VIRY.CZ

Zdravím a prosím o první preventivní kontrolu logu na mém novém OS a HDD. Nějak se mi PC zpomaluje. Předem díky

Log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2012-02-19 15:33:36
Microsoft Windows 7 Ultimate
System drive C: has 1505 GB (79%) free of 1908 GB
Total RAM: 4095 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:33:40, on 19.2.2012
Platform: Windows 7 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2097474747-2032468768-287828109-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2097474747-2032468768-287828109-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8449 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\CNAB4RPD.EXE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe"
WLIDSvcM.exe 1952
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4716.b9651f0.170272269 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.9.0.1 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 4716 "\\.\pipe\gecko-crash-server-pipe.4716" plugin
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe150_ Global\UsGthrCtrlFltPipeMssGthrPipe150 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Petr\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\kq4n6r5i.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
fcmdSrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll [2011-09-05 265944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-15 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-15 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll [2011-09-05 220888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]
"WrtMon.exe"=C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [2006-09-20 20480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe [2011-11-24 247968]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"facemoods"=C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [2011-09-05 362200]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Canon LBP2900 Status Window.lnk - C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-19 15:33:36 ----D---- C:\rsit
2012-02-19 15:33:36 ----D---- C:\Program Files\trend micro
2012-02-15 13:28:41 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-02-15 13:28:41 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-02-15 13:28:41 ----A---- C:\Windows\SYSWOW64\java.exe
2012-02-15 13:28:34 ----D---- C:\Program Files (x86)\Java
2012-02-08 20:29:57 ----D---- C:\Windows\system32\appmgmt
2012-02-06 20:47:22 ----D---- C:\Users\Petr\AppData\Roaming\NewSoft
2012-02-06 20:43:09 ----A---- C:\Windows\SYSWOW64\ippsa611.dll
2012-02-06 20:43:09 ----A---- C:\Windows\SYSWOW64\ippja611.dll
2012-02-06 20:43:09 ----A---- C:\Windows\SYSWOW64\ippcva611.dll
2012-02-06 20:43:08 ----A---- C:\Windows\SYSWOW64\ippsra611.dll
2012-02-06 20:43:08 ----A---- C:\Windows\SYSWOW64\ippsr11.dll
2012-02-06 20:43:08 ----A---- C:\Windows\SYSWOW64\ipps11.dll
2012-02-06 20:43:08 ----A---- C:\Windows\SYSWOW64\ippj11.dll
2012-02-06 20:43:08 ----A---- C:\Windows\SYSWOW64\ippia611.dll
2012-02-06 20:43:08 ----A---- C:\Windows\SYSWOW64\ippi11.dll
2012-02-06 20:43:08 ----A---- C:\Windows\SYSWOW64\ippcv11.dll
2012-02-06 20:43:08 ----A---- C:\Windows\SYSWOW64\IPPCPUID.DLL
2012-02-06 20:43:00 ----A---- C:\Windows\IsUninst.exe
2012-02-06 20:41:31 ----A---- C:\Windows\SYSWOW64\pmsbfn32.dll
2012-02-06 20:41:31 ----A---- C:\Windows\SYSWOW64\CTL3DV2.DLL
2012-02-06 20:37:45 ----D---- C:\ProgramData\InstallShield
2012-02-06 20:37:35 ----D---- C:\Users\Petr\AppData\Roaming\ScanSoft
2012-02-06 20:37:29 ----D---- C:\ProgramData\ScanSoft
2012-02-06 20:35:13 ----A---- C:\Windows\PCDLIB32.DLL
2012-02-06 20:34:20 ----D---- C:\Program Files\Common Files\CANON
2012-02-06 20:31:35 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2012-02-06 20:31:28 ----HD---- C:\Program Files\CanonBJ
2012-02-06 19:40:06 ----D---- C:\Program Files (x86)\MSECache
2012-02-03 17:35:18 ----D---- C:\Program Files (x86)\Farming Simulator 2011

======List of files/folders modified in the last 1 month======

2012-02-19 15:33:40 ----D---- C:\Windows\Prefetch
2012-02-19 15:33:37 ----D---- C:\Windows\Temp
2012-02-19 15:33:36 ----RD---- C:\Program Files
2012-02-19 14:16:52 ----D---- C:\Windows\system32\config
2012-02-19 00:06:14 ----D---- C:\Filmy
2012-02-18 19:04:00 ----D---- C:\Program Files (x86)\JDownloader
2012-02-18 17:58:03 ----D---- C:\Stahovani
2012-02-18 17:12:16 ----RD---- C:\Program Files (x86)
2012-02-18 16:56:37 ----D---- C:\Hry
2012-02-18 16:39:13 ----D---- C:\ProgramData\NVIDIA
2012-02-15 13:28:57 ----SHD---- C:\Windows\Installer
2012-02-15 13:28:56 ----D---- C:\Program Files (x86)\Common Files
2012-02-15 13:28:41 ----D---- C:\Windows\SysWOW64
2012-02-15 13:28:35 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-02-15 13:27:41 ----SHD---- C:\System Volume Information
2012-02-14 21:10:01 ----D---- C:\Windows\system32\catroot
2012-02-14 21:09:59 ----D---- C:\Windows\winsxs
2012-02-14 21:09:28 ----D---- C:\Windows\system32\catroot2
2012-02-08 20:29:57 ----D---- C:\Windows\System32
2012-02-08 20:29:38 ----D---- C:\Windows
2012-02-08 20:25:40 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-02-06 20:37:45 ----HD---- C:\ProgramData
2012-02-06 20:37:28 ----D---- C:\Windows\Downloaded Program Files
2012-02-06 20:34:20 ----D---- C:\Program Files\Common Files
2012-02-06 20:31:44 ----D---- C:\Program Files (x86)\Canon
2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-24 11:22:59 ----D---- C:\Windows\system32\NDF
2012-01-22 17:01:56 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-11-23 530488]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]
S3 akcu3p9i;akcu3p9i; C:\Windows\system32\drivers\akcu3p9i.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 xnacc;Služba ovladače pro řadič XBOX 360 pro systém Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 679936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-22 1255736]

-----------------EOF-----------------

Zdravim a pekny den preji

Mohu mit dotaz, proc si bezny uzivatel kupuje nejvyssi licenci Windows Ultimate, ktera je urcena spise pro velke korporace, kdyz stejne nevyuzije nic vic nez nabizi verze Home Premium

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Zde zasílám druhý log z RSIT:

info.txt logfile of random's system information tool 1.09 2012-02-19 15:33:42

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu
-->MsiExec /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}
Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe -maintain plugin
Adobe Reader X (10.1.2) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
Aktualizace NVIDIA 1.5.20-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
ANNO 2070-->"C:\Program Files (x86)\InstallShield Installation Information\{B48E264C-C8CD-4617-B0BE-46E977BAD694}\setup.exe" -runfromtemp -l0x0809 -removeonly
Ashampoo Burning Studio 11 v.11.0.2-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 11\unins000.exe"
Canon CanoScan Toolbox 5.0-->"C:\Program Files (x86)\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\CanoScan Toolbox Ver5.0\uninst.ini
Canon LBP2900-->C:\Program Files\Canon\PrnUninstall\Canon LBP2900\CNAB4UND.EXE
CanoScan 4400F-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803 /L0x0005
ConvertXtoDVD 4.1.10.348-->"C:\Program Files (x86)\VSO\ConvertX\4\unins000.exe"
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
DiRT 3-->MsiExec.exe /I{434D0FA0-1558-4D8E-AC3D-BD1000008200} ARPNOREPAIR="1"
DiRT 3-->MsiExec.exe /X{434D0FA0-1558-4D8E-AC3D-BD1000008200}
Doplněk Microsoft Save as PDF pro aplikace sady Microsoft Office 2007-->MsiExec.exe /X{90120000-00B0-0405-0000-0000000FF1CE}
DVDFab 8.1.3.6 (01/12/2011) Qt-->"C:\Program Files (x86)\DVDFab 8 Qt\unins000.exe"
F1 2011-->MsiExec.exe /I{434D0FA1-3E0C-4D03-A5D4-5E1000008100}
F1 2011-->MsiExec.exe /X{434D0FA1-3E0C-4D03-A5D4-5E1000008100}
Facemoods Toolbar-->"C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe"
Farming Simulator 2011-->"C:\Program Files (x86)\Farming Simulator 2011\unins000.exe"
German Truck Simulator 1.04-->C:\Program Files (x86)\German Truck Simulator\uninst.exe
Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
JDownloader 0.9-->C:\Program Files (x86)\JDownloader\JDUninstall.exe
K-Lite Codec Pack 5.6.0 (64-bit)-->"C:\Program Files\K-Lite Codec Pack x64\unins000.exe"
L.A. Noire-->"C:\Program Files (x86)\InstallShield Installation Information\{915726DF-7891-444A-AA03-0DF1D64F561A}\setup.exe" -runfromtemp -l0x0809 -removeonly
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Mozilla Firefox 9.0.1 (x86 cs)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
NVIDIA Ovladač 3D Vision 285.62-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovladač řídící jednotky 3D Vision 285.62-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Ovladače grafiky 285.62-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Systémový software PhysX 9.11.0621-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
Rapture3D 2.4.9 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
Rockstar Games Social Club-->C:\Program Files (x86)\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP
Total Commander 64-bit (Remove or Repair)-->c:\totalcmd\tcunin64.exe
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
UE3Redist-->"C:\Program Files (x86)\InstallShield Installation Information\{2FB04107-7BC2-449C-915A-530B29B5E0FE}\setup.exe" -runfromtemp -l0x0409 -removeonly
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Outlook 2007 Junk Email Filter (KB2596560)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2964DDE1-4925-4DF1-AF2C-0A36B3442228}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR 4.01 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Cryptographic Services byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Modules Installer byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Software Protection byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Volume Shadow Copy byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPRequestAdditionalSoftware
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x64
P2: USB\VID_03F0&PID_0862&REV_0105&MI_01
P3: 6.1.0.0
P4: 0405
P5: input.inf
P6: *
P7:
P8:
P9:
P10:

Připojené soubory:

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_ba205abca1a7be1a4fcfad115c34b6e8d2e1028_cab_05b92692

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 5de3df53-1542-11e1-a746-9c3dc98c7e4f
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20111122194419.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20111122194416.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20111122194413.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20111122194409.616112-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20111122194409.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111122194352.970883-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111122194352.970883-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x32d90
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111122194352.627682-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111122194350.896079-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111122194350.833679-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706

-----------------EOF-----------------

vyosek píše: Mohu mit dotaz, proc si bezny uzivatel kupuje nejvyssi licenci Windows Ultimate, ktera je urcena spise pro velke korporace, kdyz stejne nevyuzije nic vic nez nabizi verze Home Premium

Pouzivany ESET Smart Security mate zakoupenou licenci nebo zkusebni verzi

Mohu mit dotaz, proc si bezny uzivatel kupuje nejvyssi licenci Windows Ultimate, ktera je urcena spise pro velke korporace, kdyz stejne nevyuzije nic vic nez nabizi verze Home Premium?

A to se nesmí???

Tady jsou údaje o ESET Smart Security:

Vážený uživateli,

rádi bychom Vám touto cestou poděkovali za výběr bezpečnostního řešení ESET. Zaplacením zálohové faktury (proformy, viz příloha) se stáváte vlastníkem licence.
Po obdržení platby Vám zašleme fakturu/daňový doklad a certifikát.

ÚDAJE PRO PLATBU:

Variabilní symbol: 312007417
Číslo účtu: 51-2451350287/0100
Částka: 1 049,00 Kč včetně DPH
Splatnost: 28. 2. 2012

Zálohovou fakturu můžete uhradit bankovním převodem, složenkou typu A na České poště, a nebo složením částky na kterékoliv pobočce Komerční banky.


--- LICENCE ---

PRODUKT: ESET Smart Security
TYP: Prodloužení (1 rok)
STANIC: 1
EXPIRACE: 24. 2. 2013

UŽIVATELSKÉ JMÉNO: ______
HESLO: ______
(znaky ___ nejsou součástí jména ani hesla!)

Klient: P. K.

Licence je aktivní od dnešního dne a řešení ESET lze stáhnout z

Samozřejmě uživatelské jméno a heslo Vám nenapíšu, to snad chápete. Licenci si prodlužuji již 4. roky, protože jsem s tímto řešením ochrany mého PC spokojen.
Nevykládejte si to špatně, ale již jednou jste mě před časem neprávem obvinil z používání nelegálního OS a nelegálního řešení ochrany mého PC a to jen proto, že na extérním disku, který přinesl můj syn byli legalizátory Windowsu, i když já mám vždy vše legálně zakoupeno. Nejsem žádný 20-ti letý pírát, ale 41 letý poctivý občan.

Ja nerikam ze se nesmi mit Ultimate, ja se jen ptal proc ji bezny user ma, tot vse

Za ESS dekuji s cislem chapu a hned jsem se dival jestli tam nahodou neni abych jej umazl

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Díky za rady a zde zasílám log z ComboFixu:

ComboFix 12-02-19.02 - Petr 19.02.2012 20:36:31.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.0.1250.420.1029.18.4095.2930 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\users\Petr\AppData\Roaming\Roaming
c:\users\Petr\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\users\Petr\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\tmp9725.tmp
c:\windows\SysWow64\tmp9745.tmp
F:\Setup.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-19 do 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 19:40 . 2012-02-19 19:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-19 19:40 . 2012-02-19 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 14:33 . 2012-02-19 14:33 -------- d-----w- C:\rsit
2012-02-19 14:33 . 2012-02-19 14:33 -------- d-----w- c:\program files\trend micro
2012-02-15 12:28 . 2012-02-15 12:28 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-15 12:28 . 2012-02-15 12:28 -------- d-----w- c:\program files (x86)\Java
2012-02-10 19:05 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CD32409-EBD0-4494-8294-14A85C05527F}\mpengine.dll
2012-02-08 19:29 . 2012-02-08 19:29 -------- d-----w- c:\windows\system32\appmgmt
2012-02-06 19:47 . 2012-02-08 19:24 -------- d-----w- c:\users\Petr\AppData\Roaming\NewSoft
2012-02-06 19:47 . 2012-02-06 19:47 -------- d-----w- c:\users\Petr\AppData\Local\NewSoft
2012-02-06 19:43 . 2001-08-23 17:58 1359872 ----a-w- c:\windows\SysWow64\ippsa611.dll
2012-02-06 19:43 . 2001-08-23 17:58 151552 ----a-w- c:\windows\SysWow64\ippja611.dll
2012-02-06 19:43 . 2001-08-23 17:58 462848 ----a-w- c:\windows\SysWow64\ippcva611.dll
2012-02-06 19:43 . 2001-08-23 17:58 77824 ----a-w- c:\windows\SysWow64\ippsr11.dll
2012-02-06 19:43 . 2001-08-23 17:58 184320 ----a-w- c:\windows\SysWow64\ippsra611.dll
2012-02-06 19:43 . 2001-08-23 17:58 176128 ----a-w- c:\windows\SysWow64\ipps11.dll
2012-02-06 19:43 . 2001-08-23 17:58 65536 ----a-w- c:\windows\SysWow64\ippj11.dll
2012-02-06 19:43 . 2001-08-23 17:58 2428928 ----a-w- c:\windows\SysWow64\ippia611.dll
2012-02-06 19:43 . 2001-08-23 17:58 225280 ----a-w- c:\windows\SysWow64\ippi11.dll
2012-02-06 19:43 . 2001-08-23 17:58 94208 ----a-w- c:\windows\SysWow64\ippcv11.dll
2012-02-06 19:43 . 2001-03-10 16:56 40960 ----a-w- c:\windows\SysWow64\IPPCPUID.DLL
2012-02-06 19:43 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-02-06 19:41 . 1999-05-06 13:22 27632 ----a-w- c:\windows\SysWow64\CTL3DV2.DLL
2012-02-06 19:41 . 1997-10-14 04:19 11776 ----a-w- c:\windows\SysWow64\pmsbfn32.dll
2012-02-06 19:39 . 2012-02-06 19:41 -------- d-----w- c:\program files (x86)\Common Files\PDFView
2012-02-06 19:37 . 2012-02-06 19:37 -------- d-----w- c:\programdata\InstallShield
2012-02-06 19:37 . 2012-02-06 19:37 -------- d-----w- c:\users\Petr\AppData\Roaming\ScanSoft
2012-02-06 19:37 . 2012-02-08 19:29 -------- d-----w- c:\programdata\ScanSoft
2012-02-06 19:35 . 1995-07-31 12:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2012-02-06 19:34 . 2012-02-08 19:27 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-02-06 19:34 . 2012-02-06 19:34 -------- d-----w- c:\program files\Common Files\CANON
2012-02-06 19:31 . 2012-02-06 19:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-02-06 19:31 . 2012-02-06 19:31 -------- d--h--w- c:\program files\CanonBJ
2012-02-06 18:40 . 2012-02-06 18:40 -------- d-----w- c:\program files (x86)\MSECache
2012-02-03 16:35 . 2012-02-03 16:36 -------- d-----w- c:\program files (x86)\Farming Simulator 2011
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 15:44 . 2011-12-20 19:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-02-15 12:28 . 2011-12-17 20:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 12:12 . 2011-12-21 15:22 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-02-15 12:12 . 2011-12-20 19:59 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-05 09:26 . 2011-12-26 10:50 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-29 04:10 . 2011-11-25 10:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-29 18:00 . 2012-01-01 16:05 92160 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-26 12:16 . 2011-12-26 12:16 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-26 12:16 . 2011-12-26 12:16 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-26 12:16 . 2011-12-26 12:16 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-26 12:16 . 2011-12-26 12:16 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-11-25 10:56 . 2011-11-25 10:56 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 15:39 . 2011-11-22 20:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 12:50 . 2011-11-23 12:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-23 12:50 . 2011-11-23 12:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-23 12:50 . 2011-11-23 12:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-23 12:50 . 2011-11-23 12:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-23 12:50 . 2011-11-23 12:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-23 12:50 . 2011-11-23 12:50 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-23 12:50 . 2011-11-23 12:50 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-23 12:50 . 2011-11-23 12:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-23 12:50 . 2011-11-23 12:50 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-23 12:50 . 2011-11-23 12:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-23 12:50 . 2011-11-23 12:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-23 12:50 . 2011-11-23 12:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-23 12:50 . 2011-11-23 12:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-23 12:50 . 2011-11-23 12:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-23 12:50 . 2011-11-23 12:50 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-23 12:50 . 2011-11-23 12:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-23 12:50 . 2011-11-23 12:50 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-23 12:50 . 2011-11-23 12:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-23 12:50 . 2011-11-23 12:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-23 12:50 . 2011-11-23 12:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-11-23 12:50 . 2011-11-23 12:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-23 12:50 . 2011-11-23 12:50 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-23 12:50 . 2011-11-23 12:50 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-23 12:50 . 2011-11-23 12:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-23 12:50 . 2011-11-23 12:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-23 12:50 . 2011-11-23 12:50 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-11-23 12:50 . 2011-11-23 12:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-23 12:50 . 2011-11-23 12:50 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-23 12:50 . 2011-11-23 12:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-23 12:50 . 2011-11-23 12:50 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-23 12:50 . 2011-11-23 12:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-23 12:50 . 2011-11-23 12:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-23 12:50 . 2011-11-23 12:50 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-23 12:50 . 2011-11-23 12:50 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-23 12:50 . 2011-11-23 12:50 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-23 12:50 . 2011-11-23 12:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-23 12:50 . 2011-11-23 12:50 448512 ----a-w- c:\windows\system32\html.iec
2011-11-23 12:50 . 2011-11-23 12:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-23 12:50 . 2011-11-23 12:50 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-23 12:50 . 2011-11-23 12:50 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-23 12:50 . 2011-11-23 12:50 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-23 12:50 . 2011-11-23 12:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-23 12:49 . 2011-11-23 12:49 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-11-23 12:49 . 2011-11-23 12:49 4068864 ----a-w- c:\windows\system32\mf.dll
2011-11-23 12:49 . 2011-11-23 12:49 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-11-23 12:49 . 2011-11-23 12:49 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-11-23 12:49 . 2011-11-23 12:49 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-11-23 12:49 . 2011-11-23 12:49 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-11-23 12:49 . 2011-11-23 12:49 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-11-23 12:49 . 2011-11-23 12:49 206848 ----a-w- c:\windows\system32\mfps.dll
2011-11-23 12:49 . 2011-11-23 12:49 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-11-23 12:49 . 2011-11-23 12:49 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-11-23 12:49 . 2011-11-23 12:49 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-11-23 12:49 . 2011-11-23 12:49 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-11-23 12:49 . 2011-11-23 12:49 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-11-23 12:49 . 2011-11-23 12:49 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-11-23 12:49 . 2011-11-23 12:49 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-11-22 20:18 . 2011-11-22 20:19 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2011-12-4 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\kq4n6r5i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
.
**************************************************************************
.
Celkový čas: 2012-02-19 20:44:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-19 19:44
.
Před spuštěním: Volných bajtů: 1 577 622 728 704
Po spuštění: Volných bajtů: 1 577 322 573 824
.
- - End Of File - - 5CEDD3399B02890D9DE776CB173A3A4A

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  
  DDS::
  uStart Page = hxxp://start.facemoods.com/?a=ddrnw
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 12-02-19.02 - Petr 20.02.2012 18:29:34.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.0.1250.420.1029.18.4095.3066 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-20 do 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 17:33 . 2012-02-20 17:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-20 17:33 . 2012-02-20 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 14:33 . 2012-02-19 14:33 -------- d-----w- C:\rsit
2012-02-19 14:33 . 2012-02-19 14:33 -------- d-----w- c:\program files\trend micro
2012-02-15 12:28 . 2012-02-15 12:28 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-15 12:28 . 2012-02-15 12:28 -------- d-----w- c:\program files (x86)\Java
2012-02-10 19:05 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CD32409-EBD0-4494-8294-14A85C05527F}\mpengine.dll
2012-02-08 19:29 . 2012-02-08 19:29 -------- d-----w- c:\windows\system32\appmgmt
2012-02-06 19:47 . 2012-02-08 19:24 -------- d-----w- c:\users\Petr\AppData\Roaming\NewSoft
2012-02-06 19:47 . 2012-02-06 19:47 -------- d-----w- c:\users\Petr\AppData\Local\NewSoft
2012-02-06 19:43 . 2001-08-23 17:58 1359872 ----a-w- c:\windows\SysWow64\ippsa611.dll
2012-02-06 19:43 . 2001-08-23 17:58 151552 ----a-w- c:\windows\SysWow64\ippja611.dll
2012-02-06 19:43 . 2001-08-23 17:58 462848 ----a-w- c:\windows\SysWow64\ippcva611.dll
2012-02-06 19:43 . 2001-08-23 17:58 77824 ----a-w- c:\windows\SysWow64\ippsr11.dll
2012-02-06 19:43 . 2001-08-23 17:58 184320 ----a-w- c:\windows\SysWow64\ippsra611.dll
2012-02-06 19:43 . 2001-08-23 17:58 176128 ----a-w- c:\windows\SysWow64\ipps11.dll
2012-02-06 19:43 . 2001-08-23 17:58 65536 ----a-w- c:\windows\SysWow64\ippj11.dll
2012-02-06 19:43 . 2001-08-23 17:58 2428928 ----a-w- c:\windows\SysWow64\ippia611.dll
2012-02-06 19:43 . 2001-08-23 17:58 225280 ----a-w- c:\windows\SysWow64\ippi11.dll
2012-02-06 19:43 . 2001-08-23 17:58 94208 ----a-w- c:\windows\SysWow64\ippcv11.dll
2012-02-06 19:43 . 2001-03-10 16:56 40960 ----a-w- c:\windows\SysWow64\IPPCPUID.DLL
2012-02-06 19:43 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-02-06 19:41 . 1999-05-06 13:22 27632 ----a-w- c:\windows\SysWow64\CTL3DV2.DLL
2012-02-06 19:41 . 1997-10-14 04:19 11776 ----a-w- c:\windows\SysWow64\pmsbfn32.dll
2012-02-06 19:39 . 2012-02-06 19:41 -------- d-----w- c:\program files (x86)\Common Files\PDFView
2012-02-06 19:37 . 2012-02-06 19:37 -------- d-----w- c:\programdata\InstallShield
2012-02-06 19:37 . 2012-02-06 19:37 -------- d-----w- c:\users\Petr\AppData\Roaming\ScanSoft
2012-02-06 19:37 . 2012-02-08 19:29 -------- d-----w- c:\programdata\ScanSoft
2012-02-06 19:35 . 1995-07-31 12:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2012-02-06 19:34 . 2012-02-08 19:27 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-02-06 19:34 . 2012-02-06 19:34 -------- d-----w- c:\program files\Common Files\CANON
2012-02-06 19:31 . 2012-02-06 19:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-02-06 19:31 . 2012-02-06 19:31 -------- d--h--w- c:\program files\CanonBJ
2012-02-06 18:40 . 2012-02-06 18:40 -------- d-----w- c:\program files (x86)\MSECache
2012-02-03 16:35 . 2012-02-03 16:36 -------- d-----w- c:\program files (x86)\Farming Simulator 2011
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 15:44 . 2011-12-20 19:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-02-15 12:28 . 2011-12-17 20:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 12:12 . 2011-12-21 15:22 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-02-15 12:12 . 2011-12-20 19:59 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-05 09:26 . 2011-12-26 10:50 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-29 04:10 . 2011-11-25 10:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-29 18:00 . 2012-01-01 16:05 92160 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-26 12:16 . 2011-12-26 12:16 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-26 12:16 . 2011-12-26 12:16 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-26 12:16 . 2011-12-26 12:16 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-26 12:16 . 2011-12-26 12:16 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-11-25 10:56 . 2011-11-25 10:56 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 15:39 . 2011-11-22 20:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 12:50 . 2011-11-23 12:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-23 12:50 . 2011-11-23 12:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-23 12:50 . 2011-11-23 12:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-23 12:50 . 2011-11-23 12:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-23 12:50 . 2011-11-23 12:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-23 12:50 . 2011-11-23 12:50 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-23 12:50 . 2011-11-23 12:50 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-23 12:50 . 2011-11-23 12:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-23 12:50 . 2011-11-23 12:50 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-23 12:50 . 2011-11-23 12:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-23 12:50 . 2011-11-23 12:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-23 12:50 . 2011-11-23 12:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-23 12:50 . 2011-11-23 12:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-23 12:50 . 2011-11-23 12:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-23 12:50 . 2011-11-23 12:50 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-23 12:50 . 2011-11-23 12:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-23 12:50 . 2011-11-23 12:50 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-23 12:50 . 2011-11-23 12:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-23 12:50 . 2011-11-23 12:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-23 12:50 . 2011-11-23 12:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-11-23 12:50 . 2011-11-23 12:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-23 12:50 . 2011-11-23 12:50 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-23 12:50 . 2011-11-23 12:50 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-23 12:50 . 2011-11-23 12:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-23 12:50 . 2011-11-23 12:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-23 12:50 . 2011-11-23 12:50 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-11-23 12:50 . 2011-11-23 12:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-23 12:50 . 2011-11-23 12:50 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-23 12:50 . 2011-11-23 12:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-23 12:50 . 2011-11-23 12:50 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-23 12:50 . 2011-11-23 12:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-23 12:50 . 2011-11-23 12:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-23 12:50 . 2011-11-23 12:50 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-23 12:50 . 2011-11-23 12:50 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-23 12:50 . 2011-11-23 12:50 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-23 12:50 . 2011-11-23 12:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-23 12:50 . 2011-11-23 12:50 448512 ----a-w- c:\windows\system32\html.iec
2011-11-23 12:50 . 2011-11-23 12:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-23 12:50 . 2011-11-23 12:50 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-23 12:50 . 2011-11-23 12:50 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-23 12:50 . 2011-11-23 12:50 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-23 12:50 . 2011-11-23 12:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-23 12:49 . 2011-11-23 12:49 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-11-23 12:49 . 2011-11-23 12:49 4068864 ----a-w- c:\windows\system32\mf.dll
2011-11-23 12:49 . 2011-11-23 12:49 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-11-23 12:49 . 2011-11-23 12:49 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-11-23 12:49 . 2011-11-23 12:49 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-11-23 12:49 . 2011-11-23 12:49 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-11-23 12:49 . 2011-11-23 12:49 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-11-23 12:49 . 2011-11-23 12:49 206848 ----a-w- c:\windows\system32\mfps.dll
2011-11-23 12:49 . 2011-11-23 12:49 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-11-23 12:49 . 2011-11-23 12:49 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-11-23 12:49 . 2011-11-23 12:49 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-11-23 12:49 . 2011-11-23 12:49 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-11-23 12:49 . 2011-11-23 12:49 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-11-23 12:49 . 2011-11-23 12:49 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-11-23 12:49 . 2011-11-23 12:49 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-11-22 20:18 . 2011-11-22 20:19 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-19_19.42.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-23 15:03 . 2012-02-20 17:13 11527 c:\windows\SysWOW64\config\systemprofile\AppData\Local\ESET\ESET Smart Security\Antispam\scdns.bin
+ 2011-11-22 19:51 . 2012-02-20 12:57 23224 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-20 12:57 37436 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-02-19 19:54 73256 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-22 19:51 . 2012-02-20 12:57 7810 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2097474747-2032468768-287828109-1000_UserData.bin
- 2012-02-19 19:41 . 2012-02-19 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-20 17:34 . 2012-02-20 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-19 19:41 . 2012-02-19 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-20 17:34 . 2012-02-20 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-02-19 19:40 390348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-20 17:33 390348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-23 14:33 . 2012-02-20 17:33 19888096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097474747-2032468768-287828109-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2011-12-4 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\kq4n6r5i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
.
**************************************************************************
.
Celkový čas: 2012-02-20 18:37:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-20 17:37
ComboFix2.txt 2012-02-19 19:44
.
Před spuštěním: Volných bajtů: 1 577 475 203 072
Po spuštění: Volných bajtů: 1 577 157 169 152
.
- - End Of File - - B03299C89FA7050C3A58A181B9C5583F

Jak se chova PC

Zdá se mi, že podstatně lépe. Mám ještě jednu prosbu, můžu sem přidat log z mého notebooku, před časem jsem jej projel ccleanerem a on je od té doby nějaký dost zpomalený. Jinak díky moc za rady a pomoc.

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Na ntb zalozte nove tema, at se nam to neplete

Udělal jsem vše, podle Vašich rad, kterých si moc vážím a ještě jednou díky. Samozřejmě na ntb založím nové téma.

Zdravím ještě jednou, mám problém s nainstalováním SP1. Po přípravě počítače se mi vždy objeví: V instalaci aktualizace Servis Pack nelze pokračovat. Chybí některé systémové součásti, které vyžaduje tato aktualizace Servis Pack. Další informace získáte kliknutím, na následující odkaz. Poraďte, kde je chyba? Předem děkuji

Po kliknuti na ten odkaz se k nicemu kloudnemu nedostanete? Pripadne kontaktujte technickou podporu microsoftu