Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Taky POLICIE

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Marek1984
Návštěvník
Návštěvník
Příspěvky: 63
Registrován: 01 kvě 2013 15:56

Taky POLICIE

#1 Příspěvek od Marek1984 »

Zdravím a hned v úvodu se omlouvám - jsem zde poprvé - a nejsem natolik pokročilý uživatel, co by dokázal zázraky...
Včera večer mi taky vyběhla ta obrazovka s Policií (dle různých fór se jedná o starší verzi, která po mně chtěla "jen" 2tis. Kč). PC jsem raději okamžitě vypnul (natvrdo) a odpojil ze sítě - pak jsem se znovu přihlásil pod druhým uživatelem (offline) a dal jsem zkontrolovat PC avastem (verze zdarma) - tento PC používám pouze pro účely školy, takže nic extra zabezpečení... Avast se zasekl, takže jsem to vypnul. Dnes ráno jsem PC připojil a nechal zkontrolovat přes eset online a světe div se - nějakých 20 trojanů a nějaký program... eset mi asi 7 kousků hodil do karantény (byla tam možnost vymazat z karantény, tak jsem vymazal - doufám, že to nebylo obnovení ale výmaz na trvalo z PC). Pak jsem aktualizoval avast - zkontroloval PC, avast nic nenašel. Následně jsem znovu spustil eset online a opět nic.
Problémem ale je, že PC je strašně pomalý - určitě mnohem pomalejší než před tím virem. Po přihlášení mi navíc vyskočilo okno, kde je napsáno "Chyba při načítání souboru C:\PROGRA-2\nirirl.dat" "Uvedený modul nebyl nalezen." "OK" (ta pomlčka PROGRA-2 má být vlnovka, ale nevím, jak ji tam dát).
Ještě doplňuju - to okno se jmenuje "RunDLL". a ještě raději uvádím, že jsem si dnes raději aktualizoval skype, adobe i javu.
Prosím o radu.
Moc děkuji.
Marek
Nahoru
Marek1984
Návštěvník
Návštěvník
Příspěvky: 63
Registrován: 01 kvě 2013 15:56

Re: Taky POLICIE

#2 Příspěvek od Marek1984 »

Já vím :) ale já jsem totálně tupý, co se týká PC :)
Jinak ještě jsem se díval dnes na Program files a smazal jsem dvě složky, které byly vytvořeny včera večer - byly to složky, do kterých jsem neměl přístup a jejich název byl cca 15 znaků - jenom čísla...
tady je to, co jsi požadoval (poprvé, když se to generovalo, tak se mi to kouslo - čekal jsem cca 5 minut a nic, tak jsem pc restartoval... podruhé to bylo během půl minutky)

Logfile of random's system information tool 1.09 (written by random/random)
Run by Marek at 2013-05-01 17:44:12
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 12 GB (5%) free of 238 GB
Total RAM: 2036 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:44:29, on 1.5.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\tsnp2uvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1BP1T63\RSIT.exe
C:\Program Files\trend micro\Marek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\nirirl.dat,FG00
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/a ... oader6.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/l ... oader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9885 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399479475-3204813319-2684973945-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-399479475-3204813319-2684973945-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-07-31 698880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-01 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-18 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-01 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb128\SearchSettings.dll [2009-07-29 1153024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-07-31 698880]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-18 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"NWEReboot"= []
"RoxioDragToDisc"=C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-10-30 1116920]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-25 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-25 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-25 133656]
"snp2uvc"=C:\Windows\vsnp2uvc.exe [2007-05-15 675840]
"tsnp2uvc"=C:\Windows\tsnp2uvc.exe [2007-04-24 237568]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2009-07-29 1024512]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-02 946352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2011-03-04 2736128]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe silent []
""= []
"ctfmon.exe"=C:\PROGRA~2\rundll32.exe [2013-04-30 44544]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-02-28 18642024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-05-01 17:33:35 ----D---- C:\Program Files\trend micro
2013-05-01 17:33:34 ----D---- C:\rsit
2013-05-01 16:40:22 ----D---- C:\Program Files\Common Files\Skype
2013-05-01 07:44:20 ----A---- C:\Windows\system32\npDeployJava1.dll
2013-05-01 07:44:20 ----A---- C:\Windows\system32\javaws.exe
2013-05-01 07:42:46 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-05-01 07:42:46 ----A---- C:\Windows\system32\javaw.exe
2013-05-01 07:42:46 ----A---- C:\Windows\system32\java.exe
2013-04-30 22:47:13 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-04-30 22:47:09 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-04-30 22:27:29 ----A---- C:\ProgramData\as98213.txt
2013-04-30 22:27:19 ----A---- C:\ProgramData\rundll32.exe
2013-04-15 08:30:51 ----A---- C:\Windows\system32\vbscript.dll
2013-04-15 08:30:51 ----A---- C:\Windows\system32\mshtmled.dll
2013-04-15 08:30:49 ----A---- C:\Windows\system32\jsproxy.dll
2013-04-15 08:30:49 ----A---- C:\Windows\system32\ieUnatt.exe
2013-04-15 08:30:49 ----A---- C:\Windows\system32\ieui.dll
2013-04-15 08:30:48 ----A---- C:\Windows\system32\msfeeds.dll
2013-04-15 08:30:47 ----A---- C:\Windows\system32\wininet.dll
2013-04-15 08:30:47 ----A---- C:\Windows\system32\jscript.dll
2013-04-15 08:30:46 ----A---- C:\Windows\system32\url.dll
2013-04-15 08:30:46 ----A---- C:\Windows\system32\jscript9.dll
2013-04-15 08:30:45 ----A---- C:\Windows\system32\iertutil.dll
2013-04-15 08:30:44 ----A---- C:\Windows\system32\urlmon.dll
2013-04-15 08:30:41 ----A---- C:\Windows\system32\mshtml.dll
2013-04-15 08:30:41 ----A---- C:\Windows\system32\ieframe.dll
2013-04-15 08:18:48 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-04-15 08:18:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-04-15 08:18:46 ----A---- C:\Windows\system32\smss.exe
2013-04-15 08:18:46 ----A---- C:\Windows\system32\csrsrv.dll
2013-04-15 08:18:23 ----A---- C:\Windows\system32\mstscax.dll
2013-04-15 08:18:15 ----A---- C:\Windows\system32\winsrv.dll
2013-04-15 08:18:02 ----A---- C:\Windows\system32\win32k.sys
2013-04-07 19:45:46 ----D---- C:\Sanace a sanační technologie
2013-04-07 19:45:45 ----D---- C:\Právo a životní prostředí
2013-04-07 19:45:44 ----D---- C:\Evropské krajinné politiky
2013-04-07 19:45:43 ----D---- C:\Státnice

======List of files/folders modified in the last 1 month======

2013-05-01 17:44:27 ----D---- C:\Windows\Temp
2013-05-01 17:44:06 ----D---- C:\Users\Marek\AppData\Roaming\Skype
2013-05-01 17:40:54 ----SHD---- C:\Config.Msi
2013-05-01 17:33:35 ----RD---- C:\Program Files
2013-05-01 17:27:55 ----SHD---- C:\Windows\Installer
2013-05-01 17:27:08 ----D---- C:\Windows\Prefetch
2013-05-01 17:26:57 ----D---- C:\Windows\System32
2013-05-01 17:26:24 ----D---- C:\Program Files\Common Files\Adobe
2013-05-01 17:26:23 ----D---- C:\ProgramData\Adobe
2013-05-01 16:41:49 ----D---- C:\ProgramData\Skype
2013-05-01 16:40:22 ----RD---- C:\Program Files\Skype
2013-05-01 16:40:22 ----D---- C:\Program Files\Common Files
2013-05-01 10:47:22 ----SHD---- C:\System Volume Information
2013-05-01 10:16:33 ----HD---- C:\ProgramData
2013-05-01 07:45:26 ----D---- C:\Program Files\Common Files\Java
2013-05-01 07:42:14 ----A---- C:\Windows\system32\deployJava1.dll
2013-05-01 07:42:06 ----D---- C:\Program Files\Java
2013-05-01 07:37:30 ----D---- C:\Windows\system32\Tasks
2013-05-01 07:33:15 ----D---- C:\Program Files\Adobe
2013-05-01 07:32:36 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-05-01 07:23:49 ----SD---- C:\Windows\Downloaded Program Files
2013-04-30 22:47:13 ----D---- C:\Windows\system32\drivers
2013-04-30 22:47:00 ----D---- C:\Windows
2013-04-30 22:27:01 ----D---- C:\Windows\system32\catroot
2013-04-30 22:26:57 ----D---- C:\Windows\winsxs
2013-04-30 22:10:37 ----D---- C:\Windows\system32\catroot2
2013-04-30 21:57:33 ----D---- C:\ProgramData\Microsoft Help
2013-04-16 19:22:13 ----D---- C:\Windows\Minidump
2013-04-15 19:18:00 ----D---- C:\Windows\system32\migration
2013-04-15 19:18:00 ----D---- C:\Program Files\Internet Explorer
2013-04-15 08:14:55 ----A---- C:\Windows\system32\mrt.exe
2013-04-09 20:53:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-09 20:53:39 ----D---- C:\Windows\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 DRVMCDB;DRVMCDB; C:\Windows\System32\Drivers\DRVMCDB.SYS [2006-07-21 99176]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-03-07 66336]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R3 b57nd60x;%SvcDispName%; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-06-06 9604864]
R3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys []
S3 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2011-03-04 73728]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-29 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-29 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-16 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]

-----------------EOF-----------------
Nahoru
Marek1984
Návštěvník
Návštěvník
Příspěvky: 63
Registrován: 01 kvě 2013 15:56

Re: Taky POLICIE

#3 Příspěvek od Marek1984 »

když jsem kliknul na první z těch tří odkazů, tak mi vyběhlo pouze to, co jsem tam nakopíroval. Mám použít i zbylé dva odkazy? Já myslel, že mám vybrat jeden z těch tří - prosím o potvrzení. Mezi tím jdu na ten ComboFix...
Nahoru
Marek1984
Návštěvník
Návštěvník
Příspěvky: 63
Registrován: 01 kvě 2013 15:56

Re: Taky POLICIE

#4 Příspěvek od Marek1984 »

na C - ve složce RSIT jsou dva soubory - jeden je "log" - text jsem uvedl v předchozím příspěvku. Druhý soubor je "info", text je níže:

info.txt logfile of random's system information tool 1.09 2013-05-01 17:34:25

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
µTorrent CZ 1.8.3 (build 15638)-->"C:\Program Files\uTorrent\unins000.exe"
50 FREE MP3s +1 Free Audiobook!-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A0087DDE-69D0-11E2-AD57-43CA6188709B}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe -maintain activex
Adobe Media Player-->MsiExec.exe /X{C7888C3F-0506-555F-7907-CDD3F81719A5}
Adobe Reader 9.5.4 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A95000000001}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
A-PDF Merger 4.0-->"C:\Program Files\A-PDF Merger\unins000.exe"
A-PDF Split 2.3-->"C:\Program Files\A-PDF Split\unins000.exe"
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Balíček ovladače systému Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_48f6f624\pccs_bluetooth.inf
Balíček ovladače systému Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_51d2d3e1\pccs_bluetooth.inf
Balíček ovladače systému Windows - Nokia Modem (06/09/2010 4.5)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_8f891eb9\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia Modem (06/09/2010 7.01.0.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_d3ed7b8f\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Battle.net-->C:\Windows\bnetunin.exe
bwin Poker-->"C:\Program Files\bwinPoker\unins000.exe"
Dealio Toolbar v4.0.1-->MsiExec.exe /X{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
dm paradies foto 2-->"C:\Program Files\dm\dm paradies foto 2\uninstall.exe"
dm paradies foto 3-->"C:\Program Files\dm\dm paradies foto 2\uninstall.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Fotolab Fotosvet 4-->"C:\Users\Terezka\Desktop\Fotolab Fotosvet 4\uninstall.exe"
Free Mp3 Wma Converter V 1.81-->"C:\Program Files\to_MP3\unins000.exe"
Freez FLV to AVI/MPEG/WMV Converter-->"C:\Program Files\Smallvideosoft\Freez FLV to AVI MPEG WMV Converter\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\26.0.1410.64\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_94DDE1EDD1CDF6A3.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Heroes of Might and Magic III Complete-->C:\Program Files\InstallShield Installation Information\{EDFB64A7-5BFD-4137-943D-5663149A15F5}\setup.exe -runfromtemp -l0x0405
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x9
Heroes of Might and Magic® III-->C:\Windows\IsUninst.exe -f"C:\Program Files\3DO\Heroes3\Uninst.isu" -c"C:\Program Files\3DO\Heroes3\uninst.dll
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Janitor2-->"C:\Program Files\Janitor2\unins000.exe"
Java 7 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217021FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 7.6.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LightScribe System Software-->MsiExec.exe /X{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}
LightScribe Template Labeler-->MsiExec.exe /X{2765F726-849C-47B2-A82C-B257DFC0E01C}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {0B7A4B67-2A38-42B1-9857-662FAB361E08}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {FDF9A959-241A-4662-A8DE-7DED9C22D160}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MyGuard Live-->C:\Windows\IsUninst.exe -f"C:\Program Files\MSI\MyGuard Live\Uninst.isu"
Nokia Connectivity Cable Driver-->MsiExec.exe /I{2D99A593-C841-43A7-B7C9-D6F3AE70B756}
Nokia Map Loader-->MsiExec.exe /I{45D4F727-43B5-49CD-B474-B9866A8F4FB8}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}
Nokia Ovi Suite-->C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe
Nokia Ovi Suite-->MsiExec.exe /X{07D77970-B205-460C-84E4-263F30455597}
Nokia PC Suite-->C:\ProgramData\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_cze_web[1].exe
Nokia PC Suite-->MsiExec.exe /I{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}
Ovi Desktop Sync Engine-->MsiExec.exe /X{2CC53A53-44F4-4667-8584-2FFC9ACB2242}
OviMPlatform-->MsiExec.exe /I{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}
PC Connectivity Solution-->MsiExec.exe /I{C373F7C4-05D2-4047-96D1-6AF30661C6AA}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
rajče verze 58 sestavení 203-->"C:\Program Files\rajce\unins000.exe"
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}
Search Settings 1.2.2-->MsiExec.exe /X{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {939AF4BC-EC42-38D1-AE82-91D4A7ED8911} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {43171CAD-DC60-4E7B-9703-B2EC18001B9F}
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3579CE34-B225-4B19-A3AF-DE5F562A212F}
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {020B65AD-B2ED-4B35-92CA-DB56EFB864A5}
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CAB47CC0-A98C-47DD-9FA1-C0416EC96ED5}
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {488F0918-97F9-4CD0-8AD5-8986A46AC962}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {718E87EC-6590-485A-B12D-C01D290EDB12}
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 6.3-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
StarCam Clip II-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0005 -removeonly
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {620E77C0-CDFE-4C14-AAEB-830ABB65864C}
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {525A4A44-8940-40AD-ABA0-14501199D2F0}
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8153EC80-C988-4336-8DAF-6D99C0D26E0C}
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {A030537D-0034-46AD-A730-B1119786F607}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {2FAC8CEF-F191-4A30-A107-F33D92D52AEE}
Winamp Toolbar-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
YouTube Downloader 2.7-->"C:\Program Files\YouTube Downloader\uninstall.exe"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC
Event Code: 4371
Message: Služba Windows Servicing zahájila proces změny stavu balíčku KB2532531(Security Update) z Rozpoznáno(Resolved) na Nainstalováno(Installed).
Record Number: 233826
Source Name: Microsoft-Windows-Servicing
Time Written: 20110713172758.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: PC
Event Code: 4371
Message: Služba Windows Servicing zahájila proces změny stavu balíčku KB2532531(Security Update) z Rozpoznáno(Resolved) na Nainstalováno(Installed).
Record Number: 233825
Source Name: Microsoft-Windows-Servicing
Time Written: 20110713172757.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: PC
Event Code: 4371
Message: Služba Windows Servicing zahájila proces změny stavu balíčku KB2532531(Security Update) z Rozpoznáno(Resolved) na Nainstalováno(Installed).
Record Number: 233824
Source Name: Microsoft-Windows-Servicing
Time Written: 20110713172757.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: PC
Event Code: 4376
Message: Služba Servicing požádala o restartování za účelem dokončení operace nastavení balíčku KB2555917(Security Update) do stavu Požadována instalace(Install Requested).
Record Number: 233823
Source Name: Microsoft-Windows-Servicing
Time Written: 20110713172757.000000-000
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM

Computer Name: PC
Event Code: 4386
Message: Služba Windows Servicing požádala o restartování za účelem dokončení procesu změny aktualizace 2555917-14_neutral_GDR z balíčku KB2555917(Security Update) do stavu Požadována instalace(Install Requested).
Record Number: 233822
Source Name: Microsoft-Windows-Servicing
Time Written: 20110713172757.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: PC
Event Code: 1
Message: 31/08/2010 17:21:09 (OviSuite) - ERROR - ContactsPlugin, Thread GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString(): Not correct order of ELocalizedString::eStringType = 27
Record Number: 53938
Source Name: OviSuite
Time Written: 20100831152109.000000-000
Event Type: Chyba
User:

Computer Name: PC
Event Code: 1
Message: 31/08/2010 17:21:09 (OviSuite) - ERROR - ContactsPlugin, Thread GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString(): Not correct order of ELocalizedString::eStringType = 27
Record Number: 53937
Source Name: OviSuite
Time Written: 20100831152109.000000-000
Event Type: Chyba
User:

Computer Name: PC
Event Code: 1
Message: 31/08/2010 17:21:09 (OviSuite) - ERROR - ContactsPlugin, Thread GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString(): Not correct order of ELocalizedString::eStringType = 27
Record Number: 53936
Source Name: OviSuite
Time Written: 20100831152109.000000-000
Event Type: Chyba
User:

Computer Name: PC
Event Code: 1
Message: 31/08/2010 17:21:09 (OviSuite) - ERROR - ContactsPlugin, Thread GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString(): Not correct order of ELocalizedString::eStringType = 27
Record Number: 53935
Source Name: OviSuite
Time Written: 20100831152109.000000-000
Event Type: Chyba
User:

Computer Name: PC
Event Code: 1
Message: 31/08/2010 17:21:09 (OviSuite) - ERROR - ContactsPlugin, Thread GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString(): Not correct order of ELocalizedString::eStringType = 27
Record Number: 53934
Source Name: OviSuite
Time Written: 20100831152109.000000-000
Event Type: Chyba
User:
Nahoru
Marek1984
Návštěvník
Návštěvník
Příspěvky: 63
Registrován: 01 kvě 2013 15:56

Re: Taky POLICIE

#5 Příspěvek od Marek1984 »

Naughty píše:Ktere tri odkazy, nevim co ymslis, treba si sedim na vedeni. Udelej kontrolu pres Combofix, log z nej vloz :-)
Jak jsi mi psal v prvním příspěvku. Na 32bit jsou tam 3 odkazy. Pouzil jsem ten první. Jinak v pohodě. Už mi běží combo... pak sem hodim výsledek.
Nahoru
Marek1984
Návštěvník
Návštěvník
Příspěvky: 63
Registrován: 01 kvě 2013 15:56

Re: Taky POLICIE

#6 Příspěvek od Marek1984 »

ComboFix 13-05-01.03 - Marek 01.05.2013 18:16:51.1.4 - x86
Spuštěný z: c:\users\Marek\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettingsKit.exe
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\programdata\dz1ocr.pad
c:\programdata\ehiwv.pad
c:\programdata\lririn.pad
c:\programdata\rundll32.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-01 do 2013-05-01 )))))))))))))))))))))))))))))))
.
.
2013-05-01 16:24 . 2013-05-01 16:25 -------- d-----w- c:\users\Marek\AppData\Local\temp
2013-05-01 16:24 . 2013-05-01 16:24 -------- d-----w- c:\users\Terezka\AppData\Local\temp
2013-05-01 16:24 . 2013-05-01 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-01 16:24 . 2013-05-01 16:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-05-01 15:33 . 2013-05-01 15:44 -------- d-----w- c:\program files\trend micro
2013-05-01 15:33 . 2013-05-01 15:34 -------- d-----w- C:\rsit
2013-05-01 14:40 . 2013-05-01 14:40 -------- d-----w- c:\program files\Common Files\Skype
2013-05-01 06:21 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E49621AF-D81D-4506-AB71-F8126A24B5CD}\mpengine.dll
2013-05-01 05:44 . 2013-05-01 05:42 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-01 05:42 . 2013-05-01 05:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-30 20:47 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-30 20:47 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-15 06:18 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-15 06:18 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-15 06:18 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-15 06:18 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-15 06:18 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-15 06:18 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-15 06:18 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-07 17:45 . 2013-04-07 17:45 -------- d-----w- C:\Sanace a sanační technologie
2013-04-07 17:45 . 2013-04-07 17:45 -------- d-----w- C:\Právo a životní prostředí
2013-04-07 17:45 . 2013-04-07 17:45 -------- d-----w- C:\Evropské krajinné politiky
2013-04-07 17:45 . 2013-04-07 17:45 -------- d-----w- C:\Státnice
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-01 05:42 . 2010-04-22 16:11 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-11 23:10 . 2009-10-04 14:44 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-06 22:33 . 2011-09-14 18:35 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2011-09-14 18:35 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2011-09-14 18:35 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2011-09-14 18:35 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2011-09-14 18:35 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 22:33 . 2011-09-14 18:35 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2011-09-14 18:34 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2011-09-14 18:34 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-12 01:57 . 2013-03-25 16:01 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-05-15 675840]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2007-04-24 237568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-02 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 08:34 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-29 06:11]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-29 06:11]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-399479475-3204813319-2684973945-1001Core.job
- c:\users\Terezka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 11:31]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-399479475-3204813319-2684973945-1001UA.job
- c:\users\Terezka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: czu.cz\moodle
TCP: DhcpNameServer = 192.168.0.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-NWEReboot - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
AddRemove-Fotolab Fotosvet 4 - c:\users\Terezka\Desktop\Fotolab Fotosvet 4\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-01 18:25
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-05-01 18:27:57
ComboFix-quarantined-files.txt 2013-05-01 16:27
.
Před spuštěním: Volných bajtů: 40 141 758 464
Po spuštění: Volných bajtů: 44 378 853 376
.
- - End Of File - - AE1E97A75D8EC31F8404FABE65D0DB91
Nahoru
Marek1984
Návštěvník
Návštěvník
Příspěvky: 63
Registrován: 01 kvě 2013 15:56

Re: Taky POLICIE

#7 Příspěvek od Marek1984 »

super. díky moc. vypadá to dobře. policie se stáhla, rychlost pc vypadá taky dobře. to RunDLL taky zmizelo... bezva. ještě jednou díky. Marek (btw jak zjistím, co mi combo vymazalo? je toho cca o 20 giga méně)
Nahoru
Marek1984
Návštěvník
Návštěvník
Příspěvky: 63
Registrován: 01 kvě 2013 15:56

Re: Taky POLICIE

#8 Příspěvek od Marek1984 »

Díky moc. vše v pohodě :)
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“