VIRY.CZ

Dobrý den,

prosím o pomoc. Na jednom PC se mi nedaří načíst vlastní webové stránky a taktéž firemní. Obě jsou umístěny na serveru pipni.cz.
Zkoušel jsem další PC připojit na stejný router a vše načte bez problémů. Oba PC jsou WIN 7 64bit. Problém je stejný ve všech webových prohlížečích.
Přikládám log, pokud bude ještě něco doplnit, doplním.

Zkoušel jsem, dle návodů z podobných vláken, vymazat nedávnou historii, ccleaner, i combofix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:06, on 18.4.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAC8SWK.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-3974852013-3889441146-2567708837-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3974852013-3889441146-2567708837-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: nsa210_nsa210.lnk = C:\nsa210_nsa210.bat
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11886 bytes

Zdravim a pekny den preji

No tak tu reklamu na web hosting smaznem

A pravidla fora jste si prosil racil cisti

omlouvám se, jenom jsem chtěl sdělit zjištění, že problém je jen na tomto hostingu, co jsem vypozoroval. Jak jsem uvedl (vlastní a firemní stránky)

A co pravidla fora - RSIT, ComboFix atd...to jste nejak necetl ze

Takze dejte log z RSIT

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Dejte log z ComboFix

to je pravda, nečetl jsem, pouze jsem prochízel staré vlákna. Toto nebezpečí mi vůbec nedošlo. Log mám ale schovaný, tak snad bude použitelný.

RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal at 2012-04-18 18:42:44
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 122 GB (57%) free of 214 GB
Total RAM: 16364 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:42:46, on 18.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAC8SWK.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Michal\Desktop\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\trend micro\Michal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-3974852013-3889441146-2567708837-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3974852013-3889441146-2567708837-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: nsa210_nsa210.lnk = C:\nsa210_nsa210.bat
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11750 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe"
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
/QuitInfo:0000000000000508;000000000000050C; /AddRef;
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
C:\Windows\SysWOW64\nlssrv32.exe
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3bf21839-42fa-4935-8eeb-c96f59c95a01 -SystemEventPortName:HostProcess-8130a83e-0416-45ad-b8e3-d1f36e80ba91 -IoCancelEventPortName:HostProcess-0ad0b334-ce25-4e6f-9e65-7ccf2768c2b3 -NonStateChangingEventPortName:HostProcess-0a912d00-68ce-4276-8b18-d7251b055cba -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:703eb849-a5c9-44eb-ba9c-b98f9c0b3445
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"taskhost.exe"
taskeng.exe {CDCA3D24-C2EC-4C7C-9FEE-B1DC166BA0B2}
/QuitInfo:0000000000000828;0000000000000A1C; /AddRef;
/QuitInfo:000000000000043C;0000000000000A10;
/loadhooks /Parent:0000000000000344
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe"
"C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
"C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe"
C:\Windows\system32\spool\DRIVERS\x64\3\CNAC8SWK.EXE !hide Canon LBP5050
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
"C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\totalcmd\TOTALCMD64.EXE"
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5704.beab5d0.1709861822 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 5704 "\\.\pipe\gecko-crash-server-pipe.5704" plugin
"C:\Users\Michal\Desktop\HijackThis.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Michal\Desktop\hijackthis.log
"C:\Windows\system32\NOTEPAD.EXE" C:\ComboFix.txt
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
"C:\Users\Michal\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3974852013-3889441146-2567708837-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3974852013-3889441146-2567708837-1000UA.job
C:\Windows\tasks\HPCeeScheduleForMichal.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\9eqr59oe.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.233 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files (x86)\TabletPlugins\npwacom.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.233 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
websitelogon@truesuite.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.CZE
nppdf32.dll
nppdf32.HRV
nppdf32.HUN
nppdf32.POL
nppdf32.SKY
nppdf32.SLV
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]
TrueSuite Website Log On - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09 1747272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]
TrueSuite Website Log On - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09 1598792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-04-17 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15 340384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-06-24 1128448]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16 497648]
"CNAP2 Launcher"=C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [2007-09-06 406944]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-03-07 4785536]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"=C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [2010-02-11 710656]
"BATINDICATOR"=C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2009-05-09 2068992]
"LaunchHPOSIAPP"=C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [2009-04-04 385024]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2011-05-06 658424]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2010-11-15 36760]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2010-11-15 821144]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Spyder3Utility.lnk - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe

C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
nsa210_nsa210.lnk - C:\nsa210_nsa210.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-11-12 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-04-18 18:42:44 ----D---- C:\rsit
2012-04-18 18:42:44 ----D---- C:\Program Files\trend micro
2012-04-18 18:04:31 ----D---- C:\Windows\temp
2012-04-18 18:04:29 ----A---- C:\ComboFix.txt
2012-04-18 18:02:44 ----D---- C:\$RECYCLE.BIN
2012-04-18 17:00:01 ----A---- C:\Windows\zip.exe
2012-04-18 17:00:01 ----A---- C:\Windows\SWSC.exe
2012-04-18 17:00:01 ----A---- C:\Windows\SWREG.exe
2012-04-18 17:00:01 ----A---- C:\Windows\sed.exe
2012-04-18 17:00:01 ----A---- C:\Windows\PEV.exe
2012-04-18 17:00:01 ----A---- C:\Windows\NIRCMD.exe
2012-04-18 17:00:01 ----A---- C:\Windows\MBR.exe
2012-04-18 17:00:01 ----A---- C:\Windows\grep.exe
2012-04-18 16:59:56 ----D---- C:\Windows\ERDNT
2012-04-18 16:58:02 ----D---- C:\Qoobox
2012-04-17 21:59:20 ----D---- C:\Users\Michal\AppData\Roaming\SUPERAntiSpyware.com
2012-04-17 21:59:02 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-04-17 21:59:02 ----D---- C:\Program Files\SUPERAntiSpyware
2012-04-17 17:54:11 ----A---- C:\Windows\ntbtlog.txt
2012-04-17 17:35:20 ----A---- C:\Windows\SYSWOW64\npdeployJava1.dll
2012-04-16 17:33:48 ----D---- C:\Users\Michal\AppData\Roaming\Malwarebytes
2012-04-16 17:33:43 ----D---- C:\ProgramData\Malwarebytes
2012-04-16 17:10:28 ----A---- C:\Windows\system32\easyupdatusapiu64.dll
2012-04-15 22:27:11 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-04-12 03:02:28 ----A---- C:\Windows\SYSWOW64\url.dll
2012-04-12 03:02:28 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-04-12 03:02:28 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-04-12 03:02:28 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-04-12 03:02:28 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-04-12 03:02:28 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-04-12 03:02:28 ----A---- C:\Windows\system32\url.dll
2012-04-12 03:02:28 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-12 03:02:28 ----A---- C:\Windows\system32\jscript9.dll
2012-04-12 03:02:28 ----A---- C:\Windows\system32\ieui.dll
2012-04-12 03:02:28 ----A---- C:\Windows\system32\iertutil.dll
2012-04-12 03:02:27 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-04-12 03:02:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-04-12 03:02:27 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-04-12 03:02:27 ----A---- C:\Windows\system32\wininet.dll
2012-04-12 03:02:27 ----A---- C:\Windows\system32\urlmon.dll
2012-04-12 03:02:27 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-12 03:02:27 ----A---- C:\Windows\system32\jscript.dll
2012-04-12 03:02:26 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-04-12 03:02:26 ----A---- C:\Windows\system32\mshtml.dll
2012-04-12 03:02:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-04-12 03:02:25 ----A---- C:\Windows\system32\ieframe.dll
2012-04-12 03:02:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-12 03:02:17 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-04-12 03:02:16 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-04-12 03:00:33 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-04-12 03:00:33 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-12 03:00:33 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 03:00:32 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-04-12 03:00:32 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-04-12 03:00:32 ----A---- C:\Windows\system32\wmi.dll
2012-04-12 03:00:32 ----A---- C:\Windows\system32\wintrust.dll
2012-03-29 17:03:30 ----D---- C:\Program Files (x86)\Artisteer 3
2012-03-25 10:02:29 ----D---- C:\Program Files (x86)\MSECache
2012-03-25 08:30:50 ----D---- C:\Users\Michal\AppData\Roaming\FileZilla
2012-03-25 08:30:47 ----D---- C:\Program Files (x86)\FileZilla FTP Client

======List of files/folders modified in the last 1 month======

2012-04-18 18:42:46 ----D---- C:\Windows\Prefetch
2012-04-18 18:42:44 ----RD---- C:\Program Files
2012-04-18 18:04:31 ----D---- C:\Windows\system32\drivers
2012-04-18 18:04:31 ----AD---- C:\Windows
2012-04-18 18:02:46 ----A---- C:\Windows\system.ini
2012-04-18 18:02:43 ----D---- C:\Windows\system32\drivers\etc
2012-04-18 17:56:18 ----D---- C:\Windows\system32\config
2012-04-18 17:13:50 ----D---- C:\Windows\System32
2012-04-18 17:13:50 ----D---- C:\Windows\inf
2012-04-18 17:13:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-18 17:11:54 ----A---- C:\Windows\SYSWOW64\log.txt
2012-04-18 17:09:51 ----D---- C:\ProgramData\PDFC
2012-04-18 17:09:34 ----D---- C:\ProgramData\NVIDIA
2012-04-18 17:04:49 ----D---- C:\Windows\SYSWOW64\drivers
2012-04-18 17:04:49 ----D---- C:\Windows\SysWOW64
2012-04-18 17:04:49 ----D---- C:\Windows\AppPatch
2012-04-18 17:04:47 ----D---- C:\Program Files\Common Files
2012-04-18 17:04:47 ----D---- C:\Program Files (x86)\Common Files
2012-04-18 06:29:18 ----D---- C:\ProgramData\truesuite
2012-04-17 22:07:44 ----D---- C:\ProgramData
2012-04-17 19:34:12 ----D---- C:\Windows\system32\wbem
2012-04-17 19:33:32 ----D---- C:\Program Files\CCleaner
2012-04-17 19:33:32 ----D---- C:\Program Files (x86)\RocketDock
2012-04-17 19:33:32 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-04-17 19:33:32 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-17 19:33:31 ----SD---- C:\ProgramData\Microsoft
2012-04-17 19:33:31 ----D---- C:\ProgramData\Hewlett-Packard
2012-04-17 19:33:31 ----D---- C:\ProgramData\Downloaded Installations
2012-04-17 19:33:31 ----D---- C:\ProgramData\CyberLink
2012-04-17 19:33:31 ----D---- C:\ProgramData\Avid
2012-04-17 19:33:31 ----D---- C:\ProgramData\Apple Computer
2012-04-17 19:33:31 ----D---- C:\ProgramData\Apple
2012-04-17 19:33:31 ----D---- C:\Program Files\NVIDIA Corporation
2012-04-17 19:33:31 ----D---- C:\Program Files\Internet Explorer
2012-04-17 19:33:30 ----HDC---- C:\ProgramData\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}
2012-04-17 19:33:30 ----D---- C:\Windows\AppCompat
2012-04-17 19:33:30 ----D---- C:\Users\Michal\AppData\Roaming\GHISLER
2012-04-17 19:33:30 ----D---- C:\ProgramData\WildTangent
2012-04-17 19:33:30 ----D---- C:\ProgramData\Temp
2012-04-17 19:33:30 ----D---- C:\ProgramData\Pinnacle
2012-04-17 19:33:30 ----D---- C:\ProgramData\Norton
2012-04-17 19:33:30 ----D---- C:\ProgramData\Nik Software
2012-04-17 19:33:30 ----D---- C:\ProgramData\Nero
2012-04-17 19:33:30 ----D---- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2012-04-17 19:33:30 ----D---- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-04-17 19:33:29 ----SHD---- C:\Windows\Installer
2012-04-17 19:33:28 ----D---- C:\Windows\winsxs
2012-04-17 19:33:28 ----D---- C:\Windows\Tasks
2012-04-17 19:33:28 ----D---- C:\Windows\SYSWOW64\migration
2012-04-17 19:33:28 ----D---- C:\Windows\system32\Tasks
2012-04-17 19:33:28 ----D---- C:\Windows\system32\NDF
2012-04-17 19:33:28 ----D---- C:\Windows\system32\migration
2012-04-17 19:33:28 ----D---- C:\Windows\system32\Macromed
2012-04-17 19:33:28 ----D---- C:\Windows\system32\DriverStore
2012-04-17 19:33:28 ----D---- C:\Windows\system32\CodeIntegrity
2012-04-17 19:33:28 ----D---- C:\Windows\system32\catroot2
2012-04-17 19:33:28 ----D---- C:\Windows\registration
2012-04-17 18:26:07 ----SHD---- C:\System Volume Information
2012-04-17 18:01:46 ----RD---- C:\Users
2012-04-17 17:35:13 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-04-17 17:35:13 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-04-17 17:35:13 ----A---- C:\Windows\SYSWOW64\java.exe
2012-04-17 17:35:13 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-04-17 17:35:11 ----D---- C:\Program Files (x86)\Java
2012-04-16 22:05:03 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2012-04-16 21:43:09 ----RD---- C:\Program Files (x86)
2012-04-16 17:10:39 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-04-15 21:49:13 ----D---- C:\Users\Michal\AppData\Roaming\Media Player Classic
2012-04-15 21:49:13 ----D---- C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
2012-04-15 21:45:14 ----D---- C:\Windows\Logs
2012-04-15 21:45:14 ----D---- C:\Windows\debug
2012-04-15 15:18:47 ----D---- C:\Users\Michal\AppData\Roaming\GoodSync
2012-04-12 03:29:29 ----D---- C:\Windows\Microsoft.NET
2012-04-12 03:29:17 ----RSD---- C:\Windows\assembly
2012-04-12 03:22:12 ----D---- C:\Windows\system32\wdi
2012-04-12 03:02:36 ----D---- C:\Windows\system32\catroot
2012-04-12 03:00:46 ----A---- C:\Windows\system32\MRT.exe
2012-03-28 22:11:21 ----D---- C:\Program Files (x86)\FreeRapid-0.86u1
2012-03-27 18:49:00 ----A---- C:\Users\Michal\AppData\Roaming\MICHAL-HP.MTBF.txt
2012-03-27 17:46:47 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-03-25 10:02:38 ----D---- C:\Program Files (x86)\Microsoft Office
2012-03-22 23:14:09 ----D---- C:\Users\Michal\AppData\Roaming\Uschovna
2012-03-22 23:14:09 ----D---- C:\Program Files (x86)\Uschovna.cz

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iaStor.sys [2011-04-26 557848]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-23 283200]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
R3 Spyder3;Datacolor Spyder3; C:\Windows\system32\DRIVERS\Spyder3.sys [2010-03-30 15360]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2011-06-10 528384]
R3 tihub3;TI USB3 Hub Service; C:\Windows\system32\drivers\tihub3.sys [2011-04-21 131656]
R3 tixhci;TI XHCI Service; C:\Windows\system32\drivers\tixhci.sys [2011-04-21 399944]
R3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2011-03-17 13312]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2011-03-17 12848]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2011-03-17 16168]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 OxPPort;OxPPort; C:\Windows\system32\drivers\OxPPort.sys [2008-07-31 98304]
S3 OxSer;OxSer; C:\Windows\system32\drivers\OxSer.sys [2009-09-16 98352]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pmxdrv;pmxdrv; \??\C:\Windows\system32\drivers\pmxdrv.sys [2011-11-12 31152]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-12 140672]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 FPLService;TrueSuiteService; C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe [2011-03-30 66560]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-08-05 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-05 2214504]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2011-06-24 302592]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
R2 TabletServiceWacom;TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-18 1030600]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-03-28 799800]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

log combofix:

ComboFix 12-04-18.01 - Michal 18.04.2012 17:01:16.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.16364.14368 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-18 do 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 15:08 . 2012-04-18 15:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-18 15:08 . 2012-04-18 15:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 19:59 . 2012-04-17 19:59 -------- d-----w- c:\users\Michal\AppData\Roaming\SUPERAntiSpyware.com
2012-04-17 19:59 . 2012-04-17 20:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-17 19:59 . 2012-04-17 19:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-17 16:01 . 2012-04-17 17:33 -------- d-----w- c:\users\pokus
2012-04-17 15:35 . 2012-04-17 15:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-17 15:35 . 2012-04-17 15:35 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-17 15:10 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62020A67-37F1-4F7B-A0F1-7C561F93CA3C}\mpengine.dll
2012-04-16 19:41 . 2012-04-16 19:43 -------- d-----w- c:\users\Michal\AppData\Local\Google
2012-04-16 15:33 . 2012-04-16 15:33 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2012-04-16 15:33 . 2012-04-16 15:33 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 15:10 . 2011-08-04 22:03 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2012-04-15 20:27 . 2012-04-17 16:23 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 01:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 01:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 01:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 01:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 01:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 01:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 01:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-29 15:03 . 2012-03-29 15:03 -------- d-----w- c:\program files (x86)\Artisteer 3
2012-03-25 11:18 . 2011-06-09 13:32 1658880 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2012-03-25 08:02 . 2012-03-25 08:02 -------- d-----w- c:\program files (x86)\MSECache
2012-03-25 06:30 . 2012-04-15 19:49 -------- d-----w- c:\users\Michal\AppData\Roaming\FileZilla
2012-03-25 06:30 . 2012-03-25 06:30 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-03-24 08:59 . 2012-03-13 04:36 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-24 08:59 . 2012-03-13 04:36 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 16:23 . 2011-11-12 08:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-17 15:35 . 2011-12-05 20:18 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-26 20:53 . 2012-02-26 20:53 58664 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{67330878-0617-41A9-A3B0-B5298E89E7BC}\ARPPRODUCTICON.exe
2012-02-23 21:05 . 2012-02-23 21:05 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 16:06 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 16:06 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 16:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 16:06 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:00 . 2012-02-18 15:47 79360 ------w- c:\windows\SysWow64\ff_vfw.dll
2012-02-12 10:47 . 2011-12-10 17:06 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-10 06:36 . 2012-03-14 18:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 18:11 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 04:13 . 2012-02-26 11:37 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-02-10 04:13 . 2012-02-26 11:37 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-02-10 04:13 . 2012-02-26 11:37 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-26 11:37 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-26 11:37 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-02-10 04:13 . 2012-02-26 11:37 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-02-10 04:13 . 2012-02-26 11:37 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-02-26 11:37 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 03:05 . 2012-02-26 11:37 2497985 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-09 19:05 . 2012-02-09 19:05 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-03 04:34 . 2012-03-14 18:11 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-30 16:06 . 2012-01-30 16:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-01-30 16:06 . 2012-01-30 16:06 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-25 06:38 . 2012-03-14 16:05 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 16:05 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 16:05 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-09 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-11-15 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-11-15 821144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nsa210_nsa210.lnk - C:\nsa210_nsa210.bat [2011-12-5 105]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-6-4 7667970]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-18 1030600]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys [x]
R3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-03-29 66560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-04 2214504]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 16:23]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3974852013-3889441146-2567708837-1000Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 19:41]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3974852013-3889441146-2567708837-1000UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 19:41]
.
2012-04-17 c:\windows\Tasks\HPCeeScheduleForMichal.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com?pc=CMDTDF
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com?pc=CMDTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.2.1 10.1.1.1
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\9eqr59oe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
c:\windows\system32\spool\DRIVERS\x64\3\CNAC8SWK.EXE
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
.
**************************************************************************
.
Celkový čas: 2012-04-18 18:04:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-18 16:04
.
Před spuštěním: Volných bajtů: 129 901 174 784
Po spuštění: Volných bajtů: 127 515 201 536
.
- - End Of File - - 13627506F211C83336EF0DBED537615B

Jeste poprosim o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Predpokladam ze na ten ESET Smart Security mate zakoupenou licenci

tady to nebude o tom něco zamlčovat, takže přiznávám licenci na eset zakoupenou nemám.

info.txt logfile of random's system information tool 1.09 2012-04-18 18:42:47

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Gun Bros\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{4EAE665D-957A-4D04-9679-3AD582008877}
Adobe Acrobat X Pro - Eastern European (Group 1)-->MsiExec.exe /I{AC76BA86-1029-4770-7760-000000000005}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Creative Suite 5 Master Collection-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}"
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}
Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe -maintain plugin
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Agatha Christie - Peril at End House-->"C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\uninstall\uninstaller.exe"
Akeeba eXtract Wizard 3.2-->"C:\Program Files (x86)\Akeeba\unins000.exe"
Aktualizace NVIDIA 1.3.6-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Update
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Artisteer 3-->"C:\Program Files (x86)\Artisteer 3\bin\Uninstall.exe"
AuthenTec TrueAPI-->MsiExec.exe /X{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}
AutoCAD 2010 - česky-->C:\Program Files\AutoCAD 2010\Setup\Setup.exe /P {5783F2D7-8001-0405-0102-0060B0CE6BBA} /M ACAD /language cs-CZ
AutoCAD 2010 - česky-->C:\Program Files\AutoCAD 2010\Setup\Setup.exe /P {5783F2D7-8001-0405-0102-0060B0CE6BBA} /M ACAD /language cs-CZ
Avid Studio Plugins-->MsiExec.exe /I{6A519E1D-44B8-4DC9-BC30-552C68D41C01}
Avid Studio-->MsiExec.exe /I{B35DC076-CEF2-4631-9EF7-45380E27C841}
Bejeweled 3-->"C:\Program Files (x86)\HP Games\Bejeweled 3\uninstall\uninstaller.exe"
Blackhawk Striker 2-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\uninstall\uninstaller.exe"
Blasterball 3-->"C:\Program Files (x86)\HP Games\Blasterball 3\uninstall\uninstaller.exe"
Bounce Symphony-->"C:\Program Files (x86)\HP Games\Bounce Symphony\uninstall\uninstaller.exe"
Cake Mania-->"C:\Program Files (x86)\HP Games\Cake Mania\uninstall\uninstaller.exe"
Canon LBP5050-->C:\Program Files\Canon\PrnUninstall\Canon LBP5050\CNAC8UND.EXE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Color Efex Pro 3.0 Complete-->C:\Program Files\Nik Software\Color Efex Pro 3.0 Complete for Lightroom\Uninstall.exe
Corel Shell Extension - 64Bit-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF011}
CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}
CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}
CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}
CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}
CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}
CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}
CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}
CorelDRAW Graphics Suite X4 - Lang CZ-->MsiExec.exe /I{FFFE7261-2318-4227-B827-E9E05E16DFE5}
CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}
CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}
CorelDRAW Graphics Suite X4-->MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73}
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\Uninst.exe
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}
CorelDRAW(R) Graphics Suite X4-->C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp
Cradle of Rome 2-->"C:\Program Files (x86)\HP Games\Cradle of Rome 2\uninstall\uninstaller.exe"
Creative Pack Volume 3 - Kids-->MsiExec.exe /I{7F2D1105-70ED-4379-8772-3F06E1D23F5A}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Farm Frenzy-->"C:\Program Files (x86)\HP Games\Farm Frenzy\uninstall\uninstaller.exe"
FATE-->"C:\Program Files (x86)\HP Games\FATE\uninstall\uninstaller.exe"
FileZilla Client 3.5.3-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Final Drive: Nitro-->"C:\Program Files (x86)\HP Games\Final Drive Nitro\uninstall\uninstaller.exe"
GoodSync-->"C:\Program Files\GoodSync\uninstall.exe"
Governor of Poker 2 Premium Edition-->"C:\Program Files (x86)\HP Games\Governor of Poker 2 Premium Edition\uninstall\uninstaller.exe"
HDR Efex Pro-->C:\Program Files\Nik Software\HDR Efex Pro\Uninstall HDR Efex Pro.exe
Hewlett-Packard ACLM.NET v1.1.2.0-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
HijackThis 2.0.2-->"C:\Users\Michal\Desktop\HijackThis.exe" /uninstall
HP Auto-->MsiExec.exe /I{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}
HP Client Services-->MsiExec.exe /I{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}
HP Connect Solutions-->MsiExec.exe /X{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Desktop Keyboard-->"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\unins000.exe"
HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
HP MAINSTREAM KEYBOARD-->C:\Program Files (x86)\InstallShield Installation Information\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}\setup.exe -runfromtemp -l0x0009 -removeonly
HP Remote Solution-->"C:\ProgramData\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}\HP_Remote_Solution_Install.exe" REMOVE=TRUE MODIFY=FALSE
HP Remote Solution-->C:\ProgramData\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}\HP_Remote_Solution_Install.exe
HP Setup Manager-->MsiExec.exe /I{AE856388-AFAD-4753-81DF-D96B19D0A17C}
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}\setup.exe" -l0x9 -removeonly
HP SimplePass PE 2011-->MsiExec.exe /X{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Vision Hardware Diagnostics-->MsiExec.exe /X{D79A02E9-6713-4335-9668-AAC7474C0C0E}
Chronicles of Albian-->"C:\Program Files (x86)\HP Games\Chronicles of Albian\uninstall\uninstaller.exe"
Chuzzle Deluxe-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\uninstall\uninstaller.exe"
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Intel(R) Identity Protection Technology 1.1.2.0-->MsiExec.exe /X{C01A86F5-56E7-101F-9BC9-E3F1025EB779}
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216029FF}
Java(TM) 7 Update 3-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217003FF}
Jewel Quest: The Sleepless Star - Collector's Edition-->"C:\Program Files (x86)\HP Games\Jewel Quest The Sleepless Star - Collectors Edition\uninstall\uninstaller.exe"
K-Lite Mega Codec Pack 8.4.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Knoll Light Factory EZ Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\klfezstudio.log
Knoll Light Factory EZ Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Avid\Studio\Plugins\RTFx\klfezstudio.log
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
Magic Bullet Looks Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\mblooksstudio15.log
Magic Bullet Looks Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Avid\Studio\plugins\RTFxV2\mblooksstudio.log
Mah Jong Medley-->"C:\Program Files (x86)\HP Games\Mah Jong Medley\uninstall\uninstaller.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{2C303EE0-A595-3543-A71A-931C7AC40EDE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Sync Framework 2.0 Core Components (x64) ENU -->MsiExec.exe /I{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}
Microsoft Sync Framework 2.0 Provider Services (x64) ENU -->MsiExec.exe /I{03AC245F-4C64-425C-89CF-7783C1D3AB2C}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\wmv9vcm.inf, Uninstall
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mozilla Firefox 11.0 (x86 cs)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mystery of Mortlake Mansion-->"C:\Program Files (x86)\HP Games\Mystery of Mortlake Mansion\uninstall\uninstaller.exe"
Namco All-Stars: PAC-MAN-->"C:\Program Files (x86)\HP Games\Namco All-Stars PAC-MAN\uninstall\uninstaller.exe"
Nero 7 Ultra Edition-->MsiExec.exe /X{91C0B95B-B83A-4828-A775-BBE2DD421029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Ovladač 3D Vision 295.73-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.3\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovladač HD audia 1.3.12.0-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.3\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA Ovladač řídící jednotky 3D Vision 295.73-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.3\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Ovladače grafiky 275.88-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.5\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{4EAE665D-957A-4D04-9679-3AD582008877}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Systémový software PhysX 9.12.0209-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.3\NVI2.DLL",UninstallPackage Display.PhysX
Ovladače videa společnosti Pinnacle-->MsiExec.exe /X{6DE721A5-5E89-4D74-994C-652BB3C0672E}
PDF Complete Special Edition-->C:\Program Files (x86)\PDF Complete\uninstall.exe
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Penguins!-->"C:\Program Files (x86)\HP Games\Penguins!\uninstall\uninstaller.exe"
Pinnacle Creative Pack Volume 1-->MsiExec.exe /I{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}
Pinnacle Creative Pack Volume 2-->MsiExec.exe /I{0299DF57-FF2E-42C6-A4D7-9480E537D191}
Pinnacle Scorefitter Volume 3 - Travel-->MsiExec.exe /I{C8242A93-DA0A-4DED-997B-CBA00E254E91}
Pinnacle Studio 15 Ultimate Collection Plugins-->MsiExec.exe /I{BC7BED89-618B-4E89-8ADF-75D47F276223}
Pinnacle Studio 15-->MsiExec.exe /I{1362E602-9625-42D3-B57F-CDA9D26F9DA8}
Pinnacle Studio Bonus Content-->MsiExec.exe /I{FC030CB5-46A6-4229-AD6E-0AC869F509C8}
Pinnacle Winter Pack-->MsiExec.exe /I{67330878-0617-41A9-A3B0-B5298E89E7BC}
Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\HP Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe"
PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
Poker Superstars III-->"C:\Program Files (x86)\HP Games\Poker Superstars III\uninstall\uninstaller.exe"
Polar Bowler-->"C:\Program Files (x86)\HP Games\Polar Bowler\uninstall\uninstaller.exe"
Polar Golfer-->"C:\Program Files (x86)\HP Games\Polar Golfer\uninstall\uninstaller.exe"
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
ProFact 3.0-->"C:\Program Files (x86)\ProFact 3.0\unins000.exe"
PxMergeModule-->MsiExec.exe /I{024521CF-C07E-4F8E-8481-0D75695E03AF}
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Recovery Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
Red Giant ToonIt Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\rgtoonitstudio.log
Red Giant ToonIt Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Avid\Studio\Plugins\RTFx\rgtoonitstudio.log
RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe"
Sada Compatibility Pack pro systém Office 2007-->MsiExec.exe /X{90120000-0020-0405-0000-0000000FF1CE}
ScoreFitter Volume 1-->MsiExec.exe /I{9DCBDF08-F1C0-4935-A958-9501384FC528}
ScoreFitter Volume 2-->MsiExec.exe /I{74E5BA31-CB34-4388-BC7F-91DC8830AABC}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Silver Efex Pro 2-->C:\Program Files\Nik Software\Silver Efex Pro 2\Uninstall Silver Efex Pro 2.exe
Slingo Supreme-->"C:\Program Files (x86)\HP Games\Slingo Supreme\uninstall\uninstaller.exe"
Spyder3Elite-->C:\Windows\unvise32.exe C:\Program Files (x86)\Datacolor\Spyder3Elite\uninstal.log
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
TitleExtreme-->MsiExec.exe /I{96FE1BDC-6A66-470B-86A9-75A2966C92BF}
Total Commander 64-bit (Remove or Repair)-->C:\Program Files\totalcmd\tcunin64.exe
Trapcode 3DStroke Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\tc3dstrokestudio.log
Trapcode 3DStroke Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Avid\Studio\Plugins\RTFx\tc3dstrokestudio.log
Trapcode Particular Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Avid\Studio\Plugins\RTFx\tcparticularstudio.log
Trapcode Shine Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\tcshinestudio.log
Trapcode Shine Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Avid\Studio\Plugins\RTFx\tcshinestudio.log
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended
Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"
Uschovna.cz 1.1.0-->"C:\Program Files (x86)\Uschovna.cz\unins000.exe"
Vacation Quest - The Hawaiian Islands-->"C:\Program Files (x86)\HP Games\Vacation Quest - The Hawaiian Islands\uninstall\uninstaller.exe"
VIP Access SDK (1.0.1.4) -->C:\Program Files\Symantec\VIP Access SDK\uninstall.exe
Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\HP Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe"
Wacom Tablet-->C:\Program Files\Tablet\Wacom\32\Remove.exe /u
WebTablet IE Plugin-->"C:\Program Files (x86)\TabletPlugins\ieUninstall.exe" /S
WebTablet Netscape Plugin-->"C:\Program Files (x86)\TabletPlugins\npUninstall.exe" /S
WildTangent Games App (HP Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Zoner Photo Studio 14-->"C:\Program Files\Zoner\Photo Studio 14\unins000.exe" /SILENT
Zuma Deluxe-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\uninstall\uninstaller.exe"

======System event log======

Computer Name: WIN-4TNU9H5QTUV
Event Code: 7040
Message: Režim spuštění služby Windows Search byl změněn z auto start na disabled.
Record Number: 1603
Source Name: Service Control Manager
Time Written: 20111112084258.807342-000
Event Type: Informace
User: Michal-HP\Administrator

Computer Name: WIN-4TNU9H5QTUV
Event Code: 7036
Message: Stav služby Windows Search byl změněn na: running
Record Number: 1602
Source Name: Service Control Manager
Time Written: 20111112084254.454935-000
Event Type: Informace
User:

Computer Name: WIN-4TNU9H5QTUV
Event Code: 104
Message: Byl vymazán soubor protokolu Setup.
Record Number: 1601
Source Name: Microsoft-Windows-Eventlog
Time Written: 20111112084246.436521-000
Event Type: Informace
User: Michal-HP\Administrator

Computer Name: WIN-4TNU9H5QTUV
Event Code: 104
Message: Byl vymazán soubor protokolu Application.
Record Number: 1600
Source Name: Microsoft-Windows-Eventlog
Time Written: 20111112084246.389721-000
Event Type: Informace
User: Michal-HP\Administrator

Computer Name: WIN-4TNU9H5QTUV
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 1599
Source Name: Microsoft-Windows-Eventlog
Time Written: 20111112084246.374121-000
Event Type: Informace
User: Michal-HP\Administrator

=====Application event log=====

Computer Name: WIN-4TNU9H5QTUV
Event Code: 102
Message: WinMail (3344) WindowsMail0: Databázový stroj (6.01.7601.0000) spustil novou instanci (0).
Record Number: 1409
Source Name: ESENT
Time Written: 20111112084253.000000-000
Event Type: Informace
User:

Computer Name: WIN-4TNU9H5QTUV
Event Code: 102
Message: Windows (3752) Windows: Databázový stroj (6.01.7601.0000) spustil novou instanci (0).
Record Number: 1408
Source Name: ESENT
Time Written: 20111112084252.000000-000
Event Type: Informace
User:

Computer Name: WIN-4TNU9H5QTUV
Event Code: 1004
Message: Služba Windows Search vytváří nový vyhledávací index {Důvod: Full Index Reset}.

Record Number: 1407
Source Name: Microsoft-Windows-Search
Time Written: 20111112084247.000000-000
Event Type: Informace
User:

Computer Name: WIN-4TNU9H5QTUV
Event Code: 1010
Message: Služba Windows Search úspěšně odebrala starý vyhledávací index.

Record Number: 1406
Source Name: Microsoft-Windows-Search
Time Written: 20111112084247.000000-000
Event Type: Informace
User:

Computer Name: WIN-4TNU9H5QTUV
Event Code: 1008
Message: Služba Windows Search zahajuje pokus o odebrání starého vyhledávacího indexu {Důvod: Full Index Reset}.

Record Number: 1405
Source Name: Microsoft-Windows-Search
Time Written: 20111112084247.000000-000
Event Type: Upozornění
User:

=====Security event log=====

Computer Name: WIN-4TNU9H5QTUV
Event Code: 4738
Message: Byl změněn uživatelský účet.

Předmět:
ID zabezpečení: S-1-5-21-3974852013-3889441146-2567708837-500
Název účtu: Administrator
Doména účtu: WIN-4TNU9H5QTUV
ID přihlášení: 0x2648d

Cílový účet:
ID zabezpečení: S-1-5-21-3974852013-3889441146-2567708837-500
Název účtu: Administrator
Doména účtu: WIN-4TNU9H5QTUV

Změněné atributy:
Název účtu SAM: -
Zobrazovaný název: -
Zaregistrovaný název uživatele: -
Domovský adresář: -
Domovská jednotka: -
Cesta skriptu: -
Cesta profilu: -
Pracovní stanice uživatele: -
Poslední nastavení hesla: -
Vypršení platnosti účtu: -
ID primární skupiny: -
Povolené delegování: -
Původní hodnota UAC: 0x214
Nová hodnota UAC: 0x215
Řízení účtu uživatele:
Účet je zakázán.
Parametry uživatele: -
Historie identifikátoru zabezpečení: -
Přihlašovací hodiny: -

Další informace:
Oprávnění: -
Record Number: 296
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111112084258.198941-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-4TNU9H5QTUV
Event Code: 4725
Message: Uživatelský účet byl zakázán.

Předmět:
ID zabezpečení: S-1-5-21-3974852013-3889441146-2567708837-500
Název účtu: Administrator
Doména účtu: WIN-4TNU9H5QTUV
ID přihlášení: 0x2648d

Cílový účet:
ID zabezpečení: S-1-5-21-3974852013-3889441146-2567708837-500
Název účtu: Administrator
Doména účtu: WIN-4TNU9H5QTUV
Record Number: 295
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111112084258.198941-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-4TNU9H5QTUV
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 294
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111112084247.278922-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-4TNU9H5QTUV
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: WIN-4TNU9H5QTUV$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x278
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 293
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111112084247.278922-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-4TNU9H5QTUV
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-3974852013-3889441146-2567708837-500
Název účtu: Administrator
Název domény: WIN-4TNU9H5QTUV
ID přihlášení: 0x2648d
Record Number: 292
Source Name: Microsoft-Windows-Eventlog
Time Written: 20111112084246.389721-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\HP SimplePass 2011\x64;C:\Program Files (x86)\HP SimplePass 2011;;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Intel\Services\IPT;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Pinnacle\Shared Files
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"FPPUILang"=en-US
"OnlineServices"=Online Services
"Platform"=BPC
"OOBEUILang"=cs-CZ
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

A opet jsme o post vyse - pravidla fora

Je jasne dano, ze pokud ma PC nelegalni bezp. SW tak jej neresime...

Jste ochoten prejit na free reseni zabezpeceni (Avast, Avira ci MSE)

ano, určitě. necham si poradit a splním podmínky. Přecházím na avast.

Fajn, nainstalujte Avast

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"DAEMON Tools Lite"=-
"SUPERAntiSpyware"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"=-
"SwitchBoard"=-
"Adobe ARM"=-
"Adobe Acrobat Speed Launcher"=-
"Acrobat Assistant 8.0"=-
"APSDaemon"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-

DDS::
uStart Page = hxxp://www.bing.com?pc=CMDTDF
mStart Page = hxxp://www.bing.com?pc=CMDTDF

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

File::
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3974852013-3889441146-2567708837-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3974852013-3889441146-2567708837-1000UA.job
C:\Windows\tasks\HPCeeScheduleForMichal.job

Driver::
NMIndexingService

ClearJavaCache::

AtJob::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Provedeno

ComboFix 12-04-18.01 - Michal 18.04.2012 21:50:31.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.16364.13959 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3974852013-3889441146-2567708837-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3974852013-3889441146-2567708837-1000UA.job"
"c:\windows\tasks\HPCeeScheduleForMichal.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3974852013-3889441146-2567708837-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3974852013-3889441146-2567708837-1000UA.job
c:\windows\tasks\HPCeeScheduleForMichal.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NMIndexingService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-18 do 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 19:57 . 2012-04-18 19:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-18 19:57 . 2012-04-18 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 19:44 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-18 19:44 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-18 19:44 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-18 19:44 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-18 19:44 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-18 19:44 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-18 19:44 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-18 19:44 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-18 19:44 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-18 19:44 . 2012-04-18 19:44 -------- d-----w- c:\programdata\AVAST Software
2012-04-18 19:44 . 2012-04-18 19:44 -------- d-----w- c:\program files\AVAST Software
2012-04-18 16:42 . 2012-04-18 16:42 -------- d-----w- C:\rsit
2012-04-18 16:42 . 2012-04-18 16:42 -------- d-----w- c:\program files\trend micro
2012-04-17 19:59 . 2012-04-17 19:59 -------- d-----w- c:\users\Michal\AppData\Roaming\SUPERAntiSpyware.com
2012-04-17 19:59 . 2012-04-17 20:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-17 19:59 . 2012-04-17 19:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-17 16:01 . 2012-04-17 17:33 -------- d-----w- c:\users\pokus
2012-04-17 15:35 . 2012-04-17 15:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-17 15:35 . 2012-04-17 15:35 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-17 15:10 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62020A67-37F1-4F7B-A0F1-7C561F93CA3C}\mpengine.dll
2012-04-16 19:41 . 2012-04-16 19:43 -------- d-----w- c:\users\Michal\AppData\Local\Google
2012-04-16 15:33 . 2012-04-16 15:33 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2012-04-16 15:33 . 2012-04-16 15:33 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 15:10 . 2011-08-04 22:03 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2012-04-15 20:27 . 2012-04-17 16:23 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 01:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 01:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 01:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 01:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 01:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 01:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 01:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-29 15:03 . 2012-03-29 15:03 -------- d-----w- c:\program files (x86)\Artisteer 3
2012-03-25 11:18 . 2011-06-09 13:32 1658880 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2012-03-25 08:02 . 2012-03-25 08:02 -------- d-----w- c:\program files (x86)\MSECache
2012-03-25 06:30 . 2012-04-15 19:49 -------- d-----w- c:\users\Michal\AppData\Roaming\FileZilla
2012-03-25 06:30 . 2012-03-25 06:30 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-03-24 08:59 . 2012-03-13 04:36 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-24 08:59 . 2012-03-13 04:36 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 16:23 . 2011-11-12 08:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-17 15:35 . 2011-12-05 20:18 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-26 20:53 . 2012-02-26 20:53 58664 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{67330878-0617-41A9-A3B0-B5298E89E7BC}\ARPPRODUCTICON.exe
2012-02-23 21:05 . 2012-02-23 21:05 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 16:06 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 16:06 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 16:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 16:06 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:00 . 2012-02-18 15:47 79360 ------w- c:\windows\SysWow64\ff_vfw.dll
2012-02-12 10:47 . 2011-12-10 17:06 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-10 06:36 . 2012-03-14 18:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 18:11 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 04:13 . 2012-02-26 11:37 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-02-10 04:13 . 2012-02-26 11:37 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-02-10 04:13 . 2012-02-26 11:37 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-26 11:37 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-26 11:37 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-02-10 04:13 . 2012-02-26 11:37 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-02-10 04:13 . 2012-02-26 11:37 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-02-26 11:37 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 03:05 . 2012-02-26 11:37 2497985 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-09 19:05 . 2012-02-09 19:05 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-03 04:34 . 2012-03-14 18:11 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-30 16:06 . 2012-01-30 16:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-01-30 16:06 . 2012-01-30 16:06 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-25 06:38 . 2012-03-14 16:05 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 16:05 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 16:05 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-18_16.02.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-12 08:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-18 19:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-12 08:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 19:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 19:46 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-12 08:11 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-04-18 19:44 35400 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2012-04-18 19:38 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-04-16 15:09 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-01-25 15:27 . 2012-04-18 19:42 53331 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
- 2012-01-25 15:27 . 2012-04-18 15:09 53331 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2011-12-05 15:15 . 2012-04-18 19:44 7578 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3974852013-3889441146-2567708837-1000_UserData.bin
- 2012-04-18 15:09 . 2012-04-18 15:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 19:58 . 2012-04-18 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-18 15:09 . 2012-04-18 15:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-18 19:58 . 2012-04-18 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-04-18 19:47 651938 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-18 15:13 651938 c:\windows\system32\perfh009.dat
+ 2011-11-12 07:45 . 2012-04-18 19:47 666194 c:\windows\system32\perfh005.dat
- 2011-11-12 07:45 . 2012-04-18 15:13 666194 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-04-18 15:13 120870 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-18 19:47 120870 c:\windows\system32\perfc009.dat
- 2011-11-12 07:45 . 2012-04-18 15:13 139890 c:\windows\system32\perfc005.dat
+ 2011-11-12 07:45 . 2012-04-18 19:47 139890 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:30 . 2012-04-18 19:38 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-04-16 15:09 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-26 11:38 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-04-18 19:38 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-04-18 15:09 424296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-18 19:57 424296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-06 02:15 . 2012-04-18 19:57 40233228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3974852013-3889441146-2567708837-1000-12288.dat
- 2011-12-06 02:15 . 2012-04-18 15:09 40233228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3974852013-3889441146-2567708837-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-09 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nsa210_nsa210.lnk - C:\nsa210_nsa210.bat [2011-12-5 105]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-6-4 7667970]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-18 1030600]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys [x]
R3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-03-29 66560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-04 2214504]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWSNX
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"combofix"="c:\combofix\CF25763.3XE" [2010-11-21 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.2.1 10.1.1.1
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\9eqr59oe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
c:\windows\system32\spool\DRIVERS\x64\3\CNAC8SWK.EXE
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2012-04-18 22:01:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-18 20:01
ComboFix2.txt 2012-04-18 16:04
.
Před spuštěním: Volných bajtů: 131 813 044 224
Po spuštění: Volných bajtů: 131 637 157 888
.
- - End Of File - - 3EF7E43D73B615915B1F2013BBD395D6

Jak se chova nas pacient

leží pod stolem a moc se nehýbe

ale v načítání stránek žádná změna

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

VIRY.CZ

Nenačtou se některé stránky

Nenačtou se některé stránky

Re: Nenačtou se některé stránky (umístěné na pipni.cz)

Re: Nenačtou se některé stránky (umístěné na pipni.cz)

Re: Nenačtou se některé stránky

Re: Nenačtou se některé stránky

Re: Nenačtou se některé stránky

Re: Nenačtou se některé stránky

Re: Nenačtou se některé stránky

Re: Nenačtou se některé stránky

Re: Nenačtou se některé stránky

Re: Nenačtou se některé stránky

Re: Nenačtou se některé stránky

Re: Nenačtou se některé stránky

Re: Nenačtou se některé stránky

Re: Nenačtou se některé stránky