----w- c:\program files (x86)\Zoner
2011-04-07 11:36 . 2011-04-07 11:36 -------- d-----w- c:\programdata\eMule
2011-04-07 11:34 . 2011-04-11 19:35 -------- d-----w- c:\users\Aperta\AppData\Roaming\GHISLER
2011-04-07 11:34 . 2011-04-07 11:34 -------- d-----w- C:\totalcmd
2011-04-07 11:34 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-04-07 11:34 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-04-07 11:34 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-04-07 11:34 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-04-07 11:34 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-04-07 11:34 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-04-07 11:34 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-04-07 11:34 . 2011-04-07 11:39 -------- d-----w- c:\users\Aperta\AppData\Local\eMule
2011-04-07 11:34 . 2011-04-07 11:34 -------- d-----w- C:\eMule
2011-04-07 11:28 . 2011-04-07 11:28 -------- d-----w- c:\users\Aperta\AppData\Roaming\inkscape
2011-04-07 11:23 . 2011-04-07 11:26 -------- d-----w- C:\Inkscape
2011-04-07 10:35 . 2011-04-07 10:35 -------- d-----w- c:\windows\SysWow64\AGEIA
2011-04-07 10:35 . 2011-04-07 10:35 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-04-07 10:17 . 2011-04-07 10:17 -------- d-----w- C:\Unreal Tournament 3
2011-04-07 10:06 . 2011-04-07 10:06 -------- d-----w- c:\users\Aperta\AppData\Local\{1F87F9A9-C774-422C-BE08-B1A2D6D80FE0}
2011-04-07 10:06 . 2011-04-07 19:37 -------- d-----w- c:\users\Aperta\Tracing
2011-04-07 10:04 . 2011-04-07 10:04 -------- d-----w- c:\windows\system32\SPReview
2011-04-07 10:04 . 2011-04-07 10:04 -------- d-----w- c:\windows\system32\EventProviders
2011-04-07 10:01 . 2010-11-20 13:25 2264064 ----a-w- c:\windows\system32\VPCWizard.exe
2011-04-07 10:00 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2011-04-07 09:59 . 2010-11-20 13:24 477696 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-04-07 09:58 . 2010-11-20 13:26 861184 ----a-w- c:\windows\system32\fontext.dll
2011-04-07 09:57 . 2010-11-20 13:27 636416 ----a-w- c:\windows\system32\wmdrmdev.dll
2011-04-07 09:56 . 2010-11-20 13:26 41472 ----a-w- c:\windows\system32\mciqtz32.dll
2011-04-07 09:55 . 2010-11-20 13:46 2560 ----a-w- c:\windows\system32\drivers\pl-PL\vpcuxd.sys.mui
2011-04-07 09:52 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-07 09:52 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-07 09:52 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-07 09:52 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-07 09:52 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-07 09:51 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-04-07 09:51 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-04-07 06:31 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-04-07 06:27 . 2011-04-07 06:27 -------- d-----w- c:\windows\cs
2011-04-07 06:26 . 2011-04-07 06:26 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-04-07 06:25 . 2011-04-07 06:26 -------- d-----w- c:\program files (x86)\Windows Live
2011-04-07 06:25 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-04-07 06:25 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-04-07 06:25 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-04-07 06:25 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-07 06:07 . 2011-04-07 10:07 -------- d-----w- c:\users\Aperta\AppData\Local\Windows Live
2011-04-07 06:07 . 2011-04-07 06:07 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-04-06 21:56 . 2011-04-06 21:56 -------- d-----w- C:\3c036a02744261e1f71b313205
2011-04-06 21:52 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-06 21:52 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-04-06 21:52 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-06 21:52 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-04-06 20:39 . 2011-04-07 10:01 -------- d-----w- c:\program files (x86)\Seznam.cz
2011-04-06 20:39 . 2011-04-06 20:39 -------- d--h--w- c:\windows\msdownld.tmp
2011-04-06 20:34 . 2011-04-11 19:35 -------- d-----w- c:\users\Aperta\AppData\Roaming\vlc
2011-04-06 20:33 . 2011-04-06 20:33 -------- d-----w- c:\program files (x86)\VideoLAN
2011-04-06 20:31 . 2011-04-06 20:31 -------- d-----w- c:\program files (x86)\MC2
2011-04-06 20:30 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-04-06 20:30 . 2001-09-05 03:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll
2011-04-06 20:30 . 2001-09-05 03:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-04-06 20:30 . 2001-09-05 03:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-04-06 20:30 . 2000-01-04 05:39 212992 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-04-06 19:12 . 2011-04-06 19:12 -------- d-----w- c:\users\Aperta\AppData\Local\Nokia
2011-04-06 19:05 . 2011-04-06 19:05 -------- d-----w- c:\program files\ATI Technologies
2011-04-06 18:27 . 2011-04-06 18:27 -------- d-----w- c:\users\Aperta\AppData\Roaming\Nokia
2011-04-06 18:27 . 2011-04-06 18:27 -------- d-----w- c:\users\Aperta\AppData\Roaming\PC Suite
2011-04-06 18:27 . 2011-04-06 18:27 -------- d-----w- c:\programdata\PC Suite
2011-04-06 18:27 . 2011-04-06 18:27 -------- d-----w- c:\program files (x86)\Common Files\PCSuite
2011-04-06 18:27 . 2011-04-06 19:11 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2011-04-06 18:27 . 2008-08-28 09:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2011-04-06 18:27 . 2011-04-06 18:27 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-06 18:27 . 2011-04-06 18:27 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2011-04-06 18:26 . 2011-04-06 18:26 -------- d-----w- c:\programdata\NokiaInstallerCache
2011-04-06 18:26 . 2010-07-30 12:18 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-07 10:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-07 10:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-07 06:26 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-06 20:38 . 2011-04-06 20:38 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2011-04-06 20:38 . 2011-04-06 20:38 249344 ----a-w- c:\windows\system32\webcheck.dll
2011-02-05 14:02 . 2011-02-05 14:02 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-02-05 14:02 . 2011-02-05 14:02 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-02-05 14:02 . 2011-02-05 14:02 3891200 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2011-02-05 14:02 . 2011-02-05 14:02 3555840 ----a-w- c:\windows\system32\bcmihvui64.dll
2011-02-05 14:02 . 2011-02-05 14:02 3058168 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2011-02-02 16:11 . 2011-03-11 12:49 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-05-26 3220912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"SpIDerMail"="c:\program files (x86)\DrWeb\spiderml.exe" [2008-06-10 501080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-30 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-03-08 122608]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-07-02 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-12-10 251448]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-03-06 635416]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-23 1974080]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF11281.cfxxe" [X]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2903688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:55636
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\DRWEBSP.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Aperta\AppData\Roaming\Mozilla\Firefox\Profiles\fzo38zd4.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Aperta\AppData\Roaming\IDM\idmmzcc3
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Výchozí) - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1548352304-4032370743-874254612-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2FC405FD-2175-5990-AB0C-53AE473D3C0C}*]
"jampjnpgllceghoolbga"=hex:65,63,70,6d,62,6b,65,64,66,6f,69,6a,6b,68,68,6f,68,
69,6b,70,65,6f,69,64,63,61,6b,65,70,6d,63,66,6f,6b,68,6a,62,6f,64,69,69,66,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Celkový čas: 2011-04-12 07:06:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-12 05:06
.
Před spuštěním: Volných bajtů: 378 175 864 832
Po spuštění: Volných bajtů: 377 400 406 016
.
- - End Of File - - BC4F807CC2D3486450E43AAE34A44243

#7 Příspěvek od **Rudy** » 12 dub 2011 17:39

Několik položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?

FaethorCZ · #8 Příspěvek od **FaethorCZ** » 13 dub 2011 08:33

No, nainstaloval jsem jiný antivir, něco mi našel, nějaký trojan.logger, jestli to píšu dobře. Od té chvíle dělám průběžně testy, zatím nic. Použil jsem i bootovací antivir, ale rozhodil mě PC tak, že jsem musel nechat obnovit z bodu obnovy. Ale našel toho dost a myslel jsem, že z obnovy se objeví i už smazané viry. Ale jak jsem psal, teď jsem zatím klid. Dokonce mi to dělalo přesměrování na nějakou proxy a do finále mi to prohlížeč házelo někam jinam než jsem chtěl. Takže místo Seznam.cz jsem najednou byl na nějakém pornu... Ale teď to nedělán, takže doufám, že je to ok. Kdyby ne, ozvu se, zatím díky moc za pomoc

#9 Příspěvek od **Rudy** » 13 dub 2011 16:42

Nemáte zač!

VIRY.CZ

Cycbot.B

Cycbot.B

Re: Cycbot.B

Re: Cycbot.B

Re: Cycbot.B

Re: Cycbot.B

Re: Cycbot.B

Re: Cycbot.B

Re: Cycbot.B

Re: Cycbot.B