VIRY.CZ

Ahoj,
poslední dobou nám tu začal zamrzat rodinnej počítač (úplně vytuhne a je potřeba reset), procesor standardně teče na 40% a víc, blbne psaní ve wordu a dneska večer se k tomu přidalo zvláštní chování myši (když chtěla mamka nastavit kurzor, aby smazala slovo, tak se celej word úplně splašil...). Teď, když jsem pustil chroma, tak se ozval, že soubor s nastavením chromu byl poškozený a proto se celý jeho profil vytváří znova...¨

Nešlo mi vytvořit FRSTL, proto dávám jenom FRST. Snažím se učit luštění logů - a soudě podle mě, tak tam není žádnej živej vir... ale přesto prosím o zkušenější očko. Díky.


(PS: soubor C:\WINDOWS\system32\Drivers\volsnap.sys jsem testoval na virustotalu a byl čistý.)


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2014 01
Ran by Honza (administrator) on RODINA on 08-03-2014 20:05:07
Running from D:\Honza\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ABBYY (BIT Software)) C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
() C:\Program Files\BTH\BTNtService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(HP) C:\WINDOWS\system32\HPSIsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\BTH\StartSkysolSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(IVT Corporation.) C:\Program Files\BTH\BlueSoleil.exe
(IVT Corporation.) C:\Program Files\BTH\BlueSoleil VoIP Plugin.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\WINDOWS\MHotkey.exe
(Chicony) C:\WINDOWS\ChiFuncExt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16126464 2007-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LchDrvKey] - C:\WINDOWS\LchDrvKey.exe [36864 2007-03-28] ()
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-789336058-1284227242-839522115-1003\...\Run: [] - [X]
HKU\S-1-5-21-789336058-1284227242-839522115-1003\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-789336058-1284227242-839522115-1003\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
ShortcutTarget: BlueSoleil.lnk -> C:\Program Files\BTH\gprs.exe (IVT Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://31.133.9.23/activex/AMC.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 89.190.94.59 89.190.64.20

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\zag3joi0.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-03-04]

Chrome:
=======
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2009-02-15] (ABBYY (BIT Software))
S2 ArcGIS License Manager; C:\Program Files\ArcGIS\License10.0\overwrites\lmgrd.exe [1377104 2010-07-12] (Flexera Software, Inc.)
R2 BlueSoleil Hid Service; C:\Program Files\BTH\BTNtService.exe [166520 2007-12-27] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-04] (Oracle Corporation)
R2 Start BT in service; C:\Program Files\BTH\StartSkysolSvc.exe [51816 2007-12-27] ()

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43008 2006-06-18] (Advanced Micro Devices)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1605056 2012-12-21] (Atheros Communications, Inc.)
R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34312 2007-06-24] (IVT Corporation.)
R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27656 2007-06-24] (IVT Corporation.)
R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [38920 2007-06-24] (IVT Corporation.)
R0 BTHidEnum; C:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-29] (DT Soft Ltd)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 20:05 - 2014-03-08 20:05 - 00000000 ____D () C:\FRST
2014-03-08 20:01 - 2014-03-08 20:04 - 00029696 _____ () C:\Documents and Settings\Honza\Local Settings\Data aplikací\MSGBOX.EXE
2014-03-08 12:38 - 2014-03-08 12:39 - 00000000 ____D () C:\Documents and Settings\Mamka\Local Settings\Data aplikací\Adobe
2014-03-08 12:29 - 2014-03-08 12:29 - 00000000 _____ () C:\WINDOWS\system32\atiicdxx.dat
2014-03-08 12:09 - 2014-03-08 12:09 - 00000000 ____D () C:\ATI
2014-03-08 11:38 - 2014-03-08 11:38 - 00000000 ____D () C:\Program Files\ATI
2014-03-04 19:43 - 2014-03-04 19:43 - 00000000 ____D () C:\Documents and Settings\Tatka\Local Settings\Data aplikací\ESET
2014-03-04 19:43 - 2014-03-04 19:43 - 00000000 ____D () C:\Documents and Settings\Tatka\Data aplikací\ESET
2014-03-04 16:03 - 2014-03-04 16:03 - 00000000 ____D () C:\Documents and Settings\Mamka\Local Settings\Data aplikací\ESET
2014-03-04 16:03 - 2014-03-04 16:03 - 00000000 ____D () C:\Documents and Settings\Mamka\Data aplikací\ESET
2014-03-04 14:32 - 2014-03-04 14:32 - 00000000 ____D () C:\Documents and Settings\Honza\Data aplikací\library_dir
2014-03-04 14:06 - 2014-03-04 14:06 - 00000000 ____D () C:\Documents and Settings\Honza\Local Settings\Data aplikací\ESET
2014-03-04 14:06 - 2014-03-04 14:06 - 00000000 ____D () C:\Documents and Settings\Honza\Data aplikací\ESET
2014-03-04 14:04 - 2014-03-04 14:04 - 00000000 ____D () C:\Program Files\ESET
2014-03-04 14:04 - 2014-03-04 14:04 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
2014-03-04 14:04 - 2014-03-04 14:04 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ESET
2014-03-04 13:58 - 2014-03-04 13:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-04 13:57 - 2014-03-04 13:57 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-03-04 13:57 - 2014-03-04 13:57 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-03-04 13:57 - 2014-03-04 13:57 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-03-04 13:57 - 2014-03-04 13:57 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-03-04 13:57 - 2014-03-04 13:57 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-03-04 13:57 - 2014-03-04 13:57 - 00000000 ____D () C:\Program Files\Java
2014-03-04 13:57 - 2014-03-04 13:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Java
2014-02-23 16:27 - 2014-02-25 20:36 - 00000000 ____D () C:\Documents and Settings\Tatka\Data aplikací\Skype
2014-02-19 22:36 - 2014-03-08 12:08 - 00000000 ____D () C:\Documents and Settings\Honza\Data aplikací\Skype
2014-02-19 18:06 - 2014-02-19 18:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-19 17:46 - 2014-02-19 17:46 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Bluetooth
2014-02-19 17:44 - 2014-02-19 17:44 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\IVT BlueSoleil
2014-02-19 17:43 - 2014-02-19 17:43 - 00000000 ____D () C:\Program Files\BTH
2014-02-15 16:01 - 2014-02-15 16:01 - 00000000 ____D () C:\Documents and Settings\Mamka\Data aplikací\TeamViewer
2014-02-15 16:00 - 2014-02-15 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 8

==================== One Month Modified Files and Folders =======

2014-03-08 20:05 - 2014-03-08 20:05 - 00000000 ____D () C:\FRST
2014-03-08 20:04 - 2014-03-08 20:01 - 00029696 _____ () C:\Documents and Settings\Honza\Local Settings\Data aplikací\MSGBOX.EXE
2014-03-08 20:04 - 2013-03-29 14:41 - 00000000 ___HD () C:\Documents and Settings\Honza\Local Settings\Data aplikací
2014-03-08 20:01 - 2013-03-29 15:31 - 00000178 ___SH () C:\Documents and Settings\Mamka\ntuser.ini
2014-03-08 20:01 - 2013-03-29 14:01 - 00363916 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-08 19:50 - 2013-03-29 14:55 - 00000211 _____ () C:\WINDOWS\wiadebug.log
2014-03-08 19:50 - 2013-03-29 14:55 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-08 12:39 - 2014-03-08 12:38 - 00000000 ____D () C:\Documents and Settings\Mamka\Local Settings\Data aplikací\Adobe
2014-03-08 12:39 - 2013-03-29 21:57 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-08 12:39 - 2013-03-29 21:57 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-08 12:38 - 2013-03-29 15:31 - 00000000 ___HD () C:\Documents and Settings\Mamka\Local Settings\Data aplikací
2014-03-08 12:34 - 2013-03-29 21:57 - 00000000 ____D () C:\Documents and Settings\Mamka\Data aplikací\Skype
2014-03-08 12:34 - 2013-03-29 14:41 - 00000178 ___SH () C:\Documents and Settings\Honza\ntuser.ini
2014-03-08 12:31 - 2013-03-29 14:41 - 00000000 ____D () C:\Documents and Settings\Honza
2014-03-08 12:29 - 2014-03-08 12:29 - 00000000 _____ () C:\WINDOWS\system32\atiicdxx.dat
2014-03-08 12:29 - 2013-03-29 14:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-08 12:29 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-08 12:28 - 2013-04-17 17:08 - 00000000 ____D () C:\Documents and Settings\Petr
2014-03-08 12:28 - 2013-03-29 15:35 - 00000000 ____D () C:\Documents and Settings\Tatka
2014-03-08 12:28 - 2013-03-29 15:31 - 00000000 ____D () C:\Documents and Settings\Mamka
2014-03-08 12:28 - 2013-03-29 14:07 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-08 12:28 - 2013-03-29 14:07 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-08 12:28 - 2013-03-29 14:05 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-08 12:28 - 2013-03-29 13:58 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-08 12:26 - 2013-03-29 14:25 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-03-08 12:26 - 2013-03-29 14:07 - 00032544 ____N () C:\WINDOWS\SchedLgU.Txt
2014-03-08 12:25 - 2013-04-13 17:14 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-08 12:20 - 2013-03-29 13:59 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-03-08 12:09 - 2014-03-08 12:09 - 00000000 ____D () C:\ATI
2014-03-08 12:08 - 2014-02-19 22:36 - 00000000 ____D () C:\Documents and Settings\Honza\Data aplikací\Skype
2014-03-08 11:46 - 2013-03-29 14:31 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-03-08 11:38 - 2014-03-08 11:38 - 00000000 ____D () C:\Program Files\ATI
2014-03-07 21:46 - 2013-03-29 15:48 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-03-06 21:18 - 2013-03-29 15:35 - 00000178 ___SH () C:\Documents and Settings\Tatka\ntuser.ini
2014-03-06 21:09 - 2013-03-30 15:38 - 00000000 ____D () C:\Documents and Settings\Tatka\Data aplikací\vlc
2014-03-04 19:43 - 2014-03-04 19:43 - 00000000 ____D () C:\Documents and Settings\Tatka\Local Settings\Data aplikací\ESET
2014-03-04 19:43 - 2014-03-04 19:43 - 00000000 ____D () C:\Documents and Settings\Tatka\Data aplikací\ESET
2014-03-04 19:43 - 2013-03-29 15:35 - 00074608 _____ () C:\Documents and Settings\Tatka\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-03-04 19:43 - 2013-03-29 15:35 - 00000000 __RHD () C:\Documents and Settings\Tatka\Data aplikací
2014-03-04 19:43 - 2013-03-29 15:35 - 00000000 ___HD () C:\Documents and Settings\Tatka\Local Settings\Data aplikací
2014-03-04 16:04 - 2013-03-29 15:32 - 00074608 _____ () C:\Documents and Settings\Mamka\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-03-04 16:03 - 2014-03-04 16:03 - 00000000 ____D () C:\Documents and Settings\Mamka\Local Settings\Data aplikací\ESET
2014-03-04 16:03 - 2014-03-04 16:03 - 00000000 ____D () C:\Documents and Settings\Mamka\Data aplikací\ESET
2014-03-04 16:03 - 2013-03-29 15:31 - 00000000 __RHD () C:\Documents and Settings\Mamka\Data aplikací
2014-03-04 14:58 - 2013-03-29 14:41 - 00000000 __RHD () C:\Documents and Settings\Honza\Data aplikací
2014-03-04 14:58 - 2013-03-29 14:41 - 00000000 ___RD () C:\Documents and Settings\Honza\Nabídka Start\Programy
2014-03-04 14:54 - 2013-03-29 14:42 - 00074608 _____ () C:\Documents and Settings\Honza\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-03-04 14:53 - 2013-03-29 14:51 - 00254272 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-04 14:32 - 2014-03-04 14:32 - 00000000 ____D () C:\Documents and Settings\Honza\Data aplikací\library_dir
2014-03-04 14:11 - 2013-03-29 16:15 - 00000000 ____D () C:\Program Files\trend micro
2014-03-04 14:06 - 2014-03-04 14:06 - 00000000 ____D () C:\Documents and Settings\Honza\Local Settings\Data aplikací\ESET
2014-03-04 14:06 - 2014-03-04 14:06 - 00000000 ____D () C:\Documents and Settings\Honza\Data aplikací\ESET
2014-03-04 14:04 - 2014-03-04 14:04 - 00000000 ____D () C:\Program Files\ESET
2014-03-04 14:04 - 2014-03-04 14:04 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
2014-03-04 14:04 - 2014-03-04 14:04 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ESET
2014-03-04 14:04 - 2013-03-29 14:52 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-03-04 14:04 - 2013-03-29 14:52 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-03-04 13:58 - 2014-03-04 13:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-04 13:57 - 2014-03-04 13:57 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-03-04 13:57 - 2014-03-04 13:57 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-03-04 13:57 - 2014-03-04 13:57 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-03-04 13:57 - 2014-03-04 13:57 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-03-04 13:57 - 2014-03-04 13:57 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-03-04 13:57 - 2014-03-04 13:57 - 00000000 ____D () C:\Program Files\Java
2014-03-04 13:57 - 2014-03-04 13:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Java
2014-03-04 13:46 - 2013-04-17 17:08 - 00000000 ___HD () C:\Documents and Settings\Petr\Local Settings\Data aplikací
2014-03-04 13:45 - 2013-04-17 17:08 - 00000000 __RHD () C:\Documents and Settings\Petr\Data aplikací
2014-02-25 20:36 - 2014-02-23 16:27 - 00000000 ____D () C:\Documents and Settings\Tatka\Data aplikací\Skype
2014-02-19 19:13 - 2013-03-29 16:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-19 18:06 - 2014-02-19 18:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-19 17:46 - 2014-02-19 17:46 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Bluetooth
2014-02-19 17:44 - 2014-02-19 17:44 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\IVT BlueSoleil
2014-02-19 17:44 - 2013-03-29 14:52 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2014-02-19 17:43 - 2014-02-19 17:43 - 00000000 ____D () C:\Program Files\BTH
2014-02-15 16:01 - 2014-02-15 16:01 - 00000000 ____D () C:\Documents and Settings\Mamka\Data aplikací\TeamViewer
2014-02-15 16:00 - 2014-02-15 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 8
2014-02-15 16:00 - 2013-03-29 21:53 - 00000815 _____ () C:\Documents and Settings\All Users\Plocha\TeamViewer 8.lnk
2014-02-15 16:00 - 2013-03-29 14:52 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha

Some content of TEMP:
====================
C:\Documents and Settings\Mamka\Local Settings\Temp\AtiCimUn.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2004-08-17 14:49] - [2008-04-14 08:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\WINDOWS\system32\winlogon.exe
[2004-08-17 14:49] - [2008-04-14 08:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\WINDOWS\system32\svchost.exe
[2004-08-17 14:49] - [2008-04-14 08:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\WINDOWS\system32\services.exe
[2004-08-17 14:49] - [2008-04-14 08:52] - 0108544 ____A (Microsoft Corporation) f0d2ae69035092bf22dad6b50fab85c2

C:\WINDOWS\system32\User32.dll
[2004-08-17 14:49] - [2008-04-14 08:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\WINDOWS\system32\userinit.exe
[2004-08-17 14:49] - [2008-04-14 08:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\WINDOWS\system32\rpcss.dll
[2004-08-17 14:49] - [2008-04-14 08:51] - 0399360 ____A (Microsoft Corporation) c868f3ae15cf71a93f2aa3a32856d839

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-17 14:44] - [2008-04-14 07:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1


==================== End Of Log ============================

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-789336058-1284227242-839522115-1003\...\Run: [] - [X]
C:\Documents and Settings\Mamka\Local Settings\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Dále zkuste obnovu systému k datu, kdy korektně fungoval.

Rodiče už nevzpomněli, kdy se začaly objevovat problémy, takže nevím, ke kterému datu systém obnovit. Navíc poslední RP mám ze 4. března a tohle už určitě tak měsíc zlobit bude...

v karanténě ESETu je uhnízděnej jeden troják JS/Agent.NKW (ze 7. ledna), ale ten je neškodnej. Můžu ho odstranit?



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2014 01
Ran by Honza at 2014-03-08 20:49:30 Run:1
Running from D:\Honza\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-789336058-1284227242-839522115-1003\...\Run: [] - [X]
C:\Documents and Settings\Mamka\Local Settings\Temp
End
*****************

HKU\S-1-5-21-789336058-1284227242-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Documents and Settings\Mamka\Local Settings\Temp => Moved successfully.

==== End of Fixlog ====

Smazáno. Zkusíme hloubkový test na viry. Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

můžu si změnit bootovací timeout na nulu? CF nastavil 2 vteřiny...


ComboFix 14-03-05.01 - Honza 08.03.2014 22:37:48.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.990.352 [GMT 1:00]
Spuštěný z: d:\honza\Plocha\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personální firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Honza\Local Settings\Data aplikací\MSGBOX.EXE
c:\documents and settings\Petr\WINDOWS
c:\program files\Internet Explorer\SET7C.tmp
c:\program files\Internet Explorer\SET81.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-08 do 2014-03-08 )))))))))))))))))))))))))))))))
.
.
2014-03-08 19:05 . 2014-03-08 19:49 -------- d-----w- C:\FRST
2014-03-08 11:38 . 2014-03-08 11:39 -------- d-----w- c:\documents and settings\Mamka\Local Settings\Data aplikací\Adobe
2014-03-08 11:28 . 2014-03-08 11:28 -------- d-----w- c:\windows\system32\wbem\Repository
2014-03-08 11:09 . 2014-03-08 11:09 -------- d-----w- C:\ATI
2014-03-08 10:38 . 2014-03-08 10:38 -------- d-----w- c:\program files\ATI
2014-03-04 18:43 . 2014-03-04 18:43 -------- d-----w- c:\documents and settings\Tatka\Local Settings\Data aplikací\ESET
2014-03-04 18:43 . 2014-03-04 18:43 -------- d-----w- c:\documents and settings\Tatka\Data aplikací\ESET
2014-03-04 15:03 . 2014-03-04 15:03 -------- d-----w- c:\documents and settings\Mamka\Local Settings\Data aplikací\ESET
2014-03-04 15:03 . 2014-03-04 15:03 -------- d-----w- c:\documents and settings\Mamka\Data aplikací\ESET
2014-03-04 13:32 . 2014-03-04 13:32 -------- d-----w- c:\documents and settings\Honza\Data aplikací\library_dir
2014-03-04 13:06 . 2014-03-04 13:06 -------- d-----w- c:\documents and settings\Honza\Local Settings\Data aplikací\ESET
2014-03-04 13:06 . 2014-03-04 13:06 -------- d-----w- c:\documents and settings\Honza\Data aplikací\ESET
2014-03-04 13:04 . 2014-03-04 13:04 -------- d-----w- c:\program files\ESET
2014-03-04 13:04 . 2014-03-04 13:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2014-03-04 12:58 . 2014-03-04 12:58 -------- d-----w- c:\program files\Common Files\Java
2014-03-04 12:57 . 2014-03-04 12:57 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-03-04 12:57 . 2014-03-04 12:57 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-04 12:57 . 2014-03-04 12:57 -------- d-----w- c:\program files\Java
2014-02-23 15:27 . 2014-02-25 19:36 -------- d-----w- c:\documents and settings\Tatka\Data aplikací\Skype
2014-02-19 21:36 . 2014-03-08 11:08 -------- d-----w- c:\documents and settings\Honza\Data aplikací\Skype
2014-02-19 16:46 . 2014-02-19 16:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Bluetooth
2014-02-19 16:43 . 2014-02-19 16:43 -------- d-----w- c:\program files\BTH
2014-02-15 15:01 . 2014-02-15 15:01 -------- d-----w- c:\documents and settings\Mamka\Data aplikací\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-08 11:39 . 2013-03-29 20:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-08 11:39 . 2013-03-29 20:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-23 09:13 . 2013-12-23 09:13 756 ----a-w- C:\backup.reg
2013-12-23 09:13 . 2013-12-23 09:13 574 ----a-w- C:\cleanup.bat
2013-12-23 09:13 . 2013-12-23 09:13 19286 ----a-w- C:\cleanup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\BTH\gprs.exe [2007-12-27 43608]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\BTH\\BlueSoleil.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29.3.2013 16:00 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [17.9.2013 15:17 134248]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [15.2.2009 23:26 660768]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.9.2013 12:06 1337752]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [30.3.2013 17:05 99896]
R2 Start BT in service;Start BT in service;c:\program files\BTH\StartSkysolSvc.exe [27.12.2007 15:39 51816]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [15.9.2013 12:40 5093216]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ArcGIS\License10.0\overwrites\lmgrd.exe [21.4.2013 20:19 1377104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [29.3.2013 15:04 17408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 13:34 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.190.94.59 89.190.64.20
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://31.133.9.23/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\zag3joi0.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-08 22:45
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1356)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2014-03-08 22:46:23
ComboFix-quarantined-files.txt 2014-03-08 21:46
.
Před spuštěním: Volných bajtů: 27 333 144 576
Po spuštění: Volných bajtů: 27 592 515 584
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 69D32B23A87E64A195A6FD9BA05A4ED0
413FC2A0C716421B3158746D63736515

Pokud byl timeout na >0< a nebyly problémy, můžete. CF nastavuje systém na default. Tu karanténu AV rovněž můžete smazat.

Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

Reboot::

Uložte na plochu jako CFScript.txt. Pak je myší přetáhněte nad ikonu Comobfix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 14-03-05.01 - Honza 09.03.2014 12:44:03.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.990.77 [GMT 1:00]
Spuštěný z: d:\honza\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\honza\Plocha\CFScript.txt
AV: ESET Smart Security 7.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personální firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleanup.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-09 do 2014-03-09 )))))))))))))))))))))))))))))))
.
.
2014-03-08 19:05 . 2014-03-08 19:49 -------- d-----w- C:\FRST
2014-03-08 11:38 . 2014-03-08 11:39 -------- d-----w- c:\documents and settings\Mamka\Local Settings\Data aplikací\Adobe
2014-03-08 11:28 . 2014-03-08 11:28 -------- d-----w- c:\windows\system32\wbem\Repository
2014-03-08 11:09 . 2014-03-08 11:09 -------- d-----w- C:\ATI
2014-03-08 10:38 . 2014-03-08 10:38 -------- d-----w- c:\program files\ATI
2014-03-04 18:43 . 2014-03-04 18:43 -------- d-----w- c:\documents and settings\Tatka\Local Settings\Data aplikací\ESET
2014-03-04 18:43 . 2014-03-04 18:43 -------- d-----w- c:\documents and settings\Tatka\Data aplikací\ESET
2014-03-04 15:03 . 2014-03-04 15:03 -------- d-----w- c:\documents and settings\Mamka\Local Settings\Data aplikací\ESET
2014-03-04 15:03 . 2014-03-04 15:03 -------- d-----w- c:\documents and settings\Mamka\Data aplikací\ESET
2014-03-04 13:32 . 2014-03-04 13:32 -------- d-----w- c:\documents and settings\Honza\Data aplikací\library_dir
2014-03-04 13:06 . 2014-03-04 13:06 -------- d-----w- c:\documents and settings\Honza\Local Settings\Data aplikací\ESET
2014-03-04 13:06 . 2014-03-04 13:06 -------- d-----w- c:\documents and settings\Honza\Data aplikací\ESET
2014-03-04 13:04 . 2014-03-04 13:04 -------- d-----w- c:\program files\ESET
2014-03-04 13:04 . 2014-03-04 13:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2014-03-04 12:58 . 2014-03-04 12:58 -------- d-----w- c:\program files\Common Files\Java
2014-03-04 12:57 . 2014-03-04 12:57 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-03-04 12:57 . 2014-03-04 12:57 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-04 12:57 . 2014-03-04 12:57 -------- d-----w- c:\program files\Java
2014-02-23 15:27 . 2014-02-25 19:36 -------- d-----w- c:\documents and settings\Tatka\Data aplikací\Skype
2014-02-19 21:36 . 2014-03-08 11:08 -------- d-----w- c:\documents and settings\Honza\Data aplikací\Skype
2014-02-19 16:46 . 2014-02-19 16:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Bluetooth
2014-02-19 16:43 . 2014-02-19 16:43 -------- d-----w- c:\program files\BTH
2014-02-15 15:01 . 2014-02-15 15:01 -------- d-----w- c:\documents and settings\Mamka\Data aplikací\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-08 11:39 . 2013-03-29 20:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-08 11:39 . 2013-03-29 20:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-23 09:13 . 2013-12-23 09:13 756 ----a-w- C:\backup.reg
2013-12-23 09:13 . 2013-12-23 09:13 574 ----a-w- C:\cleanup.bat
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\BTH\gprs.exe [2007-12-27 43608]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\BTH\\BlueSoleil.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29.3.2013 16:00 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [17.9.2013 15:17 134248]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [15.2.2009 23:26 660768]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.9.2013 12:06 1337752]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [30.3.2013 17:05 99896]
R2 Start BT in service;Start BT in service;c:\program files\BTH\StartSkysolSvc.exe [27.12.2007 15:39 51816]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [15.9.2013 12:40 5093216]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ArcGIS\License10.0\overwrites\lmgrd.exe [21.4.2013 20:19 1377104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [29.3.2013 15:04 17408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 13:34 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.190.94.59 89.190.64.20
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://31.133.9.23/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\zag3joi0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-09 13:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1360)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2192)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\BTH\BTNtService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TeamViewer\Version8\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\program files\TeamViewer\Version8\tv_w32.exe
c:\windows\RTHDCPL.EXE
c:\windows\MHotkey.exe
c:\program files\BTH\BlueSoleil.exe
c:\windows\ChiFuncExt.exe
c:\program files\BTH\BlueSoleil VoIP Plugin.exe
.
**************************************************************************
.
Celkový čas: 2014-03-09 13:09:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-09 12:09
ComboFix2.txt 2014-03-08 21:46
.
Před spuštěním: Volných bajtů: 27 595 186 176
Po spuštění: Volných bajtů: 27 591 647 232
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 129B02AF55C41B15483999EEBB5AFACD
413FC2A0C716421B3158746D63736515

Smazáno. Nastala nějaká změna?

Podle mamky se to zdá lepší, díky za pomoc.

Úklid běžný? (Combofix /Uninstall, T-Cleaner + CCleaner)?

Dneska se mi začal zpomalovat internet zase na mým notebooku, někdy nechce načítat stránky ani po opakovaným refreshi, nebo to trvá dlouho - pingy normální... mám na to zakládat nový téma, nebo bych mohl poprosit o rychlo-prohlídku zde? Za oba počítače se pak budu revanšovat malým příspěvkem.

Ještě bych měl jeden dotaz: žádal jsem o přijetí do skupiny vzorných návštěvníků, ale tamní správcové ještě žádost nevyřídili (a už to nějaký týden je)... mohl bych poprosit o schválení/odmítnutí, prosím? Díky.

Podle mamky se to zdá lepší, díky za pomoc.

Není zač!

Úklid běžný? (Combofix /Uninstall, T-Cleaner + CCleaner)?

Ano.

Dneska se mi začal zpomalovat internet zase na mým notebooku, někdy nechce načítat stránky ani po opakovaným refreshi, nebo to trvá dlouho - pingy normální... mám na to zakládat nový téma, nebo bych mohl poprosit o rychlo-prohlídku zde? Za oba počítače se pak budu revanšovat malým příspěvkem.

Log klidně dejte sem.

Ještě bych měl jeden dotaz: žádal jsem o přijetí do skupiny vzorných návštěvníků, ale tamní správcové ještě žádost nevyřídili (a už to nějaký týden je)... mohl bych poprosit o schválení/odmítnutí, prosím? Díky.

Upozorním kolegu, který to má na starosti

Ja to sice priamo na starosti nemam, ale vidim od kolegov poznamky o porusovani pravidiel fora, tak by som sa moc necudoval, ak ziadost schvalena nebola.
4Rudy: Podrobnosti v internej sekcii.

Ano, dřív jsem se tu bohužel něčeho dopustil, to je pravda. Rád bych ale už sekal dobrotu Je možné, že ta žádost stojí kvůli tomu, to nevím... samozřejmě pokud ji zamítnete, pochopím to. Mě šlo spíš o to, jestli se to třeba někam nezatoulalo.

log z RSIT z toho druhého notebooku. Předem děkuji za pomoc.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Honza at 2014-03-09 19:16:33
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 20 GB (34%) free of 60 GB
Total RAM: 4007 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:37, on 9.3.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\server\apache\bin\ApacheMonitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Honza\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\YTD\ytd.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Honza.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: ApacheMonitor.exe – zástupce.lnk = C:\server\apache\bin\ApacheMonitor.exe
O4 - Startup: mousemeter.cmd
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2.4 - Apache Software Foundation - C:\server\apache\bin\httpd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\server\mysql\bin\mysqld (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10793 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f1312071-0425-4b68-884a-8e42bec3e899 -SystemEventPortName:HostProcess-f3279e3f-c0bf-4985-981a-3a858ffa776d -IoCancelEventPortName:HostProcess-65c2bf31-0e2b-4853-bd20-9ad8e3a4bc63 -NonStateChangingEventPortName:HostProcess-ee357073-f091-4446-9d53-ad461ff7bae8 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:edfa68ab-ea3c-462c-8fb0-e76bbb5a4bc5
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service
"taskhost.exe"
"C:\server\apache\bin\httpd.exe" -k runservice
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
C:\Windows\system32\CxAudMsg64.exe
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\server\mysql\bin\mysqld" --defaults-file="C:\server\mysql\my.ini" MySQL
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\SysWOW64\SAsrv.exe
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe"
C:\Windows\SysWOW64\vmnat.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe"
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\server\apache\bin\httpd.exe -d C:/server/apache
taskeng.exe {4142DC5C-F23D-4C75-861A-360001905872}
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
"C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\\SRORest.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" -EMBEDDING
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\server\apache\bin\ApacheMonitor.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4836.0.420839024\1441636474" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2361 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.2.1457405806\1576846946" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.3.1805021967\1890122100" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.4.1722528423\833179596" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.5.596443757\1250171642" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.6.380530830\1625724930" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.7.1924263405\1387479258" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.8.1962746430\1911397867" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.9.241583787\1544478616" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.10.1923882204\1277258852" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.11.746272383\1984506669" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.12.538403325\2125799608" /prefetch:673131151
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\ThinkPad\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4836.18.1902297474\1442172665" --ppapi-flash-args --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.22.677545908\208454766" /prefetch:673131151
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Honza\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" --lang=cs --channel="4836.27.807941375\886816469" /prefetch:-390060480
"C:\Users\Honza\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\totalcmd\TOTALCMD64.EXE"
"taskhost.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\YTD\ytd.exe" --gui
"C:\Program Files (x86)\foobar2000\foobar2000.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.184.1068700097\849374496" /prefetch:673131151
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.255.309554799\1314093440" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.375.1038925377\1987980828" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --disable-accelerated-video-decode --channel="4836.383.261192792\1964800280" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.407.1335753551\180704516" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.408.1891206094\794185228" /prefetch:673131151
"C:\Program Files (x86)\PSPad editor\PSPad.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.439.2049525308\1708484856" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.448.2047302115\1724185296" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/WebGLDebugRendererInfo/enabled/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.466.363701360\867623496" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/WebGLDebugRendererInfo/enabled/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.476.1804480946\1874389128" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/WebGLDebugRendererInfo/enabled/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.481.1657642846\1131572575" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/WebGLDebugRendererInfo/enabled/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.483.850972000\5552079" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/WebGLDebugRendererInfo/enabled/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.485.909061929\961021437" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/WebGLDebugRendererInfo/enabled/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.487.2085186729\1949810481" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/WebGLDebugRendererInfo/enabled/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.489.898441434\1765312202" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group5 pct:10d stable:pp3 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/WebGLDebugRendererInfo/enabled/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="4836.491.1764859359\1800443802" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe68_ Global\UsGthrCtrlFltPipeMssGthrPipe68 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"D:\Plocha\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-04-26 310912]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-05-05 2785064]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-04-13 168216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-04-13 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-04-13 416024]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5618456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Device Detector 3.lnk - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe

C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ApacheMonitor.exe – zástupce.lnk - C:\server\apache\bin\ApacheMonitor.exe
mousemeter.cmd

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-04-10 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-02-11 4220304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - C:\Windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2014-03-09 19:16:33 ----D---- C:\rsit
2014-03-01 22:18:41 ----D---- C:\Program Files (x86)\NewtonDictate
2014-03-01 20:53:27 ----A---- C:\Windows\SYSWOW64\VNUSB.dll
2014-03-01 20:53:27 ----A---- C:\Windows\SYSWOW64\STRDEVAPI.dll
2014-03-01 20:53:27 ----A---- C:\Windows\SYSWOW64\OdiOlDVR.dll
2014-03-01 20:53:27 ----A---- C:\Windows\SYSWOW64\OdiAPI.dll
2014-03-01 20:53:27 ----A---- C:\Windows\SYSWOW64\DW90USB.DLL
2014-03-01 20:53:27 ----A---- C:\Windows\SYSWOW64\drivers\VNUSB.sys
2014-03-01 20:53:27 ----A---- C:\Windows\SYSWOW64\drivers\DW90USB.SYS
2014-03-01 20:53:10 ----D---- C:\Program Files (x86)\Olympus
2014-03-01 20:43:34 ----D---- C:\Program Files\DIFX
2014-02-17 13:28:07 ----D---- C:\Users\Honza\AppData\Roaming\Jpeg Resampler

======List of files/folders modified in the last 1 months======

2014-03-09 19:16:37 ----D---- C:\Windows\Prefetch
2014-03-09 19:16:36 ----D---- C:\Program Files\trend micro
2014-03-09 19:10:33 ----D---- C:\Windows\Temp
2014-03-09 15:39:08 ----D---- C:\Windows\system32\config
2014-03-08 21:51:23 ----D---- C:\Users\Honza\AppData\Roaming\vlc
2014-03-08 21:43:08 ----D---- C:\Users\Honza\AppData\Roaming\YouTube Downloader
2014-03-08 13:06:58 ----SHD---- C:\System Volume Information
2014-03-07 08:43:27 ----D---- C:\Windows\System32
2014-03-07 08:43:27 ----D---- C:\Windows\inf
2014-03-07 08:43:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-06 18:39:40 ----A---- C:\Windows\SYSWOW64\log.txt
2014-03-06 18:37:14 ----D---- C:\ProgramData\VMware
2014-03-06 18:33:18 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-03-03 09:27:12 ----D---- C:\Program Files\Recuva
2014-03-01 22:18:41 ----RD---- C:\Program Files (x86)
2014-03-01 20:54:10 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-03-01 20:53:27 ----D---- C:\Windows\SYSWOW64\drivers
2014-03-01 20:53:27 ----D---- C:\Windows\SysWOW64
2014-03-01 20:43:34 ----RD---- C:\Program Files
2014-03-01 20:43:34 ----D---- C:\Windows\system32\catroot
2014-03-01 20:43:33 ----D---- C:\Windows\system32\drivers
2014-03-01 20:43:27 ----D---- C:\Windows\system32\DriverStore
2014-03-01 20:43:05 ----D---- C:\Windows
2014-03-01 11:17:22 ----D---- C:\Users\Honza\AppData\Roaming\VMware
2014-03-01 10:57:37 ----D---- C:\Windows\Minidump
2014-03-01 10:55:19 ----D---- C:\Program Files\WhoCrashed
2014-02-18 17:17:07 ----D---- C:\Windows\system32\Tasks
2014-02-18 17:16:38 ----RSD---- C:\Windows\Fonts
2014-02-18 17:16:23 ----D---- C:\Program Files (x86)\TeamViewer
2014-02-17 20:42:56 ----D---- C:\Users\Honza\AppData\Roaming\dvdcss
2014-02-10 10:25:04 ----D---- C:\Windows\Microsoft.NET
2014-02-10 10:14:10 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 62136]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-16 283064]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 239320]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 44120]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-09-17 220232]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2010-09-21 38448]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
R2 vmci;VMware vmci; \??\C:\Windows\system32\drivers\vmci.sys [2010-09-21 80944]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-09-20 45104]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2010-09-21 30256]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2010-09-21 68656]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [2010-08-19 32816]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2011-03-24 1576064]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2011-02-01 39024]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-04-10 12223936]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNv64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETwNv64.sys [2011-01-06 8300032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-11-23 648808]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-05-05 1439792]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2010-09-21 31792]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S3 ampa;ampa; \??\C:\Windows\system32\ampa.sys [2013-11-29 17008]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-04-27 150568]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2011-04-27 164392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-04-27 21544]
S3 kardelia;Rootkit Unhooker Driver; C:\Windows\system32\drivers\kardelia.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-09-20 20016]
S3 VNUSB;VN Series Device; C:\Windows\System32\Drivers\VNUSB.sys [2009-09-29 22528]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2009-02-15 660768]
R2 Apache2.4;Apache2.4; C:\server\apache\bin\httpd.exe [2013-02-23 22016]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-04-27 968480]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-16 198784]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-09-12 1337752]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2011-02-01 45928]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
R2 MySQL;MySQL; C:\server\mysql\bin\mysqld --defaults-file=C:\server\mysql\my.ini MySQL []
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-02-11 129624]
R2 SROSVC;Screen Reading Optimizer Service Program; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-03-05 446800]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-17 4915040]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 144232]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [2010-09-21 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2010-09-21 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2010-09-21 404016]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-01-08 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ufad-ws60;VMware Agent Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [2010-08-19 191024]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]

-----------------EOF-----------------

had12 píše:...Mě šlo spíš o to, jestli se to třeba někam nezatoulalo.

Nie, nie, nezatulalo, forum je spravovane zodpovedne

Ok, ok, díky, pak tiše mlčím - jako bych nic neřekl.

Správně uvažujete, vaše žádost právě kvůli tomu nebyla schválena. K druhému logu:

Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.