preventikva

Zpráva

selkir · #31 Příspěvek od **selkir** » 24 srp 2013 11:10

Zdravím, tak jsem provedl všechny kroky, pc je celkem v pohodě, až na jednu věc. Zlobí mi, že strašně dlouho trvá, než se objeví při spouštění systému ikonky pro přihlášení uživatele (cca 2-3 minuty).

#32 Příspěvek od **Márty84** » 24 srp 2013 12:07

Dejte aktualni log z RSIT

selkir · #33 Příspěvek od **selkir** » 25 srp 2013 09:52

Logfile of random's system information tool 1.09 (written by random/random)
Run by Vitek at 2013-08-25 10:51:53
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 415 GB (90%) free of 459 GB
Total RAM: 3887 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:57, on 25.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Vitek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vitek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vitek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vitek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Vitek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [estar] C:\System.Sav\Util\HideDOS.EXE C:\System.Sav\util\estartwk\twk764.bat
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} (VPNWeb Control) - vpnweb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9173 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\windows\system32\svchost.exe -k NetworkService
winlogon.exe
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\system32\WLANExt.exe 3146624
\??\C:\windows\system32\conhost.exe "43836650654976051284154736-713330087-350792867695152844543598200-749897075
taskeng.exe {242BC0B2-293E-4975-B352-38536AB5977C}
C:\windows\System32\spoolsv.exe
"C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe"
"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\servicing\TrustedInstaller.exe
"taskhost.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
"C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" /start
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Users\Vitek\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Vitek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4628.0.599359247\108572528" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,20 --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2119 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Vitek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_33/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/group_01/ --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="4628.2.716030820\1334442817" /prefetch:673131151
"C:\Users\Vitek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_33/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="4628.4.1391604804\1564054439" /prefetch:673131151
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Users\Vitek\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\HPCeeScheduleForVitek.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 2132232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-14 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-14 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-01-08 186904]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-04-05 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"acevents"=C:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-04 196648]
""= []
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-04 483880]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-04-26 161304]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-04-26 386584]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-04-26 413208]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-03-17 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2013-06-28 2255184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
"estar"=C:\System.Sav\Util\HideDOS.EXE [2006-11-29 77824]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2010-03-04 111640]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-04-21 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.com - open -

======List of files/folders created in the last 1 month======

2013-08-25 10:51:53 ----D---- C:\rsit
2013-08-17 12:19:55 ----A---- C:\windows\system32\drivers\dtsoftbus01.sys
2013-08-17 12:19:49 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2013-08-15 19:12:42 ----D---- C:\Users\Vitek\AppData\Roaming\Malwarebytes
2013-08-14 20:01:24 ----A---- C:\windows\SYSWOW64\ieui.dll
2013-08-14 20:01:23 ----A---- C:\windows\system32\ieui.dll
2013-08-14 20:01:22 ----A---- C:\windows\SYSWOW64\iesetup.dll
2013-08-14 20:01:22 ----A---- C:\windows\SYSWOW64\iernonce.dll
2013-08-14 20:01:22 ----A---- C:\windows\system32\iesetup.dll
2013-08-14 20:01:22 ----A---- C:\windows\system32\iernonce.dll
2013-08-14 20:01:21 ----A---- C:\windows\SYSWOW64\RegisterIEPKEYs.exe
2013-08-14 20:01:21 ----A---- C:\windows\SYSWOW64\iesysprep.dll
2013-08-14 20:01:21 ----A---- C:\windows\system32\RegisterIEPKEYs.exe
2013-08-14 20:01:21 ----A---- C:\windows\system32\iesysprep.dll
2013-08-14 20:01:21 ----A---- C:\windows\system32\ie4uinit.exe
2013-08-14 20:01:20 ----A---- C:\windows\SYSWOW64\iertutil.dll
2013-08-14 20:01:19 ----A---- C:\windows\system32\iertutil.dll
2013-08-14 20:01:18 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2013-08-14 20:01:17 ----A---- C:\windows\SYSWOW64\jscript.dll
2013-08-14 20:01:17 ----A---- C:\windows\system32\msfeeds.dll
2013-08-14 20:01:17 ----A---- C:\windows\system32\jscript.dll
2013-08-14 20:01:16 ----A---- C:\windows\system32\jscript9.dll
2013-08-14 20:01:15 ----A---- C:\windows\SYSWOW64\urlmon.dll
2013-08-14 20:01:15 ----A---- C:\windows\SYSWOW64\jscript9.dll
2013-08-14 20:01:14 ----A---- C:\windows\system32\urlmon.dll
2013-08-14 20:01:13 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2013-08-14 20:01:13 ----A---- C:\windows\system32\jsproxy.dll
2013-08-14 20:01:12 ----A---- C:\windows\SYSWOW64\wininet.dll
2013-08-14 20:01:11 ----A---- C:\windows\system32\wininet.dll
2013-08-14 20:01:10 ----A---- C:\windows\SYSWOW64\ieframe.dll
2013-08-14 20:01:09 ----A---- C:\windows\system32\ieframe.dll
2013-08-14 20:01:08 ----A---- C:\windows\system32\mshtml.dll
2013-08-14 20:01:05 ----A---- C:\windows\SYSWOW64\mshtml.dll
2013-08-14 19:50:32 ----A---- C:\windows\SYSWOW64\crypt32.dll
2013-08-14 19:50:32 ----A---- C:\windows\system32\crypt32.dll
2013-08-14 19:50:31 ----A---- C:\windows\SYSWOW64\wintrust.dll
2013-08-14 19:50:31 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2013-08-14 19:50:31 ----A---- C:\windows\SYSWOW64\cryptnet.dll
2013-08-14 19:50:31 ----A---- C:\windows\system32\wintrust.dll
2013-08-14 19:50:31 ----A---- C:\windows\system32\cryptsvc.dll
2013-08-14 19:50:31 ----A---- C:\windows\system32\cryptnet.dll
2013-08-14 19:50:22 ----A---- C:\windows\SYSWOW64\tzres.dll
2013-08-14 19:50:22 ----A---- C:\windows\system32\tzres.dll
2013-08-14 19:50:20 ----A---- C:\windows\system32\WMVDECOD.DLL
2013-08-14 19:50:19 ----A---- C:\windows\SYSWOW64\WMVDECOD.DLL
2013-08-14 19:50:19 ----A---- C:\windows\SYSWOW64\rpcrt4.dll
2013-08-14 19:50:19 ----A---- C:\windows\system32\rpcrt4.dll
2013-08-14 19:50:17 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2013-08-14 19:50:15 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2013-08-14 19:50:15 ----A---- C:\windows\system32\ntoskrnl.exe
2013-08-14 19:50:15 ----A---- C:\windows\system32\ntdll.dll
2013-08-14 19:50:14 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2013-08-14 19:50:14 ----A---- C:\windows\SYSWOW64\ntdll.dll
2013-08-14 19:50:14 ----A---- C:\windows\system32\wow64.dll
2013-08-14 19:50:13 ----A---- C:\windows\SYSWOW64\wow32.dll
2013-08-14 19:50:13 ----A---- C:\windows\SYSWOW64\user.exe
2013-08-14 19:50:13 ----A---- C:\windows\SYSWOW64\setup16.exe
2013-08-14 19:50:13 ----A---- C:\windows\SYSWOW64\instnm.exe
2013-08-14 19:50:11 ----A---- C:\windows\system32\drivers\tssecsrv.sys
2013-08-14 19:50:11 ----A---- C:\windows\system32\drivers\tcpip.sys
2013-08-14 19:47:39 ----D---- C:\AdwCleaner
2013-08-12 19:34:46 ----RD---- C:\Program Files (x86)\Skype
2013-08-12 19:21:57 ----D---- C:\Users\Vitek\AppData\Roaming\Skype
2013-08-11 14:06:16 ----A---- C:\windows\SYSWOW64\Access.dat
2013-08-11 14:00:00 ----A---- C:\windows\system32\drivers\tap0901t.sys
2013-08-11 10:53:54 ----D---- C:\ProgramData\StarApp
2013-08-10 20:03:59 ----A---- C:\Program Files (x86)\1bomb.ini
2013-08-03 21:01:47 ----D---- C:\windows\SYSWOW64\Adobe
2013-07-28 20:31:07 ----D---- C:\Program Files (x86)\LibreOffice 4.0
2013-07-27 16:03:07 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-27 16:03:07 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-27 16:03:07 ----A---- C:\windows\system32\RdpGroupPolicyExtension.dll
2013-07-27 16:03:02 ----A---- C:\windows\system32\drivers\rdpvideominiport.sys
2013-07-27 16:03:01 ----A---- C:\windows\system32\drivers\TsUsbFlt.sys
2013-07-27 16:02:55 ----A---- C:\windows\SYSWOW64\wksprtPS.dll
2013-07-27 16:02:55 ----A---- C:\windows\SYSWOW64\tsgqec.dll
2013-07-27 16:02:55 ----A---- C:\windows\SYSWOW64\rdpendp_winip.dll
2013-07-27 16:02:55 ----A---- C:\windows\SYSWOW64\MsRdpWebAccess.dll
2013-07-27 16:02:55 ----A---- C:\windows\SYSWOW64\aaclient.dll
2013-07-27 16:02:55 ----A---- C:\windows\system32\wksprtPS.dll
2013-07-27 16:02:55 ----A---- C:\windows\system32\TsUsbGDCoInstaller.dll
2013-07-27 16:02:55 ----A---- C:\windows\system32\tsgqec.dll
2013-07-27 16:02:55 ----A---- C:\windows\system32\MsRdpWebAccess.dll
2013-07-27 16:02:55 ----A---- C:\windows\system32\aaclient.dll
2013-07-27 16:02:54 ----A---- C:\windows\SYSWOW64\mstsc.exe
2013-07-27 16:02:54 ----A---- C:\windows\system32\wksprt.exe
2013-07-27 16:02:54 ----A---- C:\windows\system32\TSWbPrxy.exe
2013-07-27 16:02:54 ----A---- C:\windows\system32\rdpudd.dll
2013-07-27 16:02:54 ----A---- C:\windows\system32\rdpendp_winip.dll
2013-07-27 16:02:54 ----A---- C:\windows\system32\mstsc.exe
2013-07-27 16:02:53 ----A---- C:\windows\SYSWOW64\mstscax.dll
2013-07-27 16:02:53 ----A---- C:\windows\system32\rdpcorets.dll
2013-07-27 16:02:52 ----A---- C:\windows\system32\mstscax.dll
2013-07-27 15:52:09 ----A---- C:\windows\system32\wwansvc.dll
2013-07-27 15:52:09 ----A---- C:\windows\system32\wwanprotdim.dll
2013-07-27 15:52:05 ----A---- C:\windows\system32\shell32.dll
2013-07-27 15:52:04 ----A---- C:\windows\system32\authui.dll
2013-07-27 15:52:03 ----A---- C:\windows\SYSWOW64\shell32.dll
2013-07-27 15:52:03 ----A---- C:\windows\system32\shdocvw.dll
2013-07-27 15:52:02 ----A---- C:\windows\system32\consent.exe
2013-07-27 15:52:01 ----A---- C:\windows\SYSWOW64\shdocvw.dll
2013-07-27 15:52:01 ----A---- C:\windows\SYSWOW64\authui.dll
2013-07-27 15:52:01 ----A---- C:\windows\system32\appinfo.dll
2013-07-27 15:51:52 ----A---- C:\windows\SYSWOW64\qdvd.dll
2013-07-27 15:51:52 ----A---- C:\windows\system32\qdvd.dll
2013-07-27 15:51:47 ----A---- C:\windows\SYSWOW64\schannel.dll
2013-07-27 15:51:47 ----A---- C:\windows\system32\schannel.dll
2013-07-27 15:51:47 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2013-07-27 15:51:47 ----A---- C:\windows\system32\drivers\cng.sys
2013-07-27 15:51:46 ----A---- C:\windows\SYSWOW64\sspicli.dll
2013-07-27 15:51:46 ----A---- C:\windows\SYSWOW64\secur32.dll
2013-07-27 15:51:46 ----A---- C:\windows\system32\lsasrv.dll
2013-07-27 15:51:39 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2013-07-27 15:51:39 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2013-07-27 15:51:39 ----A---- C:\windows\system32\cdd.dll
2013-07-27 15:51:37 ----A---- C:\windows\SYSWOW64\dhcpcsvc6.dll
2013-07-27 15:51:37 ----A---- C:\windows\SYSWOW64\dhcpcore6.dll
2013-07-27 15:51:37 ----A---- C:\windows\system32\dhcpcsvc6.dll
2013-07-27 15:51:37 ----A---- C:\windows\system32\dhcpcore6.dll
2013-07-27 15:51:32 ----A---- C:\windows\system32\drivers\ndis.sys
2013-07-27 15:51:31 ----A---- C:\windows\system32\drivers\RNDISMP.sys
2013-07-27 15:51:26 ----A---- C:\windows\SYSWOW64\ncsi.dll
2013-07-27 15:51:26 ----A---- C:\windows\system32\ncsi.dll
2013-07-27 15:51:24 ----A---- C:\windows\system32\netcorehc.dll
2013-07-27 15:51:22 ----A---- C:\windows\system32\nlasvc.dll
2013-07-27 15:51:22 ----A---- C:\windows\system32\iphlpsvc.dll
2013-07-27 15:51:21 ----A---- C:\windows\SYSWOW64\nlaapi.dll
2013-07-27 15:51:21 ----A---- C:\windows\SYSWOW64\netevent.dll
2013-07-27 15:51:21 ----A---- C:\windows\SYSWOW64\netcorehc.dll
2013-07-27 15:51:21 ----A---- C:\windows\system32\nlaapi.dll
2013-07-27 15:51:21 ----A---- C:\windows\system32\netevent.dll
2013-07-27 15:51:21 ----A---- C:\windows\system32\drivers\tcpipreg.sys
2013-07-27 15:49:02 ----A---- C:\windows\SYSWOW64\certutil.exe
2013-07-27 15:49:02 ----A---- C:\windows\system32\certutil.exe
2013-07-27 15:49:01 ----A---- C:\windows\SYSWOW64\certenc.dll
2013-07-27 15:49:01 ----A---- C:\windows\system32\certenc.dll
2013-07-27 15:48:50 ----A---- C:\windows\SYSWOW64\WindowsCodecs.dll
2013-07-27 15:48:50 ----A---- C:\windows\system32\WindowsCodecs.dll
2013-07-27 15:48:37 ----A---- C:\windows\SYSWOW64\DWrite.dll
2013-07-27 15:48:37 ----A---- C:\windows\system32\DWrite.dll
2013-07-27 15:48:36 ----A---- C:\windows\SYSWOW64\d3d11.dll
2013-07-27 15:48:36 ----A---- C:\windows\system32\d3d11.dll
2013-07-27 15:48:22 ----A---- C:\windows\system32\OxpsConverter.exe
2013-07-27 15:48:20 ----A---- C:\windows\system32\win32k.sys
2013-07-27 15:48:16 ----A---- C:\windows\SYSWOW64\cryptdlg.dll
2013-07-27 15:48:16 ----A---- C:\windows\system32\cryptdlg.dll
2013-07-27 15:48:14 ----A---- C:\windows\SYSWOW64\qedit.dll
2013-07-27 15:48:14 ----A---- C:\windows\system32\qedit.dll
2013-07-27 15:48:12 ----A---- C:\windows\SYSWOW64\win32spl.dll
2013-07-27 15:48:12 ----A---- C:\windows\system32\win32spl.dll

======List of files/folders modified in the last 1 month======

2013-08-25 10:51:55 ----D---- C:\Program Files\trend micro
2013-08-25 10:50:19 ----D---- C:\windows\Temp
2013-08-25 10:50:15 ----D---- C:\windows\system32\config
2013-08-25 10:50:13 ----A---- C:\windows\SYSWOW64\log.txt
2013-08-20 23:42:55 ----D---- C:\Windows
2013-08-20 23:36:03 ----SHD---- C:\System Volume Information
2013-08-20 22:37:04 ----D---- C:\Program Files\Defraggler
2013-08-20 22:35:57 ----D---- C:\windows\SoftwareDistribution
2013-08-18 22:19:50 ----D---- C:\windows\Panther
2013-08-18 22:19:50 ----D---- C:\windows\inf
2013-08-18 22:19:50 ----D---- C:\windows\debug
2013-08-18 22:10:54 ----D---- C:\windows\system32\NDF
2013-08-18 22:03:58 ----HD---- C:\ProgramData
2013-08-18 20:52:03 ----D---- C:\windows\Tasks
2013-08-17 16:43:53 ----D---- C:\windows\system32\catroot
2013-08-17 16:43:32 ----D---- C:\windows\system32\drivers\etc
2013-08-17 12:25:03 ----RD---- C:\Program Files (x86)
2013-08-17 12:22:04 ----D---- C:\windows\System32
2013-08-17 12:22:04 ----A---- C:\windows\system32\PerfStringBackup.INI
2013-08-17 12:20:21 ----D---- C:\windows\system32\drivers
2013-08-17 12:20:19 ----D---- C:\windows\system32\DriverStore
2013-08-17 10:51:41 ----D---- C:\windows\system32\Tasks
2013-08-15 20:02:41 ----D---- C:\windows\Microsoft.NET
2013-08-15 20:02:40 ----RSD---- C:\windows\assembly
2013-08-14 20:07:55 ----D---- C:\windows\winsxs
2013-08-14 20:06:21 ----D---- C:\windows\SYSWOW64\cs-CZ
2013-08-14 20:06:21 ----D---- C:\windows\SysWOW64
2013-08-14 20:06:21 ----D---- C:\windows\system32\cs-CZ
2013-08-14 20:06:21 ----D---- C:\windows\AppPatch
2013-08-14 20:06:21 ----D---- C:\Program Files\Internet Explorer
2013-08-14 20:06:21 ----D---- C:\Program Files (x86)\Internet Explorer
2013-08-14 20:01:37 ----D---- C:\windows\system32\catroot2
2013-08-14 20:00:58 ----SHD---- C:\windows\Installer
2013-08-14 19:57:11 ----D---- C:\windows\system32\MRT
2013-08-14 19:55:42 ----A---- C:\windows\system32\MRT.exe
2013-08-12 19:34:49 ----D---- C:\ProgramData\Skype
2013-08-12 19:34:46 ----D---- C:\Program Files (x86)\Common Files
2013-08-11 22:46:52 ----RSD---- C:\windows\Fonts
2013-08-10 21:51:44 ----D---- C:\windows\SYSWOW64\Macromed
2013-08-10 20:40:16 ----D---- C:\Program Files\CCleaner
2013-08-03 21:01:56 ----D---- C:\windows\Prefetch
2013-07-27 20:44:29 ----D---- C:\windows\rescache
2013-07-27 16:09:58 ----D---- C:\windows\SYSWOW64\wbem
2013-07-27 16:09:58 ----D---- C:\windows\SYSWOW64\en-US
2013-07-27 16:09:58 ----D---- C:\windows\system32\wbem
2013-07-27 16:09:58 ----D---- C:\windows\system32\en-US
2013-07-27 16:09:58 ----D---- C:\windows\system32\drivers\en-US
2013-07-27 16:09:58 ----D---- C:\windows\PolicyDefinitions
2013-07-27 16:09:58 ----D---- C:\Program Files\Windows Defender
2013-07-27 16:09:58 ----D---- C:\Program Files (x86)\Windows Defender
2013-07-27 16:09:57 ----D---- C:\windows\SYSWOW64\migration
2013-07-27 16:09:57 ----D---- C:\windows\system32\migration
2013-07-27 16:09:56 ----D---- C:\Program Files\Windows Journal

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [2013-05-09 65336]
R0 aswVmm;aswVmm; C:\windows\system32\drivers\aswVmm.sys [2013-07-14 189936]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-01-08 409112]
R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2010-02-02 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2010-02-02 15688]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2013-05-09 72016]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2013-07-14 1030952]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2013-07-14 378944]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2013-05-09 64288]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-08-17 283064]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2010-02-02 58184]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2013-05-09 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
R2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie; C:\windows\system32\DRIVERS\risdpe64.sys [2009-10-28 79360]
R2 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-11 55808]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2010-01-21 1209856]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl664.sys [2012-10-13 3058168]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\windows\system32\DRIVERS\e1k62x64.sys [2010-01-07 295088]
R3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-04-21 10326784]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2010-01-18 1803904]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 WinUSB;WinUSB Service; C:\windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S3 acsock;acsock; C:\windows\system32\DRIVERS\acsock64.sys [2012-06-07 107432]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETw5s64.sys [2010-02-01 7675392]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\windows\system32\DRIVERS\vpnva64.sys [2012-06-07 27048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2010-01-21 16896]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2010-03-31 462088]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-06-28 2470736]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2011-05-13 30520]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2010-01-08 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-04 268824]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [2010-03-17 244736]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-04 2320920]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-06-07 478712]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-03-28 799800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-10-13 1255736]
S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
S4 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
S4 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S4 HPDayStarterService;HP DayStarter Service; c:\Program Files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-03-25 90112]
S4 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]

-----------------EOF-----------------

selkir · #34 Příspěvek od **selkir** » 25 srp 2013 09:53

info.txt logfile of random's system information tool 1.09 2013-08-25 10:51:59

======Uninstall list======

-->C:\PROGRA~3\INSTAL~1\{2DE1A~1\Setup.exe /remove /q0
-->C:\PROGRA~3\INSTAL~1\{E5A94~1\Setup.exe /remove /q0
ActivClient x64-->MsiExec.exe /X{86E45973-5352-439F-A115-2E8EE4D40140}
Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -maintain plugin
Adobe Reader XI (11.0.03) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Adobe Shockwave Player 12.0-->"C:\windows\SysWOW64\Adobe\Shockwave 12\uninstaller.exe"
Asistent pro přihlášení ke službě Windows Live-->MsiExec.exe /I{3E62B27C-342F-4B44-9331-CA4BC59A586F}
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Bundled software uninstaller-->"C:\Users\Vitek\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe" /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cisco AnyConnect Secure Mobility Client -->C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Uninstall.exe -remove
Cisco AnyConnect Secure Mobility Client-->MsiExec.exe /X{A41EB7B5-8883-4795-A587-AAD8A84A010D}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Device Access Manager for HP ProtectTools-->MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
DirectX 9 Runtime-->MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
Drive Encryption for HP ProtectTools-->msiexec.exe /i {34E6F14D-68F9-486D-87BA-6AA8431F3F44}
File Sanitizer For HP ProtectTools-->MsiExec.exe /I{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}
Fityk 0.9.8-->"C:\Program Files (x86)\Fityk\unins000.exe"
Gaussian 03W-->C:\windows\IsUninst.exe -fC:\G03W\Uninst.isu
GaussView 5.0.8-->c:\Program Files (x86)\g09w\gvw_uninst.exe
Graph 4.3-->"C:\Program Files (x86)\Graph\unins000.exe"
Hewlett-Packard ACLM.NET v1.1.2.0-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
HP 3D DriveGuard-->MsiExec.exe /X{299625B9-6C69-462C-9CEA-8E06D878B1C5}
HP Advisor-->MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP ESU for Microsoft Windows 7-->MsiExec.exe /X{722A2876-B382-4AB5-8CC9-007FF5B28641}
HP HotKey Support-->MsiExec.exe /X{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}
HP Power Assistant-->MsiExec.exe /X{3C33FD2E-6B21-4CD3-B41A-A7331D467617}
HP Power Data-->MsiExec.exe /X{42DBA167-C25D-49CE-BBAF-DEC25E737DA8}
HP ProtectTools Security Manager-->c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\setup.exe
HP ProtectTools Security Manager-->MsiExec.exe /X{9D06DE3F-0B91-4E1F-B791-619A9D1B53EF}
HP QuickLook-->MsiExec.exe /X{61F41F08-1F2A-45B8-88E7-DF3D7A09F96E}
HP QuickWeb-->MsiExec.exe /X{7861911B-4270-498A-8F7A-FCF0570F4877}
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}\setup.exe" -l0x9 -removeonly
HP SoftPaq Download Manager-->MsiExec.exe /I{2DA697D7-FED3-4DE2-A174-92A2A12F9688}
HP Software Framework-->MsiExec.exe /X{DA200FDD-DE3D-4958-8465-C4FBC869544B}
HP Software Setup-->MsiExec.exe /X{04801E42-B1A6-4C52-9F3D-CADB5A050433}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP User Guides 0185-->MsiExec.exe /X{8D4B1DDC-0CB5-4908-B740-A385C2F3B6A9}
HP Web Camera-->MsiExec.exe /I{C7AE4EC3-9C13-4213-8457-74D16B353F91}
HP Webcam Driver-->C:\Program Files (x86)\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0005 -removeonly
HP Webcam-->C:\ProgramData\Uninstall\{1D61E881-43CD-447B-9E6B-D2C6138B2862}\setup.exe /x {1D61E881-43CD-447B-9E6B-D2C6138B2862}
HP Wireless Assistant-->MsiExec.exe /X{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Java 7 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}
Java Card Security for HP ProtectTools-->MsiExec.exe /X{F4477CC0-7293-414A-93BC-20EE897A80F0}
LibreOffice 4.0.4.2-->MsiExec.exe /I{FE88323B-9F0E-4596-8F56-37757C6918E9}
LightScribe System Software-->MsiExec.exe /X{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}
LogMeIn Hamachi-->C:\windows\SysWOW64\\msiexec.exe /i {0ACC2993-2058-4BE7-9A92-9DCDAA9B3412} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}
LSI HDA Modem-->C:\windows\agrsmdel
Marvell Miniport Driver-->C:\Program Files (x86)\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Windows Debugging Symbols-->MsiExec.exe /I{68ADAEAA-DABD-45C1-9CC2-F995407549CD}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nástroj pro odesílání služby Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDFCreator-->C:\Program Files (x86)\PDFCreator\unins000.exe
Privacy Manager for HP ProtectTools-->MsiExec.exe /I{D69F9215-B06A-4ADF-A464-E2607B2FA296}
RICOH Media Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{F5CC2EF8-20A4-4366-A681-3FE849E65809}\SETUP.EXE" -runfromtemp -l0x0009 anything -removeonly
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Business v10-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Business-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio MyDVD-->MsiExec.exe /I{30A2A953-DEB1-466A-B660-F4399C7C6B9D}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E7F6B64E-E11F-3D1C-868D-3F1443DA5A15} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {08BB8EA1-3BA7-3AD5-8A07-22A5EC1F704E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {880A0A36-244B-3C7A-8D6B-56E694CE7883} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9D8496AE-4030-3E92-B44E-4F81051E6C85} /parameterfolder Client
Skype™ 6.7-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Theft Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}\setup.exe" -runfromtemp -l0x0409 -removeonly
Theft Recovery-->MsiExec.exe /X{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}
Total Commander (Remove or Repair)-->C:\Program Files (x86)\totalcmd\tcuninst.exe
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Client
Validity Fingerprint Driver-->MsiExec.exe /X{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}
VD64Inst-->MsiExec.exe /I{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}
Warcraft III Reign of Chaos & The Frozen Throne-->C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\uninstall.exe
Windows 7 Default Setting-->MsiExec.exe /I{5BF8E079-D6E2-4323-B794-75152371122A}
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbtums-vistax64-brcm.inf_amd64_neutral_669857059b361c7a\bcbtums-vistax64-brcm.inf
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbtums-win7x64-brcm.inf_amd64_neutral_be703d2a1f4813d8\bcbtums-win7x64-brcm.inf
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbthid64.inf_amd64_neutral_737f347105a3e66a\bcbthid64.inf
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}
Windows Live Toolbar-->MsiExec.exe /X{6E257F26-57FA-4BC9-AE3B-D50AF937DA7F}
Zotero Standalone 3.0.8 (x86 en-US)-->C:\Program Files (x86)\Zotero Standalone\uninstall\helper.exe

======Hosts File======

::1 localhost

======System event log======

Computer Name: Vitek-HP
Event Code: 7036
Message: Stav služby Telefonní subsystém byl změněn na: Zastaveno
Record Number: 2862
Source Name: Service Control Manager
Time Written: 20121013095455.918772-000
Event Type: Informace
User:

Computer Name: Vitek-HP
Event Code: 7036
Message: Stav služby Služba Plánovač multimédií byl změněn na: Spuštěno
Record Number: 2861
Source Name: Service Control Manager
Time Written: 20121013095328.920197-000
Event Type: Informace
User:

Computer Name: Vitek-HP
Event Code: 20001
Message: Správa ovladačů dokončila proces instalace ovladače FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.inf pro ID instance zařízení STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT5 s následujícím stavem: 0x0.
Record Number: 2860
Source Name: Microsoft-Windows-UserPnp
Time Written: 20121013095302.275350-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Vitek-HP
Event Code: 7036
Message: Stav služby Služba Plánovač multimédií byl změněn na: Zastaveno
Record Number: 2859
Source Name: Service Control Manager
Time Written: 20121013095259.389345-000
Event Type: Informace
User:

Computer Name: Vitek-HP
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 2858
Source Name: Microsoft-Windows-Eventlog
Time Written: 20121013095248.328926-000
Event Type: Informace
User: Vitek-HP\Vitek

=====Application event log=====

Computer Name: Vitek-HP
Event Code: 11707
Message: Produkt: Norton Online Backup - Instalace byla úspěšně dokončena.
Record Number: 1972
Source Name: MsiInstaller
Time Written: 20121013095307.000000-000
Event Type: Informace
User: Vitek-HP\Vitek

Computer Name: Vitek-HP
Event Code: 1042
Message: Probíhá ukončování transakce Instalační služby systému Windows: C:\Users\Vitek\AppData\Local\Temp\7zS5C33.tmp\ActivationInstaller.msi. ID procesu klienta: 3776
Record Number: 1971
Source Name: MsiInstaller
Time Written: 20121013095307.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Vitek-HP
Event Code: 10000
Message: Zahajování relace 0 – ‎2012‎-‎10‎-‎13T09:53:05.130155600Z.
Record Number: 1970
Source Name: Microsoft-Windows-RestartManager
Time Written: 20121013095305.130155-000
Event Type: Informace
User: Vitek-HP\Vitek

Computer Name: Vitek-HP
Event Code: 8194
Message: Bod obnovení byl úspěšně vytvořen (Proces = C:\windows\system32\msiexec.exe /V; Popis = Installed Norton Online Backup).
Record Number: 1969
Source Name: System Restore
Time Written: 20121013095305.000000-000
Event Type: Informace
User:

Computer Name: Vitek-HP
Event Code: 1040
Message: Probíhá zahajování transakce Instalační služby systému Windows: C:\Users\Vitek\AppData\Local\Temp\7zS5C33.tmp\ActivationInstaller.msi. ID procesu klienta: 3776
Record Number: 1968
Source Name: MsiInstaller
Time Written: 20121013095254.000000-000
Event Type: Informace
User: Vitek-HP\Vitek

=====Security event log=====

Computer Name: Vitek-HP
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 660
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121013095749.460861-000
Event Type: Úspěšný audit
User:

Computer Name: Vitek-HP
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: VITEK-HP$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2b0
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 659
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121013095749.460861-000
Event Type: Úspěšný audit
User:

Computer Name: Vitek-HP
Event Code: 4905
Message: Došlo k pokusu zrušit registraci zdroje události zabezpečení.

Předmět
ID zabezpečení: S-1-5-18
Název účtu: VITEK-HP$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Proces:
ID procesu: 0xaa8
Název procesu: C:\Windows\System32\VSSVC.exe

Zdroj události:
Název zdroje: VSSAudit
ID zdroje události: 0x583c50
Record Number: 658
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121013095309.638563-000
Event Type: Úspěšný audit
User:

Computer Name: Vitek-HP
Event Code: 4904
Message: Došlo k pokusu zaregistrovat zdroj události zabezpečení.

Předmět :
ID zabezpečení: S-1-5-18
Název účtu: VITEK-HP$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Proces:
ID procesu: 0xaa8
Název procesu: C:\Windows\System32\VSSVC.exe

Zdroj události:
Název zdroje: VSSAudit
ID zdroje události: 0x583c50
Record Number: 657
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121013095309.638563-000
Event Type: Úspěšný audit
User:

Computer Name: Vitek-HP
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-1372579906-2074874801-2762831214-1002
Název účtu: Vitek
Název domény: Vitek-HP
ID přihlášení: 0xfeade
Record Number: 656
Source Name: Microsoft-Windows-Eventlog
Time Written: 20121013095248.328926-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;c:\Program Files\Hewlett-Packard\Drive Encryption\;C:\Program Files\Broadcom\Broadcom 802.11\Driver
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=2505
"OnlineServices"=Online Services
"Platform"=BNB
"PCBRAND"=b
"PTSM_install_path"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin
"RoxioCentral"=c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\
"EMC_AUTOPLAY"=c:\Program Files (x86)\Common Files\Roxio Shared\

-----------------EOF-----------------

#35 Příspěvek od **Márty84** » 25 srp 2013 10:12

Trva to tak dlouho i v nouzovem rezimu?

selkir · #36 Příspěvek od **selkir** » 25 srp 2013 10:30

nevím, to jsem nezkoušel

#37 Příspěvek od **Márty84** » 25 srp 2013 11:25

Tak to zkuste

selkir · #38 Příspěvek od **selkir** » 25 srp 2013 11:43

A jak to provedu?

#39 Příspěvek od **Márty84** » 25 srp 2013 11:52

Do nouzoveho rezimu se dostanete takto:
restartujte pc, mackejte klavesu F8 - pripadne jinou, zalezi na typu stroje - a zvolte moznost nouzovy rezim.
Kdyby to neslo, zde je jiny postup http://forum.viry.cz/viewtopic.php?f=46&t=7554

selkir · #40 Příspěvek od **selkir** » 25 srp 2013 12:29

Tak v nouzovém režimu je to hned, při normálním spuštění je to přesně minuta a půl, což mi přijde příšerné...

#41 Příspěvek od **Márty84** » 25 srp 2013 13:33

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

selkir · #42 Příspěvek od **selkir** » 25 srp 2013 22:32

ComboFix 13-08-25.01 - Vitek 25.08.2013 23:25:25.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3887.2501 [GMT 2:00]
Spuštěný z: c:\users\Vitek\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCont32.dll.mui
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-25 do 2013-08-25 )))))))))))))))))))))))))))))))
.
.
2013-08-25 21:30 . 2013-08-25 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-25 08:51 . 2013-08-25 08:51 -------- d-----w- C:\rsit
2013-08-17 10:20 . 2013-08-17 10:20 -------- d-----w- c:\users\Vitek\AppData\Local\Application Data
2013-08-17 10:19 . 2013-08-17 10:19 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-08-17 10:19 . 2013-08-17 10:19 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-08-15 17:12 . 2013-08-15 17:12 -------- d-----w- c:\users\Vitek\AppData\Roaming\Malwarebytes
2013-08-14 17:50 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 17:47 . 2013-08-14 17:53 -------- d-----w- C:\AdwCleaner
2013-08-12 17:34 . 2013-08-12 17:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-08-12 17:34 . 2013-08-12 17:34 -------- d-----r- c:\program files (x86)\Skype
2013-08-12 17:21 . 2013-08-13 20:06 -------- d-----w- c:\users\Vitek\AppData\Roaming\Skype
2013-08-11 12:00 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2013-08-11 08:53 . 2013-08-11 08:53 -------- d-----w- c:\programdata\StarApp
2013-08-11 08:53 . 2013-08-11 08:53 -------- d-----w- c:\users\Vitek\AppData\Local\Programs
2013-08-03 19:01 . 2013-08-03 19:01 -------- d-----w- c:\windows\SysWow64\Adobe
2013-07-28 18:31 . 2013-07-28 18:31 -------- d-----w- c:\program files (x86)\LibreOffice 4.0
2013-07-27 14:03 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-07-27 14:03 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-27 14:03 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-27 14:03 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-07-27 14:03 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-07-27 14:03 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-07-27 13:52 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-07-27 13:52 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-07-27 13:52 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-27 13:52 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-07-27 13:52 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-27 13:52 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-07-27 13:52 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-07-27 13:52 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-07-27 13:49 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-27 13:49 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-27 13:49 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-27 13:49 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-27 13:49 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-27 13:49 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-07-27 13:49 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-07-27 13:49 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-07-27 13:49 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 17:55 . 2012-10-13 12:06 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-14 12:22 . 2013-07-14 12:22 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-07-14 12:22 . 2013-07-14 12:22 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-14 12:22 . 2013-07-14 12:22 81408 ----a-w- c:\windows\system32\icardie.dll
2013-07-14 12:22 . 2013-07-14 12:22 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-07-14 12:22 . 2013-07-14 12:22 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-14 12:22 . 2013-07-14 12:22 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-07-14 12:22 . 2013-07-14 12:22 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-07-14 12:22 . 2013-07-14 12:22 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-07-14 12:22 . 2013-07-14 12:22 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-07-14 12:22 . 2013-07-14 12:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-07-14 12:22 . 2013-07-14 12:22 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-07-14 12:22 . 2013-07-14 12:22 441856 ----a-w- c:\windows\system32\html.iec
2013-07-14 12:22 . 2013-07-14 12:22 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-07-14 12:22 . 2013-07-14 12:22 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-07-14 12:22 . 2013-07-14 12:22 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-07-14 12:22 . 2013-07-14 12:22 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-14 12:22 . 2013-07-14 12:22 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-07-14 12:22 . 2013-07-14 12:22 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-07-14 12:22 . 2013-07-14 12:22 235008 ----a-w- c:\windows\system32\url.dll
2013-07-14 12:22 . 2013-07-14 12:22 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-07-14 12:22 . 2013-07-14 12:22 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-07-14 12:22 . 2013-07-14 12:22 216064 ----a-w- c:\windows\system32\msls31.dll
2013-07-14 12:22 . 2013-07-14 12:22 197120 ----a-w- c:\windows\system32\msrating.dll
2013-07-14 12:22 . 2013-07-14 12:22 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-07-14 12:22 . 2013-07-14 12:22 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-07-14 12:22 . 2013-07-14 12:22 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-07-14 12:22 . 2013-07-14 12:22 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-14 12:22 . 2013-07-14 12:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-07-14 12:22 . 2013-07-14 12:22 144896 ----a-w- c:\windows\system32\wextract.exe
2013-07-14 12:22 . 2013-07-14 12:22 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-07-14 12:22 . 2013-07-14 12:22 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-07-14 12:22 . 2013-07-14 12:22 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-07-14 12:22 . 2013-07-14 12:22 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-07-14 12:22 . 2013-07-14 12:22 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-07-14 12:22 . 2013-07-14 12:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-07-14 12:22 . 2013-07-14 12:22 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-14 12:22 . 2013-07-14 12:22 102912 ----a-w- c:\windows\system32\inseng.dll
2013-07-14 12:22 . 2013-07-14 12:22 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-14 12:22 . 2013-07-14 12:22 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-07-14 12:22 . 2013-07-14 12:22 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-07-14 12:22 . 2013-07-14 12:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-07-14 12:22 . 2013-07-14 12:22 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-07-14 12:22 . 2013-07-14 12:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-14 12:22 . 2013-07-14 12:22 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-14 12:22 . 2013-07-14 12:22 149504 ----a-w- c:\windows\system32\occache.dll
2013-07-14 12:22 . 2013-07-14 12:22 13824 ----a-w- c:\windows\system32\mshta.exe
2013-07-14 12:22 . 2013-07-14 12:22 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-07-14 12:22 . 2013-07-14 12:22 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-14 12:22 . 2013-07-14 12:22 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-07-14 12:21 . 2013-07-14 12:21 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-07-14 12:20 . 2013-07-14 12:20 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-14 12:20 . 2013-07-14 12:20 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-14 12:20 . 2013-07-14 12:20 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-07-14 12:20 . 2013-07-14 12:20 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-07-14 12:20 . 2013-07-14 12:20 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-07-14 12:20 . 2013-07-14 12:20 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-07-14 12:20 . 2013-07-14 12:20 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-14 12:20 . 2013-07-14 12:20 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-14 12:20 . 2013-07-14 12:20 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-07-14 12:20 . 2013-07-14 12:20 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-14 12:20 . 2013-07-14 12:20 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-07-14 12:20 . 2013-07-14 12:20 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-14 12:20 . 2013-07-14 12:20 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-07-14 12:20 . 2013-07-14 12:20 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-07-14 12:20 . 2013-07-14 12:20 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-14 12:20 . 2013-07-14 12:20 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-14 12:20 . 2013-07-14 12:20 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-07-14 12:20 . 2013-07-14 12:20 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-07-14 12:20 . 2013-07-14 12:20 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-14 12:20 . 2013-07-14 12:20 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-07-14 12:20 . 2013-07-14 12:20 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-07-14 12:20 . 2013-07-14 12:20 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-07-14 12:20 . 2013-07-14 12:20 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-07-14 12:20 . 2013-07-14 12:20 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-14 12:20 . 2013-07-14 12:20 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-07-14 12:20 . 2013-07-14 12:20 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-07-14 12:20 . 2013-07-14 12:20 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-07-14 12:20 . 2013-07-14 12:20 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-07-14 12:20 . 2013-07-14 12:20 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-07-14 11:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-07-14 11:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"estar"="c:\system.sav\Util\HideDOS.EXE" [2006-11-28 77824]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R4 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R4 HPDayStarterService;HP DayStarter Service;c:\program files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe;c:\program files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [x]
R4 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-18 c:\windows\Tasks\HPCeeScheduleForVitek.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - vpnweb.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{036F0439-DF74-BD1B-C573-47099B0C2DE2} - c:\progra~3\INSTAL~1\{E5A94~1\Setup.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{EB0A016C-E618-7BBA-A037-C9F72CC473B7} - c:\progra~3\INSTAL~1\{2DE1A~1\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-08-25 23:32:15
ComboFix-quarantined-files.txt 2013-08-25 21:32
.
Před spuštěním: Volných bajtů: 433 708 335 104
Po spuštění: Volných bajtů: 433 552 302 080
.
- - End Of File - - D66BCD4AF566271C7A26E319F80A3AD2
A36C5E4F47E84449FF07ED3517B43A31

#43 Příspěvek od **Márty84** » 26 srp 2013 09:56

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - vpnweb.cab

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

selkir · #44 Příspěvek od **selkir** » 26 srp 2013 21:18

ComboFix 13-08-25.01 - Vitek 26.08.2013 21:32:45.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3887.2395 [GMT 2:00]
Spuštěný z: c:\users\Vitek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vitek\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-26 do 2013-08-26 )))))))))))))))))))))))))))))))
.
.
2013-08-25 08:51 . 2013-08-25 08:51 -------- d-----w- C:\rsit
2013-08-17 10:20 . 2013-08-17 10:20 -------- d-----w- c:\users\Vitek\AppData\Local\Application Data
2013-08-17 10:19 . 2013-08-17 10:19 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-08-17 10:19 . 2013-08-17 10:19 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-08-15 17:12 . 2013-08-15 17:12 -------- d-----w- c:\users\Vitek\AppData\Roaming\Malwarebytes
2013-08-14 17:50 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 17:47 . 2013-08-14 17:53 -------- d-----w- C:\AdwCleaner
2013-08-12 17:34 . 2013-08-12 17:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-08-12 17:34 . 2013-08-12 17:34 -------- d-----r- c:\program files (x86)\Skype
2013-08-12 17:21 . 2013-08-13 20:06 -------- d-----w- c:\users\Vitek\AppData\Roaming\Skype
2013-08-11 12:00 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2013-08-11 08:53 . 2013-08-11 08:53 -------- d-----w- c:\programdata\StarApp
2013-08-11 08:53 . 2013-08-11 08:53 -------- d-----w- c:\users\Vitek\AppData\Local\Programs
2013-08-03 19:01 . 2013-08-03 19:01 -------- d-----w- c:\windows\SysWow64\Adobe
2013-07-28 18:31 . 2013-07-28 18:31 -------- d-----w- c:\program files (x86)\LibreOffice 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 17:55 . 2012-10-13 12:06 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-14 12:22 . 2013-07-14 12:22 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-07-14 12:22 . 2013-07-14 12:22 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-14 12:22 . 2013-07-14 12:22 81408 ----a-w- c:\windows\system32\icardie.dll
2013-07-14 12:22 . 2013-07-14 12:22 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-07-14 12:22 . 2013-07-14 12:22 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-14 12:22 . 2013-07-14 12:22 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-07-14 12:22 . 2013-07-14 12:22 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-07-14 12:22 . 2013-07-14 12:22 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-07-14 12:22 . 2013-07-14 12:22 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-07-14 12:22 . 2013-07-14 12:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-07-14 12:22 . 2013-07-14 12:22 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-07-14 12:22 . 2013-07-14 12:22 441856 ----a-w- c:\windows\system32\html.iec
2013-07-14 12:22 . 2013-07-14 12:22 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-07-14 12:22 . 2013-07-14 12:22 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-07-14 12:22 . 2013-07-14 12:22 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-07-14 12:22 . 2013-07-14 12:22 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-14 12:22 . 2013-07-14 12:22 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-07-14 12:22 . 2013-07-14 12:22 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-07-14 12:22 . 2013-07-14 12:22 235008 ----a-w- c:\windows\system32\url.dll
2013-07-14 12:22 . 2013-07-14 12:22 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-07-14 12:22 . 2013-07-14 12:22 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-07-14 12:22 . 2013-07-14 12:22 216064 ----a-w- c:\windows\system32\msls31.dll
2013-07-14 12:22 . 2013-07-14 12:22 197120 ----a-w- c:\windows\system32\msrating.dll
2013-07-14 12:22 . 2013-07-14 12:22 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-07-14 12:22 . 2013-07-14 12:22 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-07-14 12:22 . 2013-07-14 12:22 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-07-14 12:22 . 2013-07-14 12:22 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-14 12:22 . 2013-07-14 12:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-07-14 12:22 . 2013-07-14 12:22 144896 ----a-w- c:\windows\system32\wextract.exe
2013-07-14 12:22 . 2013-07-14 12:22 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-07-14 12:22 . 2013-07-14 12:22 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-07-14 12:22 . 2013-07-14 12:22 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-07-14 12:22 . 2013-07-14 12:22 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-07-14 12:22 . 2013-07-14 12:22 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-07-14 12:22 . 2013-07-14 12:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-07-14 12:22 . 2013-07-14 12:22 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-14 12:22 . 2013-07-14 12:22 102912 ----a-w- c:\windows\system32\inseng.dll
2013-07-14 12:22 . 2013-07-14 12:22 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-14 12:22 . 2013-07-14 12:22 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-07-14 12:22 . 2013-07-14 12:22 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-07-14 12:22 . 2013-07-14 12:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-07-14 12:22 . 2013-07-14 12:22 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-07-14 12:22 . 2013-07-14 12:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-14 12:22 . 2013-07-14 12:22 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-14 12:22 . 2013-07-14 12:22 149504 ----a-w- c:\windows\system32\occache.dll
2013-07-14 12:22 . 2013-07-14 12:22 13824 ----a-w- c:\windows\system32\mshta.exe
2013-07-14 12:22 . 2013-07-14 12:22 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-07-14 12:22 . 2013-07-14 12:22 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-14 12:22 . 2013-07-14 12:22 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-07-14 12:21 . 2013-07-14 12:21 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-07-14 12:20 . 2013-07-14 12:20 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-14 12:20 . 2013-07-14 12:20 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-14 12:20 . 2013-07-14 12:20 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-07-14 12:20 . 2013-07-14 12:20 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-07-14 12:20 . 2013-07-14 12:20 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-07-14 12:20 . 2013-07-14 12:20 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-07-14 12:20 . 2013-07-14 12:20 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-14 12:20 . 2013-07-14 12:20 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-14 12:20 . 2013-07-14 12:20 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-07-14 12:20 . 2013-07-14 12:20 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-14 12:20 . 2013-07-14 12:20 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-07-14 12:20 . 2013-07-14 12:20 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-14 12:20 . 2013-07-14 12:20 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-14 12:20 . 2013-07-14 12:20 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-07-14 12:20 . 2013-07-14 12:20 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-07-14 12:20 . 2013-07-14 12:20 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-14 12:20 . 2013-07-14 12:20 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-14 12:20 . 2013-07-14 12:20 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-07-14 12:20 . 2013-07-14 12:20 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-07-14 12:20 . 2013-07-14 12:20 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-14 12:20 . 2013-07-14 12:20 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-07-14 12:20 . 2013-07-14 12:20 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-07-14 12:20 . 2013-07-14 12:20 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-07-14 12:20 . 2013-07-14 12:20 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-07-14 12:20 . 2013-07-14 12:20 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-14 12:20 . 2013-07-14 12:20 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-07-14 12:20 . 2013-07-14 12:20 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-07-14 12:20 . 2013-07-14 12:20 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-07-14 12:20 . 2013-07-14 12:20 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-07-14 12:20 . 2013-07-14 12:20 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-07-14 11:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-07-14 11:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"estar"="c:\system.sav\Util\HideDOS.EXE" [2006-11-28 77824]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R4 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R4 HPDayStarterService;HP DayStarter Service;c:\program files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe;c:\program files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [x]
R4 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-18 c:\windows\Tasks\HPCeeScheduleForVitek.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 1691192]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = %SystemRoot%\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - vpnweb.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{036F0439-DF74-BD1B-C573-47099B0C2DE2} - c:\progra~3\INSTAL~1\{E5A94~1\Setup.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{EB0A016C-E618-7BBA-A037-C9F72CC473B7} - c:\progra~3\INSTAL~1\{2DE1A~1\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Celkový čas: 2013-08-26 22:18:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-26 20:18
ComboFix2.txt 2013-08-25 21:32
.
Před spuštěním: Volných bajtů: 433 549 385 728
Po spuštění: Volných bajtů: 433 093 259 264
.
- - End Of File - - 29C6CB87570895D61468D16FB1CCE341
A36C5E4F47E84449FF07ED3517B43A31

#45 Příspěvek od **Márty84** » 27 srp 2013 08:59

Nastala nejaka zmena?

Odinstalujte McAfee

VIRY.CZ

preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva

Re: preventikva