VIRY.CZ

Přeji hezký večer,

prosím o kontrolu logu, předem děkuji....

log :

Logfile of random's system information tool 1.08 (written by random/random)
Run by Pavlína at 2013-03-15 20:06:17
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 402 GB (88%) free of 456 GB
Total RAM: 3691 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:06:25, on 15.3.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Pavlína.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{6633294C-C7EF-4EC4-843D-278B028088D3}: NameServer = 172.31.30.139
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9823 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 3298240
\??\C:\Windows\system32\conhost.exe "1412059626-527266041-13683926331600141786-880953822600935023-1400521030-1654673902
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2276
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
atieclxx
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {92BC92A9-34CA-4D2D-BB40-922335AD2F44}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Users\Pavlína\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForPavlína.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-03-07 1497560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-03-07 1497560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2011-01-11 6602856]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2837288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2012-12-18 38112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery]
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2011-05-17 61112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2011-06-14 587320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPOSD]
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-06-13 336440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPQuickWebProxy]
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-06-28 168504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefault]
C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [2011-06-27 42808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-05 336384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2011-06-16 1333024]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2011-08-10 52920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-03-15 20:06:18 ----D---- C:\Program Files\trend micro
2013-03-15 20:06:17 ----D---- C:\rsit
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\wextract.exe
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\url.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\occache.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\msls31.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\mshta.exe
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\inseng.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\icardie.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2013-03-15 19:20:32 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2013-03-15 19:20:32 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-03-15 19:20:32 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-03-15 19:20:32 ----A---- C:\Windows\system32\msrating.dll
2013-03-15 19:20:32 ----A---- C:\Windows\system32\iertutil.dll
2013-03-15 19:20:32 ----A---- C:\Windows\system32\elshyph.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\wininet.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\wextract.exe
2013-03-15 19:20:31 ----A---- C:\Windows\system32\webcheck.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\vbscript.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\urlmon.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\url.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-03-15 19:20:31 ----A---- C:\Windows\system32\pngfilt.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\occache.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\msls31.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\mshtmlmedia.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\mshtmler.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\mshtml.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\mshta.exe
2013-03-15 19:20:31 ----A---- C:\Windows\system32\msfeedssync.exe
2013-03-15 19:20:31 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\licmgr10.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\jscript9.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\jscript.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\inseng.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\imgutil.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\iexpress.exe
2013-03-15 19:20:31 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-15 19:20:31 ----A---- C:\Windows\system32\ieui.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\iesysprep.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\iesetup.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\iernonce.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\iepeers.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\ieframe.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\iedkcs32.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\ieapfltr.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\ie4uinit.exe
2013-03-15 19:20:31 ----A---- C:\Windows\system32\icardie.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\dxtrans.dll
2013-03-15 19:20:31 ----A---- C:\Windows\system32\dxtmsft.dll
2013-03-15 19:18:51 ----D---- C:\Users\Pavlína\AppData\Roaming\Malwarebytes
2013-03-15 19:18:42 ----D---- C:\ProgramData\Malwarebytes
2013-03-15 19:18:38 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-15 19:18:38 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-03-15 19:16:48 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-03-15 19:16:48 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-03-15 19:16:47 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-03-15 19:16:40 ----A---- C:\Windows\system32\drivers\TsUsbGD.sys
2013-03-15 19:16:40 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2013-03-15 19:16:39 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2013-03-15 19:16:35 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll
2013-03-15 19:16:35 ----A---- C:\Windows\system32\wksprtPS.dll
2013-03-15 19:16:35 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-03-15 19:16:35 ----A---- C:\Windows\system32\tsgqec.dll
2013-03-15 19:16:34 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2013-03-15 19:16:34 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2013-03-15 19:16:34 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2013-03-15 19:16:34 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2013-03-15 19:16:34 ----A---- C:\Windows\system32\TSWbPrxy.exe
2013-03-15 19:16:34 ----A---- C:\Windows\system32\rdpudd.dll
2013-03-15 19:16:34 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2013-03-15 19:16:34 ----A---- C:\Windows\system32\aaclient.dll
2013-03-15 19:16:33 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2013-03-15 19:16:33 ----A---- C:\Windows\system32\wksprt.exe
2013-03-15 19:16:33 ----A---- C:\Windows\system32\rdpendp_winip.dll
2013-03-15 19:16:33 ----A---- C:\Windows\system32\mstsc.exe
2013-03-15 19:16:32 ----A---- C:\Windows\system32\rdpcorets.dll
2013-03-15 19:16:31 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2013-03-15 19:16:30 ----A---- C:\Windows\system32\mstscax.dll
2013-03-15 19:12:23 ----A---- C:\Windows\system32\schannel.dll
2013-03-15 19:12:22 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-03-15 19:12:22 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-03-15 19:12:22 ----A---- C:\Windows\system32\drivers\cng.sys
2013-03-15 19:12:21 ----A---- C:\Windows\system32\lsasrv.dll
2013-03-15 19:12:20 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-03-15 19:12:20 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-03-15 19:12:16 ----A---- C:\Windows\system32\drivers\usb8023x.sys
2013-03-15 19:12:16 ----A---- C:\Windows\system32\drivers\usb8023.sys
2013-03-15 19:12:13 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2013-03-15 19:12:13 ----A---- C:\Windows\system32\qdvd.dll
2013-03-15 17:51:14 ----D---- C:\Windows\pss
2013-03-15 17:49:45 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-03-15 17:49:43 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-03-13 22:24:45 ----D---- C:\Program Files\Microsoft Silverlight
2013-03-13 22:24:45 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-02-28 20:45:32 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2013-02-28 20:45:32 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2013-02-28 20:45:32 ----A---- C:\Windows\system32\UIAnimation.dll
2013-02-28 20:45:32 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2013-02-28 20:45:20 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2013-02-28 20:45:20 ----A---- C:\Windows\system32\WMPhoto.dll
2013-02-28 20:45:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-28 20:45:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-28 20:45:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-28 20:45:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-28 20:45:06 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-28 20:45:06 ----AH---- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-28 20:45:06 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-28 20:45:06 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-28 20:45:06 ----A---- C:\Windows\system32\d3d10_1.dll
2013-02-28 20:45:05 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2013-02-28 20:45:05 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2013-02-28 20:45:04 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2013-02-28 20:45:04 ----A---- C:\Windows\system32\d3d10warp.dll
2013-02-28 20:45:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-28 20:45:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-28 20:45:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-28 20:45:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-28 20:45:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-28 20:45:03 ----AH---- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-28 20:45:03 ----AH---- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-28 20:45:03 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-28 20:45:03 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-28 20:45:03 ----AH---- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-28 20:45:03 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2013-02-28 20:45:03 ----A---- C:\Windows\SYSWOW64\dxgi.dll
2013-02-28 20:45:02 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2013-02-28 20:45:02 ----A---- C:\Windows\SYSWOW64\d3d10core.dll
2013-02-28 20:45:02 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2013-02-28 20:45:02 ----A---- C:\Windows\system32\dxgi.dll
2013-02-28 20:45:02 ----A---- C:\Windows\system32\d3d10level9.dll
2013-02-28 20:45:02 ----A---- C:\Windows\system32\d3d10core.dll
2013-02-28 20:45:01 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2013-02-28 20:45:01 ----A---- C:\Windows\system32\d3d11.dll
2013-02-28 20:45:01 ----A---- C:\Windows\system32\d3d10_1core.dll
2013-02-28 20:45:00 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2013-02-28 20:45:00 ----A---- C:\Windows\SYSWOW64\d3d10.dll
2013-02-28 20:45:00 ----A---- C:\Windows\system32\d3d10.dll
2013-02-28 20:44:59 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2013-02-28 20:44:59 ----A---- C:\Windows\system32\XpsPrint.dll
2013-02-28 20:44:58 ----A---- C:\Windows\SYSWOW64\WindowsCodecsExt.dll
2013-02-28 20:44:58 ----A---- C:\Windows\system32\FntCache.dll
2013-02-28 20:44:58 ----A---- C:\Windows\system32\DWrite.dll
2013-02-28 20:44:57 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-02-28 20:44:57 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2013-02-28 20:44:56 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-02-28 20:44:56 ----A---- C:\Windows\system32\d2d1.dll
2013-02-28 20:44:55 ----A---- C:\Windows\SYSWOW64\d2d1.dll

======List of files/folders modified in the last 1 months======

2013-03-15 20:06:21 ----D---- C:\Windows\Temp
2013-03-15 20:06:18 ----RD---- C:\Program Files
2013-03-15 19:57:40 ----D---- C:\Windows\system32\config
2013-03-15 19:49:43 ----D---- C:\Program Files (x86)\Opera
2013-03-15 19:47:08 ----D---- C:\Windows\inf
2013-03-15 19:45:48 ----D---- C:\Users\Pavlína\AppData\Roaming\Skype
2013-03-15 19:44:51 ----D---- C:\Windows\system32\Tasks
2013-03-15 19:40:29 ----D---- C:\Windows
2013-03-15 19:40:24 ----D---- C:\Windows\winsxs
2013-03-15 19:39:23 ----D---- C:\Windows\Panther
2013-03-15 19:37:17 ----D---- C:\Windows\System32
2013-03-15 19:34:43 ----D---- C:\Windows\SysWOW64
2013-03-15 19:34:41 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-03-15 19:34:41 ----D---- C:\Program Files\Internet Explorer
2013-03-15 19:34:41 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-15 19:34:37 ----D---- C:\Windows\system32\cs-CZ
2013-03-15 19:34:28 ----D---- C:\Windows\SYSWOW64\wbem
2013-03-15 19:34:28 ----D---- C:\Windows\SYSWOW64\sk-SK
2013-03-15 19:34:28 ----D---- C:\Windows\SYSWOW64\migration
2013-03-15 19:34:26 ----D---- C:\Windows\SYSWOW64\en-US
2013-03-15 19:34:20 ----D---- C:\Windows\PolicyDefinitions
2013-03-15 19:34:19 ----D---- C:\Windows\system32\wbem
2013-03-15 19:34:19 ----D---- C:\Windows\system32\sk-SK
2013-03-15 19:34:19 ----D---- C:\Windows\system32\migration
2013-03-15 19:34:18 ----D---- C:\Windows\system32\en-US
2013-03-15 19:34:06 ----D---- C:\Windows\system32\drivers\en-US
2013-03-15 19:34:06 ----D---- C:\Windows\system32\drivers
2013-03-15 19:33:57 ----D---- C:\Windows\system32\DriverStore
2013-03-15 19:32:31 ----D---- C:\Windows\Logs
2013-03-15 19:31:21 ----D---- C:\Windows\system32\catroot
2013-03-15 19:27:30 ----D---- C:\Windows\system32\catroot2
2013-03-15 19:18:42 ----HD---- C:\ProgramData
2013-03-15 19:18:38 ----RD---- C:\Program Files (x86)
2013-03-15 19:13:05 ----SHD---- C:\System Volume Information
2013-03-15 19:00:10 ----D---- C:\Program Files\Google
2013-03-15 19:00:10 ----D---- C:\Program Files (x86)\Google
2013-03-15 17:56:54 ----SHD---- C:\Windows\Installer
2013-03-15 17:56:28 ----SD---- C:\ProgramData\Microsoft
2013-03-15 17:56:28 ----D---- C:\Program Files (x86)\Microsoft
2013-03-15 16:08:54 ----D---- C:\Windows\Tasks
2013-03-14 10:20:07 ----D---- C:\Windows\AppPatch
2013-03-13 22:30:07 ----A---- C:\Windows\system32\MRT.exe
2013-03-13 21:13:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-03-08 21:48:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-07 00:32:22 ----A---- C:\Windows\system32\aswBoot.exe
2013-02-28 21:04:19 ----D---- C:\Windows\SYSWOW64\pt-BR
2013-02-28 21:04:18 ----D---- C:\Windows\SYSWOW64\zh-HK
2013-02-28 21:04:18 ----D---- C:\Windows\SYSWOW64\pt-PT
2013-02-28 21:04:18 ----D---- C:\Windows\SYSWOW64\pl-PL
2013-02-28 21:04:18 ----D---- C:\Windows\SYSWOW64\ko-KR
2013-02-28 21:04:18 ----D---- C:\Windows\SYSWOW64\it-IT
2013-02-28 21:04:18 ----D---- C:\Windows\SYSWOW64\hu-HU
2013-02-28 21:04:18 ----D---- C:\Windows\SYSWOW64\el-GR
2013-02-28 21:04:17 ----D---- C:\Windows\SYSWOW64\nl-NL
2013-02-28 21:04:17 ----D---- C:\Windows\SYSWOW64\fr-FR
2013-02-28 21:04:16 ----D---- C:\Windows\SYSWOW64\zh-TW
2013-02-28 21:04:16 ----D---- C:\Windows\SYSWOW64\tr-TR
2013-02-28 21:04:16 ----D---- C:\Windows\SYSWOW64\sv-SE
2013-02-28 21:04:16 ----D---- C:\Windows\SYSWOW64\fi-FI
2013-02-28 21:04:16 ----D---- C:\Windows\SYSWOW64\es-ES
2013-02-28 21:04:16 ----D---- C:\Windows\SYSWOW64\de-DE
2013-02-28 21:04:15 ----D---- C:\Windows\SYSWOW64\zh-CN
2013-02-28 21:04:14 ----D---- C:\Windows\SYSWOW64\ru-RU
2013-02-28 21:04:14 ----D---- C:\Windows\SYSWOW64\ja-JP
2013-02-28 21:04:13 ----D---- C:\Windows\SYSWOW64\nb-NO
2013-02-28 21:04:13 ----D---- C:\Windows\SYSWOW64\da-DK
2013-02-28 21:04:10 ----D---- C:\Windows\system32\pt-PT
2013-02-28 21:04:10 ----D---- C:\Windows\system32\pt-BR
2013-02-28 21:04:10 ----D---- C:\Windows\system32\it-IT
2013-02-28 21:04:09 ----D---- C:\Windows\system32\pl-PL
2013-02-28 21:04:09 ----D---- C:\Windows\system32\ko-KR
2013-02-28 21:04:09 ----D---- C:\Windows\system32\hu-HU
2013-02-28 21:04:08 ----D---- C:\Windows\system32\zh-HK
2013-02-28 21:04:07 ----D---- C:\Windows\system32\nl-NL
2013-02-28 21:04:07 ----D---- C:\Windows\system32\fr-FR
2013-02-28 21:04:07 ----D---- C:\Windows\system32\fi-FI
2013-02-28 21:04:07 ----D---- C:\Windows\system32\el-GR
2013-02-28 21:04:06 ----D---- C:\Windows\system32\tr-TR
2013-02-28 21:04:06 ----D---- C:\Windows\system32\sv-SE
2013-02-28 21:04:05 ----D---- C:\Windows\system32\zh-TW
2013-02-28 21:04:05 ----D---- C:\Windows\system32\zh-CN
2013-02-28 21:04:05 ----D---- C:\Windows\system32\es-ES
2013-02-28 21:04:05 ----D---- C:\Windows\system32\de-DE
2013-02-28 21:04:03 ----D---- C:\Windows\system32\ru-RU
2013-02-28 21:04:03 ----D---- C:\Windows\system32\nb-NO
2013-02-28 21:04:03 ----D---- C:\Windows\system32\ja-JP
2013-02-28 21:04:03 ----D---- C:\Windows\system32\da-DK
2013-02-22 10:48:30 ----D---- C:\Windows\rescache
2013-02-22 09:31:24 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-03-07 65336]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-03-07 70992]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-03-07 1025808]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-03-07 377920]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-03-07 68920]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-03-07 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-03-07 80816]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-06 9359872]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-06 309760]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-09-03 4729408]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-01-12 2709224]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 396848]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-11-30 44672]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-03-07 178624]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2011-06-16 133160]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-06-15 620584]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-06-15 165416]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2011-06-15 178728]
S3 BTWDPAN;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\btwdpan.sys [2011-05-21 89640]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-02-14 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-06-15 21544]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 19968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-06 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-06-16 1083680]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-06-16 103992]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-06-16 814648]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-11-19 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-01 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

info :

info.txt logfile of random's system information tool 1.08 2013-03-15 20:06:30

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Gun Bros\Uninstall.exe"
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -maintain activex
Adobe Reader X (10.1.6) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Agatha Christie - Peril at End House-->"C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\uninstall\uninstaller.exe"
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Media Foundation Decoders-->MsiExec.exe /X{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}
ATI Catalyst Install Manager-->msiexec /q/x{6153098B-60DB-6A9F-EA0F-B006A96B57D5} REBOOT=ReallySuppress
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Bejeweled 3-->"C:\Program Files (x86)\HP Games\Bejeweled 3\uninstall\uninstaller.exe"
Blackhawk Striker 2-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\uninstall\uninstaller.exe"
Blasterball 3-->"C:\Program Files (x86)\HP Games\Blasterball 3\uninstall\uninstaller.exe"
Bounce Symphony-->"C:\Program Files (x86)\HP Games\Bounce Symphony\uninstall\uninstaller.exe"
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver" driver
Broadcom Bluetooth Software-->MsiExec.exe /X{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}
Broadcom InConcert Maestro-->MsiExec.exe /X{57DD35E9-D9BB-4089-BB05-EF933C586CB3}
Cake Mania-->"C:\Program Files (x86)\HP Games\Cake Mania\uninstall\uninstaller.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{F30403FF-0146-4633-AAC5-D5CD5C50AE70}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Compaq Setup Manager-->MsiExec.exe /I{AE856388-AFAD-4753-81DF-D96B19D0A17C}
Cradle of Rome 2-->"C:\Program Files (x86)\HP Games\Cradle of Rome 2\uninstall\uninstaller.exe"
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
ESU for Microsoft Windows 7 SP1-->MsiExec.exe /I{E96CAA2A-0244-4A2A-8403-0C3C9534778B}
Evernote v. 4.2.3-->MsiExec.exe /X{F761359C-9CED-45AE-9A51-9D6605CD55C4}
Farm Frenzy-->"C:\Program Files (x86)\HP Games\Farm Frenzy\uninstall\uninstaller.exe"
FATE-->"C:\Program Files (x86)\HP Games\FATE\uninstall\uninstaller.exe"
Final Drive: Nitro-->"C:\Program Files (x86)\HP Games\Final Drive Nitro\uninstall\uninstaller.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Governor of Poker 2 Premium Edition-->"C:\Program Files (x86)\HP Games\Governor of Poker 2 Premium Edition\uninstall\uninstaller.exe"
Hewlett-Packard ACLM.NET v1.1.2.0-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
HP Auto-->MsiExec.exe /I{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}
HP Client Services-->MsiExec.exe /I{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Documentation-->MsiExec.exe /X{68A55875-B6DD-41E8-8CF6-F193D9C47051}
HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
HP Launch Box-->MsiExec.exe /I{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}
HP On Screen Display-->MsiExec.exe /I{D7670221-BF9B-4DFF-B26B-5BE55A87329F}
HP Power Manager-->MsiExec.exe /I{872B1C80-38EC-4A31-A25C-980820593900}
HP Quick Launch-->MsiExec.exe /I{BB1C717E-376C-4AA1-8940-81BFC38D9778}
HP QuickWeb-->MsiExec.exe /X{8B52057C-15DB-433E-957C-E279BC7D07E3}
HP Setup-->MsiExec.exe /X{5036764A-435D-40C9-869C-31085A3D741D}
HP Software Framework-->MsiExec.exe /X{538E13B0-3CAF-436F-AF78-7863A6F9E2A5}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe" -runfromtemp -l0x0409 -removeonly
Chronicles of Albian-->"C:\Program Files (x86)\HP Games\Chronicles of Albian\uninstall\uninstaller.exe"
Chuzzle Deluxe-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\uninstall\uninstaller.exe"
Jewel Quest: The Sleepless Star - Collector's Edition-->"C:\Program Files (x86)\HP Games\Jewel Quest The Sleepless Star - Collectors Edition\uninstall\uninstaller.exe"
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
Mah Jong Medley-->"C:\Program Files (x86)\HP Games\Mah Jong Medley\uninstall\uninstaller.exe"
Malwarebytes Anti-Malware verze 1.70.0.1100-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft Office Klikni a spusť 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Microsoft Office Klikni a spusť 2010-->MsiExec.exe /I{90140000-006D-0405-1000-0000000FF1CE}
Microsoft Office Starter 2010 - čeština-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0405-0000-0000000FF1CE}
Microsoft PowerPoint Viewer-->MsiExec.exe /X{95140000-00AF-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
Mystery of Mortlake Mansion-->"C:\Program Files (x86)\HP Games\Mystery of Mortlake Mansion\uninstall\uninstaller.exe"
Namco All-Stars: PAC-MAN-->"C:\Program Files (x86)\HP Games\Namco All-Stars PAC-MAN\uninstall\uninstaller.exe"
OpenOffice.org 3.3-->MsiExec.exe /I{D5B94160-4A07-4956-9C73-8C5EEFEF180F}
Opera 12.14-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení-->MsiExec.exe /I{B6190387-0036-4BEB-8D74-A0AFC5F14706}
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia-->MsiExec.exe /I{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}
Penguins!-->"C:\Program Files (x86)\HP Games\Penguins!\uninstall\uninstaller.exe"
Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\HP Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe"
Poker Superstars III-->"C:\Program Files (x86)\HP Games\Poker Superstars III\uninstall\uninstaller.exe"
Polar Bowler-->"C:\Program Files (x86)\HP Games\Polar Bowler\uninstall\uninstaller.exe"
Polar Golfer-->"C:\Program Files (x86)\HP Games\Polar Golfer\uninstall\uninstaller.exe"
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly
Recovery Manager-->MsiExec.exe /I{DBCD5E64-7379-4648-9444-8A6558DCB614}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP
Skype™ 6.1-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Slingo Supreme-->"C:\Program Files (x86)\HP Games\Slingo Supreme\uninstall\uninstaller.exe"
Synaptics TouchPad Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"
Vacation Quest - The Hawaiian Islands-->"C:\Program Files (x86)\HP Games\Vacation Quest - The Hawaiian Islands\uninstall\uninstaller.exe"
Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\HP Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe"
WildTangent Games App (HP Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Fotogaléria-->MsiExec.exe /X{97F77D62-5110-4FA3-A2D3-410B92D31199}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{D07A61E5-A59C-433C-BCBD-22025FA2287B}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C454280F-3C3E-4929-B60E-9E6CED5717E7}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mail-->MsiExec.exe /I{FA6CF94F-DACF-4FE7-959D-55C421B91B17}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{80E8C65A-8F70-4585-88A2-ABC54BABD576}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger-->MsiExec.exe /X{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}
Windows Live Messenger-->MsiExec.exe /X{50300123-F8FC-4B50-B449-E847D04F1BA2}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}
Windows Live Photo Common-->MsiExec.exe /X{6F37D92B-41AA-44B7-80D2-457ABDE11896}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{3921492E-82D2-4180-8124-E347AD2F2DB4}
Windows Live Remote Client Resources-->MsiExec.exe /I{5F44A3A1-5D24-4708-8776-66B42B174C64}
Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}
Windows Live Remote Service Resources-->MsiExec.exe /I{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}
Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{5E627606-53B9-42D1-97E1-D03F6229E248}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}
Windows Live Writer Resources-->MsiExec.exe /X{AB78C965-5C67-409B-8433-D7B5BDB12073}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{11778DA1-0495-4ED9-972F-F9E0B0367CD5}
Windows Live Writer-->MsiExec.exe /X{4264C020-850B-4F08-ACBE-98205D9C336C}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Zuma Deluxe-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\uninstall\uninstaller.exe"

======System event log======

Computer Name: Pavlí
Event Code: 7036
Message: Stav služby avast! Antivirus byl změněn na: Spuštěno
Record Number: 113221
Source Name: Service Control Manager
Time Written: 20121018111259.205648-000
Event Type: Informace
User:

Computer Name: Pavlí
Event Code: 7036
Message: Stav služby Rozpoznávání hardwaru byl změněn na: Spuštěno
Record Number: 113220
Source Name: Service Control Manager
Time Written: 20121018111258.534847-000
Event Type: Informace
User:

Computer Name: Pavlí
Event Code: 10001
Message: Rozšiřující modul sítě WLAN byl úspěšně spuštěn.

Cesta k modulu: C:\Windows\System32\bcmihvsrv64.dll

Record Number: 113219
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20121018111258.347646-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Pavlí
Event Code: 4000
Message: Služba automatické konfigurace sítě WLAN byla úspěšně spuštěna.

Record Number: 113218
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20121018111258.082446-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Pavlí
Event Code: 7036
Message: Stav služby Automatická konfigurace sítě WLAN byl změněn na: Spuštěno
Record Number: 113217
Source Name: Service Control Manager
Time Written: 20121018111258.082446-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: Pavlí
Event Code: 0
Message: Requires:C:\Program Files (x86)\Hewlett-Packard\HP Setup
Record Number: 1644
Source Name: HP Total Care Setup Updater
Time Written: 20111019161049.000000-000
Event Type: Informace
User:

Computer Name: Pavlí
Event Code: 0
Message: Expanded Env:HPSOFTWAREUISYSTEMPATH
Record Number: 1643
Source Name: HP Total Care Setup Updater
Time Written: 20111019161049.000000-000
Event Type: Informace
User:

Computer Name: Pavlí
Event Code: 0
Message: Current:C:\ProgramData\Hewlett-Packard\HP Setup
Record Number: 1642
Source Name: HP Total Care Setup Updater
Time Written: 20111019161049.000000-000
Event Type: Informace
User:

Computer Name: Pavlí
Event Code: 0
Message: Requires:C:\ProgramData\Hewlett-Packard\HP Setup
Record Number: 1641
Source Name: HP Total Care Setup Updater
Time Written: 20111019161049.000000-000
Event Type: Informace
User:

Computer Name: Pavlí
Event Code: 0
Message: Expanded Env:HPSOFTWAREUIALLUSERPATH
Record Number: 1640
Source Name: HP Total Care Setup Updater
Time Written: 20111019161049.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Pavlí
Event Code: 4616
Message: Systémový čas byl změněn.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Informace o procesu:
ID procesu: 0x40c
Název: C:\Windows\System32\svchost.exe

Předchozí čas: ?2011?-?12?-?22T16:32:55.847742700Z
Nový čas: ?2011?-?12?-?22T16:33:04.261935700Z

Tato událost je generována, pokud je změněn systémový čas. Je normální, že systémový čas, který používá systémové oprávnění, se mění pravidelně. Jiné změny systémového času mohou označovat pokusy o manipulaci s počítačem.
Record Number: 2004
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111222163304.261935-000
Event Type: Úspěšný audit
User:

Computer Name: Pavlí
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 2003
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111222163243.707593-000
Event Type: Úspěšný audit
User:

Computer Name: Pavlí
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: PAVLÍ$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x250
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2002
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111222163243.707593-000
Event Type: Úspěšný audit
User:

Computer Name: Pavlí
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 2001
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111222163158.342714-000
Event Type: Úspěšný audit
User:

Computer Name: Pavlí
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: PAVLÍ$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x250
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2000
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111222163158.342714-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Broadcom\Broadcom 802.11\Driver;;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files\Broadcom\WHL\SysWow64\syswow64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=20
"PROCESSOR_IDENTIFIER"=AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0200
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Presario
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\

-----------------EOF-----------------

Děkuji velmi pěkně ...

Zdravim

Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Search a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

Log z ADWCleaner :

# AdwCleaner v2.114 - Logfile created 03/16/2013 at 09:48:13
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Pavlína - PAVLÍ
# Boot Mode : Normal
# Running from : C:\Users\Pavlína\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-655571733-3860231499-934398211-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Pavlína\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Users\Pavlína\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1434 octets] - [16/03/2013 09:47:02]
AdwCleaner[R2].txt - [1369 octets] - [16/03/2013 09:48:13]

########## EOF - C:\AdwCleaner[R2].txt - [1429 octets] ##########

Mbam jdu spustit nyní...
Děkuji ....

Fajn

A zde je log z kompletní kontroly Mbamem :

Malwarebytes Anti-Malware 1.70.0.1100
http://www.malwarebytes.org

Verze: v2013.03.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Pavlína :: PAVLÍ [administrátor]

16.3.2013 9:50:58
mbam-log-2013-03-16 (09-50-58).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|Q:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 329897
Uplynulý čas: 1 hodin, 2 minut, 8 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

MBAM muzete odinstalovat.

Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Delete
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner [S1].txt ). Ten mi sem zase zkopirujte.

Je s pc nejaky problem? Nebo jde ciste jen o preventivku?

Log z ADWCleaner :

# AdwCleaner v2.114 - Logfile created 03/16/2013 at 11:19:08
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Pavlína - PAVLÍ
# Boot Mode : Normal
# Running from : C:\Users\Pavlína\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Pavlína\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Users\Pavlína\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1434 octets] - [16/03/2013 09:47:02]
AdwCleaner[R2].txt - [1494 octets] - [16/03/2013 09:48:13]
AdwCleaner[R3].txt - [1554 octets] - [16/03/2013 11:15:14]
AdwCleaner[S1].txt - [1344 octets] - [16/03/2013 11:19:08]

########## EOF - C:\AdwCleaner[S1].txt - [1404 octets] ##########

k otázce :
není to můj ntb, kamarádka ho donesla, že ji tam stále vyskakuje hláška o plném disku ( jedná se o disk : hp_tools - ntb tam provádí nějaké zálohy ), při aktualizaci Avastu mi vyběhla hláška o nějakém Rootkitu (a hned se PC restartnul) a následně po něm nebylo ani vidu ani slechu - tak pro jistotu ....

Další pro mě podivnou věcí je, že ntb žere stále okolo 1.4 GB ramky a procesor jede stále okolo 20% a je spuštěno 70 procesů (z programů zde jede snad jen Skype) ....

Děkuji ...

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Najdete tento soubor C:\Program Files\trend micro\Pavlína.exe , kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Kliknete na Main menu a na Do a system scan only
U techto radku dejte vlevo zatrzitko

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CPNTDF
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

Kliknete na nápis Fix checked a potvrdte

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
AdobeARMservice
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForPavlína.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] /64

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

Zkuste se mrknout do truhly Avastu a napsat mi nazev a umisteni toho rootkitu.

Pokud je disk plny, bude proste muset neco premistit. Mozna po procisteni a defragmentaci nejake misto pribude, ale jiste to neni

Ta RAMka, to neni nic zvlastniho.

Pocet procesu je taky v poradku, ale to vytizeni procesoru je vyssi, nez by melo byt. Mrknem na to, jestli se tam neco neukryva.

Omlouvám se za odmlku - rodinná návštěva ...

Zde log z OTM :

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pavlína
->Temp folder emptied: 23139085 bytes
->Temporary Internet Files folder emptied: 364603721 bytes
->Google Chrome cache emptied: 7537970 bytes
->Opera cache emptied: 10643522 bytes
->Flash cache emptied: 5782 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 418740119 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50769 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 787,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Pavlína
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\HPCeeScheduleForPavlína.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg\ deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 03162013_141119

Files moved on Reboot...
C:\Users\Pavlína\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Pavlína\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File C:\Windows\temp\_avast_\Webshlock.txt not found!
C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...

Jinak co se toho rootkitu týká - právě že v truhle nic není a ani v protokolu nic nefiguruje = test po restartu u avastu proběhl a vše v pořádku .....

Mám ntb, kde mám také win764, na ramce to ukazuje 0.8 - 0.9 po startu a procesů okolo 50-55 .... Tak jsem si nebyl jistý ....

Otázkou je, zda ono "vytížení" procesoru nemůže dělat třeba nastavení napajecích profilů?

Neni zac se omlouvat, ja taky nesedim u pc nonstop

Ono zalezi na tom, jestli ten procesor takhle bezel vzdy, nebo je to nova zalezitost.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

Log :

RogueKiller V8.5.3 [Mar 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Pavlína [Práva správce]
Mód : Kontrola -- Datum : 03/16/2013 14:45:40
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{6633294C-C7EF-4EC4-843D-278B028088D3} : NameServer (172.31.30.139) -> NALEZENO
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{6633294C-C7EF-4EC4-843D-278B028088D3} : NameServer (172.31.30.139) -> NALEZENO
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547550A9E384 SATA Disk Device +++++
--- User ---
[MBR] 7171d0871ecf422c6f1e6468e9514b75
[BSP] f6be99a16529a7bbd022531c496ff447 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 456107 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 934516736 | Size: 16569 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_03162013_02d1445.txt >>
RKreport[1]_S_03162013_02d1445.txt

Na otázku, jak dlouho to procesor dělá a pokud je to klasický stav bohužel nedokáži odpovědět - ntb není můj a předpokládám, že kamarádka si takových věcí nevšímá....

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

1.log :

RogueKiller V8.5.3 [Mar 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Pavlína [Práva správce]
Mód : Odebrat -- Datum : 03/16/2013 14:57:16
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{6633294C-C7EF-4EC4-843D-278B028088D3} : NameServer (172.31.30.139) -> NEBYLO ODSTRANĚNO, POUŽIJTE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{6633294C-C7EF-4EC4-843D-278B028088D3} : NameServer (172.31.30.139) -> NEBYLO ODSTRANĚNO, POUŽIJTE DNSFIX
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547550A9E384 SATA Disk Device +++++
--- User ---
[MBR] 7171d0871ecf422c6f1e6468e9514b75
[BSP] f6be99a16529a7bbd022531c496ff447 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 456107 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 934516736 | Size: 16569 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[2]_D_03162013_02d1457.txt >>
RKreport[1]_S_03162013_02d1445.txt ; RKreport[2]_D_03162013_02d1457.txt

2.log :

RogueKiller V8.5.3 [Mar 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Pavlína [Práva správce]
Mód : Oprava HOSTS -- Datum : 03/16/2013 15:00:10
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[3]_H_03162013_02d1500.txt >>
RKreport[1]_S_03162013_02d1445.txt ; RKreport[2]_D_03162013_02d1457.txt ; RKreport[3]_H_03162013_02d1500.txt

Děkuji ...

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

log z ComboFixu :

ComboFix 13-03-16.02 - Pavlína 16.03.2013 16:36:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3691.2319 [GMT 1:00]
Spuštěný z: c:\users\PavlÝna\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-16 do 2013-03-16 )))))))))))))))))))))))))))))))
.
.
2013-03-16 15:46 . 2013-03-16 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-16 13:11 . 2013-03-16 13:11 -------- d-----w- C:\_OTM
2013-03-15 19:06 . 2013-03-16 13:08 -------- d-----w- c:\program files\trend micro
2013-03-15 19:06 . 2013-03-15 19:06 -------- d-----w- C:\rsit
2013-03-15 18:59 . 2013-03-16 15:43 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{480F79FC-3FB9-4FDA-8667-368DF20CC42A}\offreg.dll
2013-03-15 18:18 . 2013-03-15 18:18 -------- d-----w- c:\users\Pavlína\AppData\Roaming\Malwarebytes
2013-03-15 18:18 . 2013-03-15 18:18 -------- d-----w- c:\programdata\Malwarebytes
2013-03-15 18:18 . 2013-03-15 18:18 -------- d-----w- c:\users\Pavlína\AppData\Local\Programs
2013-03-15 18:12 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-03-15 18:12 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-15 18:12 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-15 18:12 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-03-15 18:12 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-15 18:12 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-03-15 18:12 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-03-15 18:12 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-15 18:12 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-15 18:12 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-03-15 18:12 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-03-15 16:49 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-15 16:49 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-15 15:01 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{480F79FC-3FB9-4FDA-8667-368DF20CC42A}\mpengine.dll
2013-03-13 21:24 . 2013-03-13 21:24 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 21:24 . 2013-03-13 21:24 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-02-28 19:44 . 2013-01-13 20:31 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-02-28 19:44 . 2013-01-13 17:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-02-28 19:44 . 2013-01-13 19:59 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-02-28 19:44 . 2013-01-13 19:58 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-02-28 19:44 . 2013-01-13 19:53 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-02-28 19:44 . 2013-01-13 19:43 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-02-28 19:44 . 2013-01-13 19:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-02-28 19:44 . 2013-01-13 19:15 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-02-28 19:44 . 2013-01-13 19:10 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-02-28 19:44 . 2013-01-13 19:37 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 21:30 . 2011-12-03 16:49 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 20:13 . 2012-10-04 06:12 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 20:13 . 2011-08-10 17:33 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2012-02-26 15:51 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2011-10-19 18:44 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2011-10-19 18:44 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2011-10-19 18:44 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2011-10-19 18:44 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2011-10-19 18:44 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2011-10-19 18:43 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-10-19 18:44 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-12 05:45 . 2013-03-13 20:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 20:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 20:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 20:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 20:05 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 20:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 20:08 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 20:08 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 20:08 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 20:08 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 20:08 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 20:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 20:08 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 20:08 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 20:08 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 20:08 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 20:08 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 20:08 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 20:08 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-16 17:11 . 2012-12-22 08:32 46080 ----a-w- c:\windows\system32\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 aswVmm;aswVmm; [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-06-16 133160]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys [2011-06-15 620584]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-21 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-14 39976]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-06 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-06-16 103992]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-30 44672]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 19:02 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6633294C-C7EF-4EC4-843D-278B028088D3}: NameServer = 172.31.30.139
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-03-16 16:51:44
ComboFix-quarantined-files.txt 2013-03-16 15:51
.
Před spuštěním: Volných bajtů: 422 289 235 968
Po spuštění: Volných bajtů: 421 663 203 328
.
- - End Of File - - 24D3C6E15C167455F14351D9B26DDD20

VIRY.CZ

Prosím o preventivku, děkuji

Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji

Re: Prosím o preventivku, děkuji