VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Dočištění

https://forum.viry.cz:443/viewtopic.php?t=126213

Stránka 1 z 2

Dočištění

Napsal: 01 pro 2012 13:41
od Ashok28
Zdravím,

dostal sem od kolegy na "opravu" jeho notebook. Byl v stavu, kdy ho nebylo možné používat. Hned při startu vyskakovalo okno od "Policie" kde ho to žádalo k zaplatit přes Ucash pokutu 100 Eur za údajné šíření nelegálního materiálu.
Samozřejmě, překlad byl naprosto příšerný a tak i jemu jako laikovi napadlo že to asi pravá policie nebude...
Počítač sem pročistil, už funguje jak má ale pro jistotu sem dávám ještě log aby jste se na to podívali. Jak možná někteří lektoři z kurzu pro nováčky víte, registry nejsou moje silná stránka, takže tam možná bude ještě nějaký odpad.

Předem díky!

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-12-01 13:24:49
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 585 GB (87%) free of 670 GB
Total RAM: 4040 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:24:53, on 1. 12. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3AE36D9-0E0A-40AC-A3A5-03C98D88751D}: NameServer = 213.151.200.31 213.151.208.162
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13156 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service
C:\ProgramData\\OnlineUpdate\ouc.exe "C:/Program Files (x86)/Mobile Partner/UpdateDog/"
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1940
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\ProgramData\DatacardService\DCSHelper.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\USB Camera2\VM332_STI.EXE"
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\windows\system32\UI0Detect.exe
"C:\windows\system32\spool\DRIVERS\x64\3\HP1005MC.EXE" -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\SysWOW64\RunDll32.exe "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\windows\system32\wuauclt.exe"
C:\windows\System32\svchost.exe -k swprv
C:\windows\servicing\TrustedInstaller.exe
taskeng.exe {AB7D5AE0-20B7-449D-91A9-2AE34E13B00E}
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\vssvc.exe
C:\windows\splwow64.exe 8192
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3424.1.1256177624\377705369" --gpu-vendor-id=0x8086 --gpu-device-id=0x0106 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2342 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/1/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_23/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --extension-process --renderer-print-preview --channel="3424.2.709155196\513636831" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll" --lang=sk --channel="3424.3.511723179\175529570" /prefetch:4
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/1/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_23/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="3424.5.1702525416\728477303" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3424.6.883895556\368217572" --lang=sk --ignored=" --type=renderer " /prefetch:13
C:\windows\system32\sppsvc.exe
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Admin\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\AutoKMS.job
C:\windows\tasks\AutoKMSDaily.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000UA.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000UA.job
C:\windows\tasks\Norton Security Scan for Admin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-09-23 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-08-06 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-23 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-08-06 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-09-23 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-23 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-03-29 167960]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-03-29 391704]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-03-29 418840]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-04-08 2741544]
"Lenovo EE Boot Optimizer"=C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [2011-09-24 114688]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2011-09-24 9753024]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2011-09-24 5908928]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-03-07 4081008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2012-08-07 1353080]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-09-24 39408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-02-18 283160]
"332BigDog"=C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [2010-01-19 536576]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]
"VeriFaceManager"=C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [2011-09-24 329056]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2011-03-25 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-12-01 13:24:49 ----D---- C:\rsit
2012-12-01 13:24:49 ----D---- C:\Program Files\trend micro
2012-12-01 12:32:55 ----D---- C:\Program Files\CCleaner
2012-12-01 11:27:22 ----D---- C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-12-01 11:27:16 ----D---- C:\ProgramData\Malwarebytes
2012-12-01 11:27:15 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-01 11:27:15 ----A---- C:\windows\system32\drivers\mbam.sys
2012-11-15 06:25:23 ----A---- C:\windows\system32\Wdfres.dll
2012-11-15 06:25:23 ----A---- C:\windows\system32\drivers\WdfLdr.sys
2012-11-15 06:25:23 ----A---- C:\windows\system32\drivers\Wdf01000.sys
2012-11-15 06:20:08 ----A---- C:\windows\system32\mshtmled.dll
2012-11-15 06:20:07 ----A---- C:\windows\SYSWOW64\vbscript.dll
2012-11-15 06:20:07 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2012-11-15 06:20:06 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2012-11-15 06:20:06 ----A---- C:\windows\SYSWOW64\ieui.dll
2012-11-15 06:20:06 ----A---- C:\windows\system32\ieUnatt.exe
2012-11-15 06:20:06 ----A---- C:\windows\system32\ieui.dll
2012-11-15 06:20:05 ----A---- C:\windows\SYSWOW64\urlmon.dll
2012-11-15 06:20:05 ----A---- C:\windows\SYSWOW64\url.dll
2012-11-15 06:20:05 ----A---- C:\windows\system32\url.dll
2012-11-15 06:20:04 ----A---- C:\windows\system32\urlmon.dll
2012-11-15 06:20:04 ----A---- C:\windows\system32\jscript9.dll
2012-11-15 06:20:03 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2012-11-15 06:20:03 ----A---- C:\windows\system32\msfeeds.dll
2012-11-15 06:20:02 ----A---- C:\windows\SYSWOW64\wininet.dll
2012-11-15 06:20:02 ----A---- C:\windows\system32\wininet.dll
2012-11-15 06:20:02 ----A---- C:\windows\system32\jsproxy.dll
2012-11-15 06:20:01 ----A---- C:\windows\SYSWOW64\jscript9.dll
2012-11-15 06:20:01 ----A---- C:\windows\SYSWOW64\jscript.dll
2012-11-15 06:20:01 ----A---- C:\windows\system32\vbscript.dll
2012-11-15 06:20:01 ----A---- C:\windows\system32\jscript.dll
2012-11-15 06:20:00 ----A---- C:\windows\SYSWOW64\iertutil.dll
2012-11-15 06:20:00 ----A---- C:\windows\system32\iertutil.dll
2012-11-15 06:19:59 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2012-11-15 06:19:55 ----A---- C:\windows\SYSWOW64\mshtml.dll
2012-11-15 06:19:54 ----A---- C:\windows\system32\mshtml.dll
2012-11-15 06:19:52 ----A---- C:\windows\system32\ieframe.dll
2012-11-15 06:19:50 ----A---- C:\windows\SYSWOW64\ieframe.dll
2012-11-15 06:19:23 ----A---- C:\windows\system32\WUDFSvc.dll
2012-11-15 06:19:23 ----A---- C:\windows\system32\WUDFPlatform.dll
2012-11-15 06:19:23 ----A---- C:\windows\system32\drivers\WUDFRd.sys
2012-11-15 06:19:23 ----A---- C:\windows\system32\drivers\WUDFPf.sys
2012-11-15 06:19:22 ----A---- C:\windows\system32\WUDFCoinstaller.dll
2012-11-15 06:19:21 ----A---- C:\windows\system32\WUDFx.dll
2012-11-15 06:19:21 ----A---- C:\windows\system32\WUDFHost.exe
2012-11-15 03:39:22 ----A---- C:\windows\SYSWOW64\dhcpcsvc6.dll
2012-11-15 03:39:22 ----A---- C:\windows\SYSWOW64\dhcpcore6.dll
2012-11-15 03:39:22 ----A---- C:\windows\system32\dhcpcsvc6.dll
2012-11-15 03:39:22 ----A---- C:\windows\system32\dhcpcore6.dll
2012-11-15 03:39:18 ----A---- C:\windows\system32\win32k.sys
2012-11-15 03:39:15 ----A---- C:\windows\SYSWOW64\ncsi.dll
2012-11-15 03:39:15 ----A---- C:\windows\system32\ncsi.dll
2012-11-15 03:39:15 ----A---- C:\windows\system32\drivers\tcpip.sys
2012-11-15 03:39:14 ----A---- C:\windows\SYSWOW64\nlaapi.dll
2012-11-15 03:39:14 ----A---- C:\windows\SYSWOW64\netevent.dll
2012-11-15 03:39:14 ----A---- C:\windows\SYSWOW64\netcorehc.dll
2012-11-15 03:39:14 ----A---- C:\windows\system32\nlasvc.dll
2012-11-15 03:39:14 ----A---- C:\windows\system32\nlaapi.dll
2012-11-15 03:39:14 ----A---- C:\windows\system32\netevent.dll
2012-11-15 03:39:14 ----A---- C:\windows\system32\netcorehc.dll
2012-11-15 03:39:14 ----A---- C:\windows\system32\iphlpsvc.dll
2012-11-15 03:39:14 ----A---- C:\windows\system32\drivers\tcpipreg.sys
2012-11-15 03:38:49 ----A---- C:\windows\SYSWOW64\synceng.dll
2012-11-15 03:38:49 ----A---- C:\windows\system32\synceng.dll

======List of files/folders modified in the last 1 month======

2012-12-01 13:24:53 ----D---- C:\windows\Prefetch
2012-12-01 13:24:50 ----D---- C:\windows\Temp
2012-12-01 13:24:49 ----RD---- C:\Program Files
2012-12-01 13:17:11 ----D---- C:\windows\system32\config
2012-12-01 13:16:21 ----D---- C:\windows\rescache
2012-12-01 12:53:35 ----D---- C:\windows\System32
2012-12-01 12:53:35 ----D---- C:\windows\inf
2012-12-01 12:53:35 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-12-01 12:52:03 ----A---- C:\windows\SYSWOW64\log.txt
2012-12-01 12:50:36 ----D---- C:\Program Files (x86)\Steam
2012-12-01 12:49:52 ----D---- C:\ProgramData\VeriFace
2012-12-01 12:49:21 ----D---- C:\ProgramData\OnlineUpdate
2012-12-01 12:49:10 ----D---- C:\Windows
2012-12-01 12:44:34 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2012-12-01 12:44:32 ----D---- C:\windows\Panther
2012-12-01 12:44:32 ----D---- C:\windows\ModemLogs
2012-12-01 12:44:32 ----D---- C:\windows\Minidump
2012-12-01 12:44:32 ----D---- C:\windows\Logs
2012-12-01 12:44:32 ----D---- C:\windows\debug
2012-12-01 12:32:57 ----D---- C:\windows\system32\Tasks
2012-12-01 11:27:16 ----HD---- C:\ProgramData
2012-12-01 11:27:15 ----RD---- C:\Program Files (x86)
2012-12-01 11:27:15 ----D---- C:\windows\system32\drivers
2012-12-01 06:30:54 ----SHD---- C:\windows\Installer
2012-12-01 06:28:11 ----D---- C:\windows\system32\catroot2
2012-12-01 06:27:59 ----D---- C:\windows\Tasks
2012-11-30 21:25:19 ----D---- C:\windows\winsxs
2012-11-30 21:25:13 ----D---- C:\windows\AppPatch
2012-11-30 21:24:59 ----SHD---- C:\System Volume Information
2012-11-28 17:29:57 ----D---- C:\windows\system32\catroot
2012-11-25 19:57:21 ----D---- C:\windows\system32\NDF
2012-11-24 14:15:12 ----D---- C:\ProgramData\Skype
2012-11-24 14:15:09 ----RD---- C:\Program Files (x86)\Skype
2012-11-24 14:15:09 ----D---- C:\Program Files (x86)\Common Files
2012-11-15 19:09:14 ----D---- C:\windows\Microsoft.NET
2012-11-15 19:09:13 ----RSD---- C:\windows\assembly
2012-11-15 17:23:59 ----D---- C:\windows\SYSWOW64\en-US
2012-11-15 17:23:59 ----D---- C:\windows\SysWOW64
2012-11-15 17:23:59 ----D---- C:\windows\system32\en-US
2012-11-15 17:23:58 ----D---- C:\windows\system32\drivers\en-US
2012-11-15 17:23:57 ----D---- C:\windows\system32\wbem
2012-11-15 17:23:56 ----D---- C:\windows\SYSWOW64\migration
2012-11-15 17:23:56 ----D---- C:\windows\system32\migration
2012-11-15 17:23:56 ----D---- C:\Program Files (x86)\Internet Explorer
2012-11-15 17:23:52 ----D---- C:\Program Files\Internet Explorer
2012-11-15 17:23:48 ----D---- C:\windows\system32\sk-SK
2012-11-15 17:23:47 ----RD---- C:\windows\Fonts
2012-11-15 06:29:43 ----D---- C:\ProgramData\Microsoft Help
2012-11-15 06:18:55 ----A---- C:\windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2011-09-24 57952]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-02-18 439320]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2011-09-24 39008]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2011-09-24 13408]
R1 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2011-09-24 29792]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-11-24 2673664]
R3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-12-15 106536]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2010-12-15 138280]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-12-15 21416]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-02-14 1581184]
R3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-10-12 87040]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-03-25 12262336]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-04-08 1430576]
R3 vm2uvcflt;Vimicro USB Camera Filter 2; C:\windows\System32\Drivers\vm2uvcflt.sys [2010-09-21 15056]
R3 vm332avs;Lenovo Camera2; C:\windows\System32\Drivers\vm332avs.sys [2010-12-10 234960]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-10-12 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-12 13952]
S3 huawei_cdcacm;huawei_cdcacm; C:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-10-12 98304]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-10-12 28672]
S3 huawei_wwanecm;huawei_wwanecm; C:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-10-12 223744]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2010-09-30 299520]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 Ser2pl;Prolific Serial port driver; C:\windows\system32\DRIVERS\ser2pl64.sys [2009-11-19 97280]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\windows\system32\DRIVERS\silabenm.sys [2009-10-08 23040]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\windows\system32\DRIVERS\silabser.sys [2009-10-08 73216]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Serial Driver; C:\windows\system32\DRIVERS\usbser.sys [2010-11-21 32768]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-12-14 953632]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [2012-10-12 655712]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-21 194032]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-10-26 529744]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-12-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Re: Dočištění

Napsal: 01 pro 2012 16:51
od vyosek
Ahoj a zdravim te :)

:arrow: Dej mi sem prosim i druhy log z RSITu (info.txt)

:arrow: Dej mi sem logy z MBAMu at mrknu co se mazalo

Re: Dočištění

Napsal: 01 pro 2012 17:02
od Ashok28
Logy z MBAMu bohužel nemohu najít, nejsou uloženy tam kde by asi měli být.

Info:
info.txt logfile of random's system information tool 1.09 2012-12-01 13:24:55

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
-->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SM=SmartAudio.EXE,1801
Activision(R)-->MsiExec.exe /X{14C36646-83C8-430E-92B3-16F998BDB4E0}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 11 ActiveX 64-bit-->C:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -maintain activex
Adobe Reader X (10.1.3) - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-AA1000000001}
Adobe Shockwave Player 11.6-->"C:\windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Assassin's Creed-->C:\Program Files (x86)\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
Atheros Client Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}\setup.exe -runfromtemp -l0x0009 -removeonly
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5-->MsiExec.exe /I{E031338C-839D-4EDD-9537-99B653C39D81}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\windows\iun6002.exe "C:\Program Files (x86)\Codec Pack - All In 1\irunin.ini"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -IPIWCC2wa.inf
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{18636D65-B3A5-4B6A-A869-A2D57FAC2512}" "1051" "0"
EA Download Manager UI-->msiexec /qb /x {E17141A6-211D-5854-61D9-69827A430D82}
EA Download Manager UI-->MsiExec.exe /I{E17141A6-211D-5854-61D9-69827A430D82}
EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADownloadManager\EADMUninstall.exe
Energy Management-->"C:\Program Files (x86)\InstallShield Installation Information\{D0956C11-0F60-43FE-99AD-524E833471BB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Energy Management-->MsiExec.exe /I{D0956C11-0F60-43FE-99AD-524E833471BB}
Euro2A 5.21-->"C:\Program Files (x86)\Elcom\Euro2A\uninstall.exe"
Facebook Video Calling 1.2.0.287-->MsiExec.exe /X{B92C5909-1D37-4C51-8397-A28BB28E5DC3}
Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Talk Plugin-->MsiExec.exe /I{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_E6C807F38EB64284.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Lenovo Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
Lenovo EasyCamera-->C:\Program Files (x86)\InstallShield Installation Information\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}\setup.exe -runfromtemp -l0x0009 -removeonly
Lenovo EE Boot Optimizer-->C:\Program Files (x86)\Lenovo\Boot Optimizer\Uninstall.exe
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Lenovo YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Malwarebytes Anti-Malware verzia 1.65.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-041B-0000-0000000FF1CE}" "{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-041B-0000-0000000FF1CE}" "{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-041B-0000-0000000FF1CE}" "{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-041B-0000-0000000FF1CE}" "{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-041B-0000-0000000FF1CE}" "{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-041B-0000-0000000FF1CE}" "{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-0000-0000000FF1CE}" "{2304F942-79D2-46F7-A512-269A7F5B7EFC}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040E-0000-0000000FF1CE}" "{71431694-851E-4BC7-92A9-4BB9D196E24F}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041B-0000-0000000FF1CE}" "{A162C5E6-7778-4D5B-9F0A-38F0122DD859}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-041B-1000-0000000FF1CE}" "{6AD0855C-A3FC-4B71-907A-D4372C6F75DB}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-041B-0000-0000000FF1CE}" "{93F2D01D-F7E6-46E5-9A7C-316262461F9F}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-041B-0000-0000000FF1CE}" "{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-041B-0000-0000000FF1CE}" "{56405E5D-9583-4644-B183-AFB3E19D80B3}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-041B-0000-0000000FF1CE}" "{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-041B-0000-0000000FF1CE}" "{9C5E0700-7189-470B-A02E-7FFE75C8BD43}" "1051" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1051" "0"
Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0016-041B-0000-0000000FF1CE}
Microsoft Office Groove MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00BA-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0044-041B-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00A1-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2010-->MsiExec.exe /X{90140000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2010-->MsiExec.exe /X{90140000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Slovak) 2010-->MsiExec.exe /X{90140000-002A-041B-1000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2010-->MsiExec.exe /X{90140000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001B-041B-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mobile Partner-->C:\Program Files (x86)\Mobile Partner\uninst.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
Norton Security Scan-->C:\Program Files (x86)\Norton Security Scan\Engine\3.7.0.18\InstWrap.exe
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení-->MsiExec.exe /I{B6190387-0036-4BEB-8D74-A0AFC5F14706}
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia-->MsiExec.exe /I{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}
PL-2303 USB-to-Serial-->"C:\Program Files (x86)\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Prototype(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409
Realtek USB 2.0 Reader Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe" -runfromtemp -removeonly
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{73CC972E-6ABF-456B-9E1E-BADC0E65B57A}" "1051" "0"
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{D267D0F7-9770-467D-ACF3-FB2F7E0AC532}" "1051" "0"
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{FDCB9E3E-FA40-40E9-AFF4-73BDE8E52205}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{ED57715B-D523-4EC9-854B-FB3E768E4349}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{CC39BA1F-7A25-440C-86A7-77E35D8CC88C}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{87149E40-4C8B-4E16-8571-D54E9B817D0B}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{54A1B66B-F5B2-45AD-8B19-5F51A027A1B9}" "1051" "0"
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{B5489515-6DD4-47A5-AE4E-64751D15F10E}" "1051" "0"
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{61461470-8168-4F4B-97B7-617AF354F028}" "1051" "0"
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{0A682BA4-3C78-42C3-8DDF-EB9A6ABE5535}" "1051" "0"
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{4D8C4F20-7E4F-4068-A0A4-BF841D42693A}" "1051" "0"
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)-->C:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
Silicon Laboratories CP210x VCP Drivers for Windows 7-->"C:\Program Files (x86)\InstallShield Installation Information\{2209E3FB-5578-4527-AFCF-72E1179A38B0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 6.0-->MsiExec.exe /X{EA17F4FC-FDBF-4CF8-A529-2D983132D053}
Spider-Man(TM) - Shattered Dimensions-->"C:\Program Files (x86)\InstallShield Installation Information\{14C36646-83C8-430E-92B3-16F998BDB4E0}\setup.exe" -runfromtemp -l0x0409 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1051" "0"
Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1051" "0"
Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}" "1051" "0"
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1051" "0"
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{18B3CF2A-73F7-4716-B1AE-86D68726D408}" "1051" "0"
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-0000-0000000FF1CE}" "{2AB2E0DF-DF6F-4051-895B-A09FA08AD387}" "1051" "0"
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{E6EAF5E1-5E2A-4E4F-847E-97B45179E45B}" "1051" "0"
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{C06ABC7E-8923-4BB1-A7A2-197F5A3E0973}" "1051" "0"
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-041B-0000-0000000FF1CE}" "{45BC4A6A-9337-4276-AF51-6481A747BB32}" "1051" "0"
Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1051" "0"
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1051" "0"
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{1CBEDB37-C438-473F-8BA0-2535B0D237E2}" "1051" "0"
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{1CBEDB37-C438-473F-8BA0-2535B0D237E2}" "1051" "0"
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-041B-0000-0000000FF1CE}" "{B4E15135-5272-4194-9724-5FA19F72296D}" "1051" "0"
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}" "1051" "0"
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}" "1051" "0"
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-041B-0000-0000000FF1CE}" "{B1F5ED4F-08EE-4487-89EA-69406127A951}" "1051" "0"
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}" "1051" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-041B-0000-0000000FF1CE}" "{939C62F7-4741-43AF-A29F-5ED0BF0D318A}" "1051" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}" "1051" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{5DA2D071-A54C-47C0-83E5-43C63DBFD936}" "1051" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{5DA2D071-A54C-47C0-83E5-43C63DBFD936}" "1051" "0"
UserGuide-->"C:\Program Files (x86)\InstallShield Installation Information\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\setup.exe" -runfromtemp -l0x0409 -removeonly
UserGuide-->MsiExec.exe /I{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}
VeriFace-->C:\Program Files (x86)\Lenovo\VeriFace\Uninstall.exe
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)-->C:\PROGRA~1\DIFX\8C657473004ED4CD\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\vpc.inf_amd64_neutral_28dd80cc6c82ef03\vpc.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Fotogaléria-->MsiExec.exe /X{97F77D62-5110-4FA3-A2D3-410B92D31199}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C454280F-3C3E-4929-B60E-9E6CED5717E7}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mail-->MsiExec.exe /I{FA6CF94F-DACF-4FE7-959D-55C421B91B17}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{80E8C65A-8F70-4585-88A2-ABC54BABD576}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{A3389C72-1782-4BB4-BBAA-33345DE52E3F}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live Messenger-->MsiExec.exe /X{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}
Windows Live Photo Common-->MsiExec.exe /X{6F37D92B-41AA-44B7-80D2-457ABDE11896}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{3921492E-82D2-4180-8124-E347AD2F2DB4}
Windows Live Remote Client Resources-->MsiExec.exe /I{5F44A3A1-5D24-4708-8776-66B42B174C64}
Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}
Windows Live Remote Service Resources-->MsiExec.exe /I{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}
Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{5E627606-53B9-42D1-97E1-D03F6229E248}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}
Windows Live Writer Resources-->MsiExec.exe /X{AB78C965-5C67-409B-8433-D7B5BDB12073}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{11778DA1-0495-4ED9-972F-F9E0B0367CD5}
Windows Live Writer-->MsiExec.exe /X{4264C020-850B-4F08-ACBE-98205D9C336C}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
WinRAR 4.20 (64-bitová verzia)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: Admin-PC
Event Code: 36887
Message: The following fatal alert was received: 47.
Record Number: 79457
Source Name: Schannel
Time Written: 20120430071115.235711-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Admin-PC
Event Code: 36887
Message: The following fatal alert was received: 47.
Record Number: 79456
Source Name: Schannel
Time Written: 20120430071115.235711-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Admin-PC
Event Code: 36887
Message: The following fatal alert was received: 47.
Record Number: 79455
Source Name: Schannel
Time Written: 20120430071115.204511-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Admin-PC
Event Code: 36887
Message: The following fatal alert was received: 47.
Record Number: 79454
Source Name: Schannel
Time Written: 20120430071115.204511-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Admin-PC
Event Code: 4001
Message: Služba automatickej konfigurácie siete WLAN sa úspešne zastavila.

Record Number: 79319
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20120430051836.951225-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Admin-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 27274
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20120424043634.739456-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Admin-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 27259
Source Name: Microsoft-Windows-WMI
Time Written: 20120424043159.000000-000
Event Type: Error
User:

Computer Name: Admin-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
0 user registry handles leaked from \Registry\User\S-1-5-21-2708795968-631334427-156177037-1000:

Record Number: 27215
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20120423190311.876753-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Admin-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 27211
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20120423175624.138944-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Admin-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 27209
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20120423175623.998543-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Admin-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: ADMIN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-2708795968-631334427-156177037-1000
Account Name: Admin
Account Domain: Admin-PC
Logon ID: 0x46411
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x30c
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: ADMIN-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 9712
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120212155322.581982-000
Event Type: Audit Success
User:

Computer Name: Admin-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: ADMIN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-2708795968-631334427-156177037-1000
Account Name: Admin
Account Domain: Admin-PC
Logon ID: 0x463ef
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x30c
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: ADMIN-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 9711
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120212155322.581982-000
Event Type: Audit Success
User:

Computer Name: Admin-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: ADMIN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Admin
Account Domain: Admin-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x30c
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Network Address: 127.0.0.1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 9710
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120212155322.581982-000
Event Type: Audit Success
User:

Computer Name: Admin-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 9709
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120212155217.592268-000
Event Type: Audit Success
User:

Computer Name: Admin-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: ADMIN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x240
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 9708
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120212155217.592268-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Lenovo\Bluetooth Software\;C:\Program Files\Lenovo\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"configsetroot"=%SystemRoot%\ConfigSetRoot
"LenovoTestLogFile"=preload.log
"LenovoTestPath"=C:\prdv10\

-----------------EOF-----------------

Re: Dočištění

Napsal: 01 pro 2012 17:06
od vyosek
:arrow: Kdyz spustis MBAM, tak na zalozce Protokoly nic neni :???:

:arrow: Navody mam ve vykani, tak se nediv ze tak budou, nechteji se mi fakt prepisovat :D

:arrow: Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe
  • Ulozte nejlepe na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
  • Kliknete na Report
  • Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte
:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pockejte na dokonceni PreScanu
  • Zvolte moznost Prohledat (scan)
  • Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
  • Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

Re: Dočištění

Napsal: 01 pro 2012 17:08
od Ashok28
Ne, v protokolech nic není.
Vím že se mazal jeden soubor s random názvem z C:\Windows a pak nějaký keyloger a AutoKMS.

Jdu na to :D

Re: Dočištění

Napsal: 01 pro 2012 17:10
od vyosek
:arrow: Tak tam pak jeste odinstaluj ty nelegalni Office :twisted:

Re: Dočištění

Napsal: 01 pro 2012 17:11
od Ashok28
Už se stalo, sice mi bude nadávat že do toho sem se starat neměl ale co už :D Pak se diví, že má takhle zaneřáděnej počítač.

Re: Dočištění

Napsal: 01 pro 2012 17:12
od vyosek
:arrow: Dej mu tam OpenOffice a je to

Re: Dočištění

Napsal: 01 pro 2012 17:16
od Ashok28
Nechám mu to takhle, s OpenOffice by zas neuměl pracovat. Ať si radši koupí originál.

Log z MBR Scan (odstranil sem ty tagy code, vím že to nemáš rád :D):


MBRScan v1.1.1

OS : Windows 7 Service Pack 1 (64 bit)
PROCESSOR : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT : Normal Boot
DATE : 2012/12/01 (ISO 8601) at 17:12:19
________________________________________________________________________________

DISK : Device\Harddisk0\DR0 __WDC WD75 00BPVT-24HXZ (03.0)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK : Device\Harddisk1\DR2 __Ut161 USB2FlashStorage (0.00)
BUS_TYPE : (0x07) USB
USE_PIO : NO
MAX_TRANSFER : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0 698.6 Go [Fixed] ==> 7 MBR Code .

MBR_MD5 : 256664E7C4FD7C8CDC48E60AE4B40A05
MBR_SHA1 : 2C390845C700B01D5C74CF9903BA8FC91AA7E498

Device\Harddisk0\Partition1 200.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 654.7 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition3 14.75 Go 0x12 Diagnostic
Device\Harddisk0\Partition4 29.00 Go 0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR2 480.0 Mo [Removable] ==> Unknown MBR Code

MBR_MD5 : C5BDF83B922FF39CDC5DB89F77E36081
MBR_SHA1 : 0C69CA636B8E66CA9BF231881E6B84F7727C92AD

Device\Harddisk1\Partition1 479.7 Mo 0x0B FAT32 [CHS] __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

DRIVER : C:\windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x035F2000
SIZE : 292.0 Ko

DRIVER : C:\windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BAE000
SIZE : 40.0 Ko

DRIVER : C:\windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C0F000
SIZE : 316.0 Ko

DRIVER : C:\windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C72000
SIZE : 376.0 Ko

DRIVER : C:\windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00CD0000
SIZE : 768.0 Ko

DRIVER : C:\windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E10000
SIZE : 776.0 Ko

DRIVER : C:\windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00ED2000
SIZE : 64.0 Ko

DRIVER : C:\windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00EE2000
SIZE : 348.0 Ko

DRIVER : C:\windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F39000
SIZE : 36.0 Ko

DRIVER : C:\windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00F42000
SIZE : 40.0 Ko

DRIVER : C:\windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00F4C000
SIZE : 204.0 Ko

DRIVER : C:\windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00F7F000
SIZE : 52.0 Ko

DRIVER : C:\windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00F8C000
SIZE : 84.0 Ko

DRIVER : C:\windows\system32\drivers\compbatt.sys => Invisible on the disk
ADDRESS : 0x00FA1000
SIZE : 36.0 Ko

DRIVER : C:\windows\system32\drivers\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00FAA000
SIZE : 48.0 Ko

DRIVER : C:\windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00FB6000
SIZE : 84.0 Ko

DRIVER : C:\windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00D90000
SIZE : 368.0 Ko

DRIVER : C:\windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00FCB000
SIZE : 104.0 Ko

DRIVER : C:\windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x01059000
SIZE : 1.33 Mo

DRIVER : C:\windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x011AD000
SIZE : 36.0 Ko

DRIVER : C:\windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x011B6000
SIZE : 168.0 Ko

DRIVER : C:\windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x011E0000
SIZE : 44.0 Ko

DRIVER : C:\windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x011EB000
SIZE : 64.0 Ko

DRIVER : C:\windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE : 44.0 Ko

DRIVER : C:\windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x0100B000
SIZE : 304.0 Ko

DRIVER : C:\windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x00FE5000
SIZE : 80.0 Ko

DRIVER : C:\windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0120F000
SIZE : 1.64 Mo

DRIVER : C:\windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01484000
SIZE : 376.0 Ko

DRIVER : C:\windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x014E2000
SIZE : 108.0 Ko

DRIVER : C:\windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x014FD000
SIZE : 456.0 Ko

DRIVER : C:\windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x0156F000
SIZE : 68.0 Ko

DRIVER : C:\windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01580000
SIZE : 40.0 Ko

DRIVER : C:\windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x016DD000
SIZE : 968.0 Ko

DRIVER : C:\windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01600000
SIZE : 384.0 Ko

DRIVER : C:\windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01660000
SIZE : 168.0 Ko

DRIVER : C:\windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x0186F000
SIZE : 2.00 Mo

DRIVER : C:\windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01A70000
SIZE : 296.0 Ko

DRIVER : C:\windows\system32\drivers\wd.sys => Invisible on the disk
ADDRESS : 0x01ABA000
SIZE : 32.0 Ko

DRIVER : C:\windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01AC2000
SIZE : 304.0 Ko

DRIVER : C:\windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01B0E000
SIZE : 32.0 Ko

DRIVER : C:\windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01B16000
SIZE : 232.0 Ko

DRIVER : C:\windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01B50000
SIZE : 72.0 Ko

DRIVER : C:\windows\System32\DRIVERS\LhdX64.sys => Invisible on the disk
ADDRESS : 0x01B62000
SIZE : 56.0 Ko

DRIVER : C:\windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01B70000
SIZE : 36.0 Ko

DRIVER : C:\windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01B79000
SIZE : 232.0 Ko

DRIVER : C:\windows\system32\drivers\fbfmon.sys => Invisible on the disk
ADDRESS : 0x01BB3000
SIZE : 80.0 Ko

DRIVER : C:\windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01BC7000
SIZE : 88.0 Ko

DRIVER : C:\windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01800000
SIZE : 192.0 Ko

DRIVER : C:\windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE : 168.0 Ko

DRIVER : C:\windows\system32\DRIVERS\eamonm.sys => Invisible on the disk
ADDRESS : 0x02E4F000
SIZE : 912.0 Ko

DRIVER : C:\windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x02F33000
SIZE : 36.0 Ko

DRIVER : C:\windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x02F3C000
SIZE : 28.0 Ko

DRIVER : C:\windows\system32\DRIVERS\ehdrv.sys => Invisible on the disk
ADDRESS : 0x02F43000
SIZE : 164.0 Ko

DRIVER : C:\windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x02F6C000
SIZE : 56.0 Ko

DRIVER : C:\windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x02F7A000
SIZE : 148.0 Ko

DRIVER : C:\windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x02F9F000
SIZE : 64.0 Ko

DRIVER : C:\windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x02FAF000
SIZE : 36.0 Ko

DRIVER : C:\windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x02FB8000
SIZE : 36.0 Ko

DRIVER : C:\windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x02FC1000
SIZE : 36.0 Ko

DRIVER : C:\windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x02FCA000
SIZE : 44.0 Ko

DRIVER : C:\windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x02FD5000
SIZE : 68.0 Ko

DRIVER : C:\windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x02E00000
SIZE : 136.0 Ko

DRIVER : C:\windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x02E22000
SIZE : 52.0 Ko

DRIVER : C:\windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x03C2A000
SIZE : 276.0 Ko

DRIVER : C:\windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x04288000
SIZE : 548.0 Ko

DRIVER : C:\windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x04311000
SIZE : 36.0 Ko

DRIVER : C:\windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x0431A000
SIZE : 152.0 Ko

DRIVER : C:\windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x04340000
SIZE : 88.0 Ko

DRIVER : C:\windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x04356000
SIZE : 60.0 Ko

DRIVER : C:\windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x04365000
SIZE : 108.0 Ko

DRIVER : C:\windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x04380000
SIZE : 80.0 Ko

DRIVER : C:\windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x04394000
SIZE : 324.0 Ko

DRIVER : C:\windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x043E5000
SIZE : 48.0 Ko

DRIVER : C:\windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x043F1000
SIZE : 44.0 Ko

DRIVER : C:\windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x04200000
SIZE : 60.0 Ko

DRIVER : C:\windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x0420F000
SIZE : 120.0 Ko

DRIVER : C:\windows\system32\drivers\BPntDrv.sys => Invisible on the disk
ADDRESS : 0x0422D000
SIZE : 28.0 Ko

DRIVER : C:\windows\system32\drivers\BOOTVID.dll => Invisible on the disk
ADDRESS : 0x04234000
SIZE : 32.0 Ko

DRIVER : C:\windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x0423C000
SIZE : 68.0 Ko

DRIVER : C:\windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x0424D000
SIZE : 152.0 Ko

DRIVER : C:\windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x09E35000
SIZE : 11.70 Mo

DRIVER : C:\windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x03EFF000
SIZE : 976.0 Ko

DRIVER : C:\windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x03E00000
SIZE : 280.0 Ko

DRIVER : C:\windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x03E46000
SIZE : 68.0 Ko

DRIVER : C:\windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x03E57000
SIZE : 68.0 Ko

DRIVER : C:\windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x03E68000
SIZE : 344.0 Ko

DRIVER : C:\windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x03EBE000
SIZE : 144.0 Ko

DRIVER : C:\windows\system32\DRIVERS\L1C62x64.sys => Invisible on the disk
ADDRESS : 0x03EE2000
SIZE : 84.0 Ko

DRIVER : C:\windows\system32\DRIVERS\athrx.sys => Invisible on the disk
ADDRESS : 0x044DA000
SIZE : 2.57 Mo

DRIVER : C:\windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x0476D000
SIZE : 52.0 Ko

DRIVER : C:\windows\system32\DRIVERS\AcpiVpc.sys => Invisible on the disk
ADDRESS : 0x0477A000
SIZE : 88.0 Ko

DRIVER : C:\windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x04790000
SIZE : 20.0 Ko

DRIVER : C:\windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x04795000
SIZE : 120.0 Ko

DRIVER : C:\windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x04C61000
SIZE : 1.39 Mo

DRIVER : C:\windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x04DC4000
SIZE : 8.0 Ko

DRIVER : C:\windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x04DC6000
SIZE : 60.0 Ko

DRIVER : C:\windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x04DD5000
SIZE : 60.0 Ko

DRIVER : C:\windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x04DE4000
SIZE : 88.0 Ko

DRIVER : C:\windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x04C00000
SIZE : 64.0 Ko

DRIVER : C:\windows\system32\DRIVERS\clwvd.sys => Invisible on the disk
ADDRESS : 0x04C10000
SIZE : 24.0 Ko

DRIVER : C:\windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x04C16000
SIZE : 268.0 Ko

DRIVER : C:\windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x04C59000
SIZE : 24.0 Ko

DRIVER : C:\windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x047B3000
SIZE : 88.0 Ko

DRIVER : C:\windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x047C9000
SIZE : 144.0 Ko

DRIVER : C:\windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x047ED000
SIZE : 48.0 Ko

DRIVER : C:\windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x04400000
SIZE : 188.0 Ko

DRIVER : C:\windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x0442F000
SIZE : 108.0 Ko

DRIVER : C:\windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x0444A000
SIZE : 132.0 Ko

DRIVER : C:\windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x0446B000
SIZE : 104.0 Ko

DRIVER : C:\windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x04C5F000
SIZE : 8.0 Ko

DRIVER : C:\windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x04485000
SIZE : 72.0 Ko

DRIVER : C:\windows\system32\DRIVERS\ew_jubusenum.sys => Invisible on the disk
ADDRESS : 0x04497000
SIZE : 108.0 Ko

DRIVER : C:\windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x0158A000
SIZE : 360.0 Ko

DRIVER : C:\windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x044B2000
SIZE : 84.0 Ko

DRIVER : C:\windows\system32\drivers\CHDRT64.sys => Invisible on the disk
ADDRESS : 0x05466000
SIZE : 1.56 Mo

DRIVER : C:\windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x05400000
SIZE : 244.0 Ko

DRIVER : C:\windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x0543D000
SIZE : 136.0 Ko

DRIVER : C:\windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
ADDRESS : 0x0168A000
SIZE : 332.0 Ko

DRIVER : C:\windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x044C7000
SIZE : 56.0 Ko

DRIVER : C:\windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x03C6F000
SIZE : 1.33 Mo

DRIVER : C:\windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x0A9E7000
SIZE : 76.0 Ko

DRIVER : C:\windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000B0000
SIZE : 3.09 Mo

DRIVER : C:\windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x03FF3000
SIZE : 48.0 Ko

DRIVER : C:\windows\system32\DRIVERS\btwampfl.sys => Invisible on the disk
ADDRESS : 0x026FC000
SIZE : 2.77 Mo

DRIVER : C:\windows\System32\Drivers\BTHUSB.sys => Invisible on the disk
ADDRESS : 0x029C2000
SIZE : 96.0 Ko

DRIVER : C:\windows\System32\Drivers\bthport.sys => Invisible on the disk
ADDRESS : 0x02600000
SIZE : 560.0 Ko

DRIVER : C:\windows\system32\DRIVERS\rfcomm.sys => Invisible on the disk
ADDRESS : 0x0268C000
SIZE : 176.0 Ko

DRIVER : C:\windows\system32\drivers\BthEnum.sys => Invisible on the disk
ADDRESS : 0x026B8000
SIZE : 64.0 Ko

DRIVER : C:\windows\system32\DRIVERS\bthpan.sys => Invisible on the disk
ADDRESS : 0x026C8000
SIZE : 128.0 Ko

DRIVER : C:\windows\system32\DRIVERS\bthmodem.sys => Invisible on the disk
ADDRESS : 0x029DA000
SIZE : 92.0 Ko

DRIVER : C:\windows\system32\drivers\modem.sys => Invisible on the disk
ADDRESS : 0x029F1000
SIZE : 60.0 Ko

DRIVER : C:\windows\system32\DRIVERS\btwavdt.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE : 500.0 Ko

DRIVER : C:\windows\system32\drivers\btwaudio.sys => Invisible on the disk
ADDRESS : 0x02A6A000
SIZE : 544.0 Ko

DRIVER : C:\windows\system32\DRIVERS\btwl2cap.sys => Invisible on the disk
ADDRESS : 0x02AF2000
SIZE : 56.0 Ko

DRIVER : C:\windows\system32\DRIVERS\btwrchid.sys => Invisible on the disk
ADDRESS : 0x02B00000
SIZE : 16.0 Ko

DRIVER : C:\windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x02B04000
SIZE : 100.0 Ko

DRIVER : C:\windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x02B1D000
SIZE : 36.0 Ko

DRIVER : C:\windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x02B26000
SIZE : 116.0 Ko

DRIVER : C:\windows\System32\Drivers\vm332avs.sys => Invisible on the disk
ADDRESS : 0x02B43000
SIZE : 224.0 Ko

DRIVER : C:\windows\System32\Drivers\STREAM.SYS => Invisible on the disk
ADDRESS : 0x02B7B000
SIZE : 68.0 Ko

DRIVER : C:\windows\System32\Drivers\vm2uvcflt.sys => Invisible on the disk
ADDRESS : 0x02B8C000
SIZE : 12.0 Ko

DRIVER : C:\windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x02B8F000
SIZE : 56.0 Ko

DRIVER : C:\windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00460000
SIZE : 40.0 Ko

DRIVER : C:\windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00640000
SIZE : 156.0 Ko

DRIVER : C:\windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x02B9D000
SIZE : 140.0 Ko

DRIVER : C:\windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x02BC0000
SIZE : 100.0 Ko

DRIVER : C:\windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x02BD9000
SIZE : 84.0 Ko

DRIVER : C:\windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x02A00000
SIZE : 332.0 Ko

DRIVER : C:\windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x02A53000
SIZE : 76.0 Ko

DRIVER : C:\windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x09E00000
SIZE : 96.0 Ko

DRIVER : C:\windows\system32\DRIVERS\vwifimp.sys => Invisible on the disk
ADDRESS : 0x02BEE000
SIZE : 40.0 Ko

DRIVER : C:\windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x05214000
SIZE : 804.0 Ko

DRIVER : C:\windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x052DD000
SIZE : 120.0 Ko

DRIVER : C:\windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x052FB000
SIZE : 96.0 Ko

DRIVER : C:\windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x05313000
SIZE : 180.0 Ko

DRIVER : C:\windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x05340000
SIZE : 312.0 Ko

DRIVER : C:\windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0538E000
SIZE : 144.0 Ko

DRIVER : C:\windows\system32\DRIVERS\epfwwfpr.sys => Invisible on the disk
ADDRESS : 0x053B2000
SIZE : 144.0 Ko

DRIVER : C:\windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x05A47000
SIZE : 664.0 Ko

DRIVER : C:\windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x05AED000
SIZE : 44.0 Ko

DRIVER : C:\windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x05AF8000
SIZE : 196.0 Ko

DRIVER : C:\windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x05B29000
SIZE : 72.0 Ko

DRIVER : C:\windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x05B3B000
SIZE : 420.0 Ko

DRIVER : C:\windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x05E24000
SIZE : 608.0 Ko

DRIVER : C:\windows\system32\DRIVERS\asyncmac.sys => Invisible on the disk
ADDRESS : 0x05F2D000
SIZE : 44.0 Ko

DRIVER : C:\windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x05FC4000
SIZE : 216.0 Ko

DRIVER : C:\windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x05F86000
SIZE : 108.0 Ko

DRIVER : C:\windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x05EBC000
SIZE : 216.0 Ko

DRIVER : C:\windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x478B0000
SIZE : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR \Device\Harddisk0\DR0

0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿.
0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹..
0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å.
0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF..
0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.
0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t
0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.
0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ.
0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V.
0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ
0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë.
0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U
0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd
0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu
0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT
0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».
0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2ä
0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í
0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø
0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A 39 14 F6 02 00 00 80 20 em...c{.9.ö....
0x000001C0 21 00 07 9F 06 19 00 08 00 00 00 40 06 00 00 9F !..........@....
0x000001D0 07 19 07 FE FF FF 00 48 06 00 00 10 D6 51 00 FE ...þ...H....ÖQ.þ
0x000001E0 FF FF 0F FE FF FF 00 58 DC 51 00 E8 9F 03 00 FE ...þ...XÜQ.è...þ
0x000001F0 FF FF 12 FE FF FF 00 40 7C 55 F0 26 D8 01 55 AA ...þ...@|Uð&Ø.Uª

_______MBR \Device\Harddisk1\DR2

0x00000000 FA 33 C0 8E D0 BC 00 7C 8B F4 50 07 50 1F FB FC ú3À.м.|.ôP.P.ûü
0x00000010 BF 00 06 B9 00 01 F2 A5 EA 1D 06 00 00 BE BE 07 ¿..¹..ò¥ê....¾¾.
0x00000020 B3 04 80 3C 80 74 0E 80 3C 00 75 1C 83 C6 10 FE ³..<.t..<.u..Æ.þ
0x00000030 CB 75 EF CD 18 8B 14 8B 4C 02 8B EE 83 C6 10 FE ËuïÍ....L..î.Æ.þ
0x00000040 CB 74 1A 80 3C 00 74 F4 BE 8B 06 AC 3C 00 74 0B Ët..<.tô¾..¬<.t.
0x00000050 56 BB 07 00 B4 0E CD 10 5E EB F0 EB FE BF 05 00 V»..´.Í.^ëðëþ¿..
0x00000060 BB 00 7C B8 01 02 57 CD 13 5F 73 0C 33 C0 CD 13 ».|¸..WÍ._s.3ÀÍ.
0x00000070 4F 75 ED BE A3 06 EB D3 BE C2 06 BF FE 7D 81 3D Ouí¾£.ëÓ¾Â.¿þ}.=
0x00000080 55 AA 75 C7 8B F5 EA 00 7C 00 00 49 6E 76 61 6C UªuÇ.õê.|..Inval
0x00000090 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 62 id partition tab
0x000000A0 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E 67 le.Error loading
0x000000B0 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65 operating syste
0x000000C0 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 74 m.Missing operat
0x000000D0 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 00 ing system......
0x000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 00 00 F6 5B F9 D1 00 00 80 01 ........ö[ùÑ....
0x000001C0 01 00 0B 0F E0 7E 20 00 00 00 E0 FD 0E 00 00 00 ....à~ ...àý....
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª



_______________________________Roguekiller log______________________________________

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : Admin [Práva Správcu]
Režim : Kontrola -- Dátum : 12/01/2012 17:14:03

¤¤¤ Škodlivé procesy : 3 ¤¤¤
[SUSP PATH] HWDeviceService64.exe -- C:\ProgramData\DatacardService\HWDeviceService64.exe -> ZASTAVENÉ [TermProc]
[SUSP PATH] ouc.exe -- C:\ProgramData\OnlineUpdate\ouc.exe -> ZASTAVENÉ [TermProc]
[SUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> ZASTAVENÉ [TermProc]

¤¤¤ Záznamy Registrov : 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{D3AE36D9-0E0A-40AC-A3A5-03C98D88751D} : NameServer (213.151.200.31 213.151.208.162) -> NÁJDENÉ
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{D3AE36D9-0E0A-40AC-A3A5-03C98D88751D} : NameServer (213.151.200.31 213.151.208.162) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT3 +++++
--- User ---
[MBR] 256664e7c4fd7c8cdc48e60ae4b40a05
[BSP] a6804ebea791079a05a17a5bc085d08b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 670402 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1373394944 | Size: 29693 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Ut161 USB2FlashStorage USB Device +++++
--- User ---
[MBR] c5bdf83b922ff39cdc5db89f77e36081
[BSP] 5d166d450232411c76441803c1334986 : Standard MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 479 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[1]_S_12012012_02d1714.txt >>
RKreport[1]_S_12012012_02d1714.txt

Re: Dočištění

Napsal: 01 pro 2012 23:02
od vyosek
:arrow: MBRScan je jediny, ktery mi v code nevadi

:arrow: Spustte znovu RogueKiller
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
  • Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Re: Dočištění

Napsal: 02 pro 2012 09:27
od Ashok28
:arrow: On je mezi těmi logy v čitelnosti nějaký rozdíl?

:arrow: Tady jsou logy:

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : Admin [Práva Správcu]
Režim : Odebrať -- Dátum : 12/02/2012 09:18:33

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{D3AE36D9-0E0A-40AC-A3A5-03C98D88751D} : NameServer (213.151.200.31 213.151.208.162) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{D3AE36D9-0E0A-40AC-A3A5-03C98D88751D} : NameServer (213.151.200.31 213.151.208.162) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT3 +++++
--- User ---
[MBR] 256664e7c4fd7c8cdc48e60ae4b40a05
[BSP] a6804ebea791079a05a17a5bc085d08b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 670402 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1373394944 | Size: 29693 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[2]_D_12022012_02d0918.txt >>
RKreport[1]_S_12022012_02d0918.txt ; RKreport[2]_D_12022012_02d0918.txt



_____________________Druhý log_____________________________
RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : Admin [Práva Správcu]
Režim : Oprava HOSTS -- Dátum : 12/02/2012 09:19:38

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 0 ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ Resetovaný HOSTS: ¤¤¤


Dokončené : << RKreport[3]_H_12022012_02d0919.txt >>
RKreport[1]_S_12022012_02d0918.txt ; RKreport[2]_D_12022012_02d0918.txt ; RKreport[3]_H_12022012_02d0919.txt

Re: Dočištění

Napsal: 02 pro 2012 21:15
od vyosek
:arrow: MBRScan primarne produkuje log v code, takze jsem se jej naucil v nem cist. Ostatni logy jsou bezny text(+pripadne BBCode jako napr. OTL), proto je nechci do code

:arrow: Spust CF dle tohoto navodu http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Dočištění

Napsal: 02 pro 2012 21:39
od Ashok28
Tady je log:

ComboFix 12-12-02.01 - Admin . 12. 2012 21:29:33.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4040.2504 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\windows\iun6002.exea
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 20:35 . 2012-12-02 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-01 12:24 . 2012-12-01 12:24 -------- d-----w- C:\rsit
2012-12-01 12:24 . 2012-12-01 12:24 -------- d-----w- c:\program files\trend micro
2012-12-01 11:32 . 2012-12-01 11:32 -------- d-----w- c:\program files\CCleaner
2012-12-01 10:27 . 2012-12-01 10:27 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-12-01 10:27 . 2012-12-01 10:27 -------- d-----w- c:\programdata\Malwarebytes
2012-12-01 10:27 . 2012-12-01 10:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-01 10:27 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-01 06:16 . 2012-12-01 12:10 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D2DDC3C-9017-48A6-9067-2E7F6D15A0A1}\offreg.dll
2012-11-30 15:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D2DDC3C-9017-48A6-9067-2E7F6D15A0A1}\mpengine.dll
2012-11-24 13:15 . 2012-11-24 13:15 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-15 05:25 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 05:25 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 05:25 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 05:25 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 05:19 . 2012-10-08 11:26 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-11-15 02:39 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 02:38 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 02:38 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 08:38 . 2012-11-28 16:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 16:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 16:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-14 17:38 . 2011-12-10 16:55 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-12 17:33 . 2012-10-12 17:34 98304 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-10-12 17:33 . 2012-10-12 17:34 87040 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-10-12 17:33 . 2012-10-12 17:34 72192 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-10-12 17:33 . 2012-10-12 17:34 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-10-12 17:33 . 2012-10-12 17:34 223744 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-10-12 17:33 . 2012-10-12 17:34 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-10-12 17:33 . 2012-10-12 17:34 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-10-12 17:33 . 2012-10-12 17:34 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-10-12 17:33 . 2012-10-12 17:34 422400 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-10-12 17:33 . 2012-10-12 17:34 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-10-12 17:33 . 2012-10-12 17:34 223232 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-10-12 17:33 . 2012-10-12 17:34 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-10-12 17:33 . 2012-10-12 17:34 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-10-12 17:33 . 2012-10-12 17:34 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-10-03 03:29 . 2012-07-22 19:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-10-03 03:29 . 2012-07-22 19:02 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-09-30 06:10 . 2012-05-27 13:41 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-09-30 06:10 . 2012-05-27 13:40 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-14 19:19 . 2012-10-10 15:15 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 15:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-07 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-09-24 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [2012-10-12 655712]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-10-12 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-12 13952]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-10-12 98304]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-10-12 28672]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-10-12 223744]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2009-10-08 23040]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2009-10-08 73216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-11 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-09-24 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-09-24 39008]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-09-24 13408]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-09-24 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-10-12 87040]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [2010-09-21 15056]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-12-10 234960]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000Core.job
- c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 07:53]
.
2012-12-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000UA.job
- c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-29 07:53]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 08:01]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 08:01]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 05:59]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 05:59]
.
2012-12-02 c:\windows\Tasks\Norton Security Scan for Admin.job
- c:\progra~2\NORTON~2\Engine\370~1.18\Nss.exe [2012-01-31 02:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-09-24 08:09 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-09-24 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-09-24 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-09-24 5908928]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D3AE36D9-0E0A-40AC-A3A5-03C98D88751D}: NameServer = 213.151.200.31 213.151.208.162
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-02 21:36:25
ComboFix-quarantined-files.txt 2012-12-02 20:36
.
Pre-Run: 615 364 190 208 bytes free
Post-Run: 615 221 821 440 bytes free
.
- - End Of File - - 2A2E8A3C62861CA41E7A08BFDD6693D9

Re: Dočištění

Napsal: 03 pro 2012 08:36
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=-
"UpdatePRCShortCut"=-
"BCSSync"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

File::
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000UA.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2708795968-631334427-156177037-1000UA.job
C:\windows\tasks\Norton Security Scan for Admin.job

Collect::
C:\windows\tasks\AutoKMS.job
C:\windows\tasks\AutoKMSDaily.job

AtJob::

NoMbr::

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Dočištění

Napsal: 03 pro 2012 13:43
od Ashok28
Nechal sem ho spuštěný dvě hodiny a nic se nestalo. Zaseklo se to na tom, že Combofix skenuje soubory a může to trvat až 10 minut. Nefunguje to ani v nouzáku. Skusil bych to smazat v OTL ale nevím jak vykonat ty příkazy NoMbr a AtJob.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz