Logfile of random's system information tool 1.09 (written by random/random)
Run by Milena at 2012-01-24 20:02:29
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 67 GB (46%) free of 146 GB
Total RAM: 1014 MB (19% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:03:39, on 24. 1. 2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\Milena\Desktop\RSIT.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Milena.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.4shared.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: 4sharedExt - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files\4shared Toolbar\4sharedExt.dll
O3 - Toolbar: 4shared Toolbar - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files\4shared Toolbar\4sharedbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Milena\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
O8 - Extra context menu item: &4shared Search - res://C:\Program Files\4shared Toolbar\4sharedbar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9403 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000UA.job
C:\Windows\tasks\iMeshNAG.job
C:\Windows\tasks\User_Feed_Synchronization-{6EE33CBC-54F2-4C2A-BC78-35CDC93C21F0}.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default
prefs.js - "browser.startup.homepage" - "www.pokec.sk"
prefs.js - "extensions.enabledItems" - "battlefieldheroespatcher@ea.com:5.0.127.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
aboutRights.js
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npnul32.dll
NPOFF12.DLL
NPOFFICE.DLL
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default\extensions\
battlefieldheroespatcher@ea.com
{20a82645-c095-46ed-80e3-08825760534b}
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
C:\Users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default\searchplugins\
daemon-search.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D}]
4sharedExt - C:\Program Files\4shared Toolbar\4sharedExt.dll [2011-11-02 121856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95080B13-AA71-4EE8-B951-7E98221E1ED5} - 4shared Toolbar - C:\Program Files\4shared Toolbar\4sharedbar.dll [2011-11-02 233984]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-09 4390912]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-23 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"EzPrint"=C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-06-08 94208]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-10-10 36352]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\Milena\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 136176]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=0 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=
"VIDC.IV41"=IR41_32.AX
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-01-24 20:02:32 ----D---- C:\Program Files\trend micro
2012-01-24 20:02:29 ----D---- C:\rsit
2012-01-24 18:06:22 ----D---- C:\Program Files\CCleaner
2012-01-24 14:01:04 ----D---- C:\Users\Milena\AppData\Roaming\SUPERAntiSpyware.com
2012-01-24 14:00:27 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-01-24 14:00:27 ----D---- C:\Program Files\SUPERAntiSpyware
2012-01-24 13:43:46 ----ASH---- C:\hiberfil.sys
2012-01-23 14:25:03 ----A---- C:\Windows\system32\winhttp.dll
2012-01-23 14:25:03 ----A---- C:\Windows\system32\schannel.dll
2012-01-23 14:25:01 ----A---- C:\Windows\system32\secur32.dll
2012-01-23 14:25:01 ----A---- C:\Windows\system32\lsass.exe
2012-01-23 14:25:01 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-23 14:25:00 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-11 12:36:17 ----A---- C:\Windows\system32\winmm.dll
2012-01-11 12:36:16 ----A---- C:\Windows\system32\mciseq.dll
2012-01-11 12:36:14 ----A---- C:\Windows\system32\ntdll.dll
2012-01-11 12:35:47 ----A---- C:\Windows\system32\packager.dll
2012-01-11 12:35:43 ----A---- C:\Windows\system32\winsrv.dll
2012-01-11 12:35:18 ----A---- C:\Windows\system32\jscript.dll
2012-01-11 12:35:15 ----A---- C:\Windows\system32\quartz.dll
2012-01-11 12:35:14 ----A---- C:\Windows\system32\qdvd.dll
2011-12-25 14:23:48 ----A---- C:\Windows\system32\CmdLineExt.dll
2011-12-25 14:23:19 ----D---- C:\ProgramData\Media Center Programs
2011-12-25 14:03:52 ----D---- C:\Program Files\THQ
2011-12-25 14:03:48 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-12-25 14:03:46 ----A---- C:\Windows\system32\xinput1_2.dll
2011-12-25 14:03:46 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-12-25 14:03:46 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-12-25 14:03:28 ----A---- C:\Windows\system32\xinput1_1.dll
2011-12-25 14:03:27 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-12-25 14:02:57 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-12-25 14:02:56 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-12-25 14:02:56 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-12-25 14:02:54 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-12-25 14:02:52 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-12-25 14:02:49 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-12-25 14:02:48 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-12-25 14:02:45 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-12-25 14:02:43 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-12-25 13:57:28 ----D---- C:\Users\Milena\AppData\Roaming\InstallShield
======List of files/folders modified in the last 1 month======
2012-01-24 20:02:55 ----D---- C:\Windows\Prefetch
2012-01-24 20:02:38 ----D---- C:\Windows\Temp
2012-01-24 20:02:32 ----RD---- C:\Program Files
2012-01-24 20:01:36 ----D---- C:\Windows\inf
2012-01-24 18:49:32 ----SHD---- C:\System Volume Information
2012-01-24 18:14:26 ----D---- C:\Windows
2012-01-24 18:08:52 ----D---- C:\Users\Milena\AppData\Roaming\DAEMON Tools Pro
2012-01-24 18:08:50 ----D---- C:\Users\Milena\AppData\Roaming\Winamp
2012-01-24 18:08:40 ----D---- C:\Users\Milena\AppData\Roaming\Skype
2012-01-24 18:08:02 ----D---- C:\Windows\panther
2012-01-24 18:08:02 ----D---- C:\Windows\ModemLogs
2012-01-24 18:07:55 ----D---- C:\Windows\Minidump
2012-01-24 18:07:55 ----D---- C:\Windows\Debug
2012-01-24 15:22:19 ----D---- C:\Stiahnuté veci z NETu
2012-01-24 14:03:46 ----D---- C:\Windows\System32
2012-01-24 14:03:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-24 14:01:04 ----HD---- C:\ProgramData
2012-01-24 13:46:48 ----A---- C:\Windows\NeroDigital.ini
2012-01-24 03:23:50 ----D---- C:\Windows\system32\drivers
2012-01-24 03:04:05 ----D---- C:\Windows\winsxs
2012-01-15 16:27:02 ----D---- C:\Program Files\Mozilla Firefox
2012-01-12 10:24:18 ----D---- C:\Windows\system32\catroot2
2012-01-12 03:33:22 ----D---- C:\Windows\system32\catroot
2012-01-12 03:30:04 ----D---- C:\Program Files\Windows Mail
2012-01-12 03:30:03 ----D---- C:\Windows\ehome
2012-01-12 03:14:10 ----SHD---- C:\Windows\Installer
2012-01-12 03:14:10 ----HD---- C:\Config.Msi
2012-01-12 03:09:21 ----A---- C:\Windows\system32\mrt.exe
2012-01-12 03:07:52 ----D---- C:\ProgramData\Microsoft Help
2012-01-08 03:33:41 ----D---- C:\Windows\Microsoft.NET
2012-01-08 03:27:39 ----RSD---- C:\Windows\assembly
2011-12-25 14:24:34 ----D---- C:\Temp
2011-12-25 13:59:30 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-07-31 721904]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-08-22 21638]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-12 1747936]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 aouuoqor;aouuoqor; C:\Windows\system32\drivers\aouuoqor.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-03-18 61704]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 73096]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
S3 mr97310c;CIF Dual-Mode Camera; C:\Windows\system32\DRIVERS\mr97310c.sys [2005-04-11 121472]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 2216448]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-23 262243]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2008-05-08 122880]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-23 106593]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
Velka vdaka
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim - Kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosim - Kontrola logu
Zdravim a pekny vecer preji 
Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit
Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: prosim - Kontrola logu
info.txt logfile of random's system information tool 1.09 2012-01-24 20:03:44
======Uninstall list======
Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
4shared Toolbar-->"C:\Program Files\4shared Toolbar\uninstall.exe"
Active PIxels 2 Freeware-->"C:\Program Files\Idea Systems\unins000.exe"
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Aktualizácia Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {9A8C39B0-D27F-4F81-BE74-2FECF164707E}
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {CE23B3DC-18CC-46FC-A309-81D6670F8D3D}
Aktualizácia Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
ESET NOD32 Antivirus-->MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
ESU for Microsoft Vista-->MsiExec.exe /X{56301F52-AE3D-4300-9849-EABC731ECBD6}
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0005 uninst
HP QuickPlay 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0057-->MsiExec.exe /I{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hunting Unlimited 2008-->"C:\Program Files\Hunting Unlimited 2008\unins000.exe"
Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
K-Lite Codec Pack 3.9.5 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB2656353)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9012041B-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Works-->MsiExec.exe /I{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}
Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /X{5BE3CB1F-54CA-4E7B-BCAE-CE7ED108E7B2}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Ultra Edition-->MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671051}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)-->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}
Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}
Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Supreme Commander-->C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {48202D27-A6D4-4264-A184-51A6E8AD7C40}
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}
Update for Microsoft Office Outlook 2007 (KB2583910)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BDC21583-5601-4B2B-88F3-7919F6DE8FB1}
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{5EFDB4FA-726C-4F06-AC39-11FCEDAF5ABE}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: ESET NOD32 Antivirus 3.0
FW: ESET personal firewall
AS: ESET NOD32 Antivirus 3.0
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
======System event log======
Computer Name: Milena-PC
Event Code: 7036
Message: Stav služby Windows Update byl změněn na: Spuštěno
Record Number: 266198
Source Name: Service Control Manager
Time Written: 20101230095840.000000-000
Event Type: Informace
User:
Computer Name: Milena-PC
Event Code: 537
Message: V tomto počítači nebylo nalezeno kompatibilní zařízení zabezpečení TMP (Trusted Platform Module). Službu TBS nebylo možné spustit.
Record Number: 266197
Source Name: Microsoft-Windows-TBS
Time Written: 20101230095838.149513-000
Event Type: Informace
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Milena-PC
Event Code: 7036
Message: Stav služby Centrum zabezpečení byl změněn na: Spuštěno
Record Number: 266196
Source Name: Service Control Manager
Time Written: 20101230095838.000000-000
Event Type: Informace
User:
Computer Name: Milena-PC
Event Code: 7036
Message: Stav služby Služba TPM Base Services byl změněn na: Zastaveno
Record Number: 266195
Source Name: Service Control Manager
Time Written: 20101230095838.000000-000
Event Type: Informace
User:
Computer Name: Milena-PC
Event Code: 7036
Message: Stav služby Služba KTMRM pro koordinátor DTC byl změněn na: Spuštěno
Record Number: 266194
Source Name: Service Control Manager
Time Written: 20101230095838.000000-000
Event Type: Informace
User:
=====Application event log=====
Computer Name: Milena-PC
Event Code: 1532
Message: Služba Profil uživatele byla zastavena.
Record Number: 12133
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080419100918.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Milena-PC
Event Code: 1530
Message: Systém Windows zjistil, že soubor registru je stále používán jinými aplikacemi nebo službami. Soubor bude nyní uvolněn. Aplikace nebo služby, které soubor registru používají, nemusejí potom fungovat správně.
PODROBNOSTI –
1 user registry handles leaked from \Registry\User\S-1-5-21-2721631577-2496924507-1619228457-1000_Classes:
Process 924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2721631577-2496924507-1619228457-1000_CLASSES
Record Number: 12132
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080419100914.000000-000
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM
Computer Name: Milena-PC
Event Code: 1530
Message: Systém Windows zjistil, že soubor registru je stále používán jinými aplikacemi nebo službami. Soubor bude nyní uvolněn. Aplikace nebo služby, které soubor registru používají, nemusejí potom fungovat správně.
PODROBNOSTI –
1 user registry handles leaked from \Registry\User\S-1-5-21-2721631577-2496924507-1619228457-1000:
Process 924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2721631577-2496924507-1619228457-1000
Record Number: 12131
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080419100913.000000-000
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM
Computer Name: Milena-PC
Event Code: 6000
Message: Odběratel oznámení přihlašování do systému Windows <SessionEnv> nemohl zpracovat událost upozornění.
Record Number: 12130
Source Name: Microsoft-Windows-Winlogon
Time Written: 20080419100913.000000-000
Event Type: Informace
User:
Computer Name: Milena-PC
Event Code: 9009
Message: Správce oken plochy byl ukončen s kódem (0x40010004).
Record Number: 12129
Source Name: Desktop Window Manager
Time Written: 20080419100912.000000-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: Milena-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MILENA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Účet, jehož pověření bylo použito:
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Cílový server:
Název cílového serveru: localhost
Další informace: localhost
Informace o procesu:
ID procesu: 0x288
Název procesu: C:\Windows\System32\services.exe
Informace o síti:
Síťová adresa: -
Port: -
Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 42827
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101001062957.910299-000
Event Type: Úspěch auditu
User:
Computer Name: Milena-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 42826
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101001062957.879099-000
Event Type: Úspěch auditu
User:
Computer Name: Milena-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MILENA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
Typ přihlášení: 5
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x288
Název procesu: C:\Windows\System32\services.exe
Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 42825
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101001062957.879099-000
Event Type: Úspěch auditu
User:
Computer Name: Milena-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MILENA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Účet, jehož pověření bylo použito:
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Cílový server:
Název cílového serveru: localhost
Další informace: localhost
Informace o procesu:
ID procesu: 0x288
Název procesu: C:\Windows\System32\services.exe
Informace o síti:
Síťová adresa: -
Port: -
Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 42824
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101001062957.879099-000
Event Type: Úspěch auditu
User:
Computer Name: Milena-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.
Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5
Oprávnění: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 42823
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101001062957.801099-000
Event Type: Úspěch auditu
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=1
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
-----------------EOF-----------------
======Uninstall list======
Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
4shared Toolbar-->"C:\Program Files\4shared Toolbar\uninstall.exe"
Active PIxels 2 Freeware-->"C:\Program Files\Idea Systems\unins000.exe"
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Aktualizácia Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {9A8C39B0-D27F-4F81-BE74-2FECF164707E}
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {CE23B3DC-18CC-46FC-A309-81D6670F8D3D}
Aktualizácia Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
ESET NOD32 Antivirus-->MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
ESU for Microsoft Vista-->MsiExec.exe /X{56301F52-AE3D-4300-9849-EABC731ECBD6}
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0005 uninst
HP QuickPlay 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0057-->MsiExec.exe /I{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hunting Unlimited 2008-->"C:\Program Files\Hunting Unlimited 2008\unins000.exe"
Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
K-Lite Codec Pack 3.9.5 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB2656353)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9012041B-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Works-->MsiExec.exe /I{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}
Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /X{5BE3CB1F-54CA-4E7B-BCAE-CE7ED108E7B2}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Ultra Edition-->MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671051}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)-->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}
Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}
Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Supreme Commander-->C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {48202D27-A6D4-4264-A184-51A6E8AD7C40}
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}
Update for Microsoft Office Outlook 2007 (KB2583910)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BDC21583-5601-4B2B-88F3-7919F6DE8FB1}
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{5EFDB4FA-726C-4F06-AC39-11FCEDAF5ABE}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: ESET NOD32 Antivirus 3.0
FW: ESET personal firewall
AS: ESET NOD32 Antivirus 3.0
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
======System event log======
Computer Name: Milena-PC
Event Code: 7036
Message: Stav služby Windows Update byl změněn na: Spuštěno
Record Number: 266198
Source Name: Service Control Manager
Time Written: 20101230095840.000000-000
Event Type: Informace
User:
Computer Name: Milena-PC
Event Code: 537
Message: V tomto počítači nebylo nalezeno kompatibilní zařízení zabezpečení TMP (Trusted Platform Module). Službu TBS nebylo možné spustit.
Record Number: 266197
Source Name: Microsoft-Windows-TBS
Time Written: 20101230095838.149513-000
Event Type: Informace
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Milena-PC
Event Code: 7036
Message: Stav služby Centrum zabezpečení byl změněn na: Spuštěno
Record Number: 266196
Source Name: Service Control Manager
Time Written: 20101230095838.000000-000
Event Type: Informace
User:
Computer Name: Milena-PC
Event Code: 7036
Message: Stav služby Služba TPM Base Services byl změněn na: Zastaveno
Record Number: 266195
Source Name: Service Control Manager
Time Written: 20101230095838.000000-000
Event Type: Informace
User:
Computer Name: Milena-PC
Event Code: 7036
Message: Stav služby Služba KTMRM pro koordinátor DTC byl změněn na: Spuštěno
Record Number: 266194
Source Name: Service Control Manager
Time Written: 20101230095838.000000-000
Event Type: Informace
User:
=====Application event log=====
Computer Name: Milena-PC
Event Code: 1532
Message: Služba Profil uživatele byla zastavena.
Record Number: 12133
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080419100918.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: Milena-PC
Event Code: 1530
Message: Systém Windows zjistil, že soubor registru je stále používán jinými aplikacemi nebo službami. Soubor bude nyní uvolněn. Aplikace nebo služby, které soubor registru používají, nemusejí potom fungovat správně.
PODROBNOSTI –
1 user registry handles leaked from \Registry\User\S-1-5-21-2721631577-2496924507-1619228457-1000_Classes:
Process 924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2721631577-2496924507-1619228457-1000_CLASSES
Record Number: 12132
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080419100914.000000-000
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM
Computer Name: Milena-PC
Event Code: 1530
Message: Systém Windows zjistil, že soubor registru je stále používán jinými aplikacemi nebo službami. Soubor bude nyní uvolněn. Aplikace nebo služby, které soubor registru používají, nemusejí potom fungovat správně.
PODROBNOSTI –
1 user registry handles leaked from \Registry\User\S-1-5-21-2721631577-2496924507-1619228457-1000:
Process 924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2721631577-2496924507-1619228457-1000
Record Number: 12131
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080419100913.000000-000
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM
Computer Name: Milena-PC
Event Code: 6000
Message: Odběratel oznámení přihlašování do systému Windows <SessionEnv> nemohl zpracovat událost upozornění.
Record Number: 12130
Source Name: Microsoft-Windows-Winlogon
Time Written: 20080419100913.000000-000
Event Type: Informace
User:
Computer Name: Milena-PC
Event Code: 9009
Message: Správce oken plochy byl ukončen s kódem (0x40010004).
Record Number: 12129
Source Name: Desktop Window Manager
Time Written: 20080419100912.000000-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: Milena-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MILENA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Účet, jehož pověření bylo použito:
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Cílový server:
Název cílového serveru: localhost
Další informace: localhost
Informace o procesu:
ID procesu: 0x288
Název procesu: C:\Windows\System32\services.exe
Informace o síti:
Síťová adresa: -
Port: -
Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 42827
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101001062957.910299-000
Event Type: Úspěch auditu
User:
Computer Name: Milena-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 42826
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101001062957.879099-000
Event Type: Úspěch auditu
User:
Computer Name: Milena-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MILENA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
Typ přihlášení: 5
Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x288
Název procesu: C:\Windows\System32\services.exe
Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -
Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 42825
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101001062957.879099-000
Event Type: Úspěch auditu
User:
Computer Name: Milena-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MILENA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Účet, jehož pověření bylo použito:
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Cílový server:
Název cílového serveru: localhost
Další informace: localhost
Informace o procesu:
ID procesu: 0x288
Název procesu: C:\Windows\System32\services.exe
Informace o síti:
Síťová adresa: -
Port: -
Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 42824
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101001062957.879099-000
Event Type: Úspěch auditu
User:
Computer Name: Milena-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.
Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5
Oprávnění: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 42823
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101001062957.801099-000
Event Type: Úspěch auditu
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=1
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
-----------------EOF-----------------
Re: prosim - Kontrola logu
Cetl jste pravidla fora?
Co udelame s tim nelegalnim NODem32
Co udelame s tim nelegalnim NODem32
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: prosim - Kontrola logu
Dobry den, ospravedlnujem sa, akosi som si to neuvedomil, nakolko ten nb nie je moj, snazim sa ho nejako vycistit. Danu aplikaciu som tam neinstaloval, nie je to moja praca.
Sam pouzivam Linux a volne dostupne prostriedky.
Dany software v dano notebooku nahradim niecim volne dostupnym...
Este raz sa ospravedlnujem
Sam pouzivam Linux a volne dostupne prostriedky.
Dany software v dano notebooku nahradim niecim volne dostupnym...
Este raz sa ospravedlnujem
Re: prosim - Kontrola logu
Fajn, odinstalujte nelegalni ESET, dejte free reseni (Avast, Avira ci MSE)
Pak poprosim o novy log z RSIT
Pak poprosim o novy log z RSIT
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: prosim - Kontrola logu
Novy log, (vymena NOD za avira)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Milena at 2012-01-24 23:19:15
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 66 GB (46%) free of 146 GB
Total RAM: 1014 MB (5% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:21:02, on 24. 1. 2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Milena\Desktop\RSIT.exe
C:\Program Files\trend micro\Milena.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.4shared.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: 4sharedExt - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files\4shared Toolbar\4sharedExt.dll
O3 - Toolbar: 4shared Toolbar - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files\4shared Toolbar\4sharedbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Milena\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
O8 - Extra context menu item: &4shared Search - res://C:\Program Files\4shared Toolbar\4sharedbar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9380 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000UA.job
C:\Windows\tasks\iMeshNAG.job
C:\Windows\tasks\User_Feed_Synchronization-{6EE33CBC-54F2-4C2A-BC78-35CDC93C21F0}.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default
prefs.js - "browser.startup.homepage" - "www.pokec.sk"
prefs.js - "extensions.enabledItems" - "battlefieldheroespatcher@ea.com:5.0.127.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
aboutRights.js
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npnul32.dll
NPOFF12.DLL
NPOFFICE.DLL
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default\extensions\
battlefieldheroespatcher@ea.com
{20a82645-c095-46ed-80e3-08825760534b}
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
C:\Users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default\searchplugins\
daemon-search.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D}]
4sharedExt - C:\Program Files\4shared Toolbar\4sharedExt.dll [2011-11-02 121856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95080B13-AA71-4EE8-B951-7E98221E1ED5} - 4shared Toolbar - C:\Program Files\4shared Toolbar\4sharedbar.dll [2011-11-02 233984]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-09 4390912]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-23 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-10-10 36352]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\Milena\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 136176]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-06-08 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=0 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=
"VIDC.IV41"=IR41_32.AX
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-01-24 22:59:24 ----D---- C:\Users\Milena\AppData\Roaming\Avira
2012-01-24 22:57:21 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2012-01-24 22:57:15 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2012-01-24 22:57:15 ----A---- C:\Windows\system32\drivers\avipbb.sys
2012-01-24 22:57:14 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2012-01-24 22:57:07 ----D---- C:\ProgramData\Avira
2012-01-24 22:57:07 ----D---- C:\Program Files\Avira
2012-01-24 20:02:32 ----D---- C:\Program Files\trend micro
2012-01-24 20:02:29 ----D---- C:\rsit
2012-01-24 18:06:22 ----D---- C:\Program Files\CCleaner
2012-01-24 14:01:04 ----D---- C:\Users\Milena\AppData\Roaming\SUPERAntiSpyware.com
2012-01-24 14:00:27 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-01-24 14:00:27 ----D---- C:\Program Files\SUPERAntiSpyware
2012-01-24 13:43:46 ----ASH---- C:\hiberfil.sys
2012-01-23 14:25:03 ----A---- C:\Windows\system32\winhttp.dll
2012-01-23 14:25:03 ----A---- C:\Windows\system32\schannel.dll
2012-01-23 14:25:01 ----A---- C:\Windows\system32\secur32.dll
2012-01-23 14:25:01 ----A---- C:\Windows\system32\lsass.exe
2012-01-23 14:25:01 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-23 14:25:00 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-11 12:36:17 ----A---- C:\Windows\system32\winmm.dll
2012-01-11 12:36:16 ----A---- C:\Windows\system32\mciseq.dll
2012-01-11 12:36:14 ----A---- C:\Windows\system32\ntdll.dll
2012-01-11 12:35:47 ----A---- C:\Windows\system32\packager.dll
2012-01-11 12:35:43 ----A---- C:\Windows\system32\winsrv.dll
2012-01-11 12:35:18 ----A---- C:\Windows\system32\jscript.dll
2012-01-11 12:35:15 ----A---- C:\Windows\system32\quartz.dll
2012-01-11 12:35:14 ----A---- C:\Windows\system32\qdvd.dll
2011-12-25 14:23:48 ----A---- C:\Windows\system32\CmdLineExt.dll
2011-12-25 14:23:19 ----D---- C:\ProgramData\Media Center Programs
2011-12-25 14:03:52 ----D---- C:\Program Files\THQ
2011-12-25 14:03:48 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-12-25 14:03:46 ----A---- C:\Windows\system32\xinput1_2.dll
2011-12-25 14:03:46 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-12-25 14:03:46 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-12-25 14:03:28 ----A---- C:\Windows\system32\xinput1_1.dll
2011-12-25 14:03:27 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-12-25 14:02:57 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-12-25 14:02:56 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-12-25 14:02:56 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-12-25 14:02:54 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-12-25 14:02:52 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-12-25 14:02:49 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-12-25 14:02:48 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-12-25 14:02:45 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-12-25 14:02:43 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-12-25 13:57:28 ----D---- C:\Users\Milena\AppData\Roaming\InstallShield
======List of files/folders modified in the last 1 month======
2012-01-24 23:20:26 ----D---- C:\Windows\Prefetch
2012-01-24 23:19:23 ----D---- C:\Windows\Temp
2012-01-24 23:09:54 ----D---- C:\Windows
2012-01-24 23:06:03 ----SHD---- C:\System Volume Information
2012-01-24 22:58:04 ----D---- C:\Windows\system32\catroot
2012-01-24 22:57:21 ----D---- C:\Windows\system32\drivers
2012-01-24 22:57:07 ----RD---- C:\Program Files
2012-01-24 22:57:07 ----HD---- C:\ProgramData
2012-01-24 22:56:44 ----SHD---- C:\Windows\Installer
2012-01-24 22:56:44 ----HD---- C:\Config.Msi
2012-01-24 22:56:44 ----D---- C:\Windows\System32
2012-01-24 22:42:09 ----D---- C:\Windows\inf
2012-01-24 18:08:52 ----D---- C:\Users\Milena\AppData\Roaming\DAEMON Tools Pro
2012-01-24 18:08:50 ----D---- C:\Users\Milena\AppData\Roaming\Winamp
2012-01-24 18:08:40 ----D---- C:\Users\Milena\AppData\Roaming\Skype
2012-01-24 18:08:02 ----D---- C:\Windows\panther
2012-01-24 18:08:02 ----D---- C:\Windows\ModemLogs
2012-01-24 18:07:55 ----D---- C:\Windows\Minidump
2012-01-24 18:07:55 ----D---- C:\Windows\Debug
2012-01-24 15:22:19 ----D---- C:\Stiahnuté veci z NETu
2012-01-24 14:03:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-24 13:46:48 ----A---- C:\Windows\NeroDigital.ini
2012-01-24 03:04:05 ----D---- C:\Windows\winsxs
2012-01-15 16:27:02 ----D---- C:\Program Files\Mozilla Firefox
2012-01-12 10:24:18 ----D---- C:\Windows\system32\catroot2
2012-01-12 03:30:04 ----D---- C:\Program Files\Windows Mail
2012-01-12 03:30:03 ----D---- C:\Windows\ehome
2012-01-12 03:09:21 ----A---- C:\Windows\system32\mrt.exe
2012-01-12 03:07:52 ----D---- C:\ProgramData\Microsoft Help
2012-01-08 03:33:41 ----D---- C:\Windows\Microsoft.NET
2012-01-08 03:27:39 ----RSD---- C:\Windows\assembly
2011-12-25 14:24:34 ----D---- C:\Temp
2011-12-25 13:59:30 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-07-31 721904]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-09-18 134344]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-08-22 21638]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-12 1747936]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 as9trtj0;as9trtj0; C:\Windows\system32\drivers\as9trtj0.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-03-18 61704]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 73096]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
S3 mr97310c;CIF Dual-Mode Camera; C:\Windows\system32\DRIVERS\mr97310c.sys [2005-04-11 121472]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 2216448]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-23 262243]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2008-05-08 122880]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-23 106593]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Milena at 2012-01-24 23:19:15
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 66 GB (46%) free of 146 GB
Total RAM: 1014 MB (5% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:21:02, on 24. 1. 2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Milena\Desktop\RSIT.exe
C:\Program Files\trend micro\Milena.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.4shared.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: 4sharedExt - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files\4shared Toolbar\4sharedExt.dll
O3 - Toolbar: 4shared Toolbar - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files\4shared Toolbar\4sharedbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Milena\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
O8 - Extra context menu item: &4shared Search - res://C:\Program Files\4shared Toolbar\4sharedbar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9380 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000UA.job
C:\Windows\tasks\iMeshNAG.job
C:\Windows\tasks\User_Feed_Synchronization-{6EE33CBC-54F2-4C2A-BC78-35CDC93C21F0}.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default
prefs.js - "browser.startup.homepage" - "www.pokec.sk"
prefs.js - "extensions.enabledItems" - "battlefieldheroespatcher@ea.com:5.0.127.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
aboutRights.js
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npnul32.dll
NPOFF12.DLL
NPOFFICE.DLL
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default\extensions\
battlefieldheroespatcher@ea.com
{20a82645-c095-46ed-80e3-08825760534b}
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
C:\Users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default\searchplugins\
daemon-search.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D}]
4sharedExt - C:\Program Files\4shared Toolbar\4sharedExt.dll [2011-11-02 121856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95080B13-AA71-4EE8-B951-7E98221E1ED5} - 4shared Toolbar - C:\Program Files\4shared Toolbar\4sharedbar.dll [2011-11-02 233984]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-09 4390912]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-23 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-10-10 36352]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\Milena\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 136176]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-06-08 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=0 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=
"VIDC.IV41"=IR41_32.AX
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-01-24 22:59:24 ----D---- C:\Users\Milena\AppData\Roaming\Avira
2012-01-24 22:57:21 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2012-01-24 22:57:15 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2012-01-24 22:57:15 ----A---- C:\Windows\system32\drivers\avipbb.sys
2012-01-24 22:57:14 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2012-01-24 22:57:07 ----D---- C:\ProgramData\Avira
2012-01-24 22:57:07 ----D---- C:\Program Files\Avira
2012-01-24 20:02:32 ----D---- C:\Program Files\trend micro
2012-01-24 20:02:29 ----D---- C:\rsit
2012-01-24 18:06:22 ----D---- C:\Program Files\CCleaner
2012-01-24 14:01:04 ----D---- C:\Users\Milena\AppData\Roaming\SUPERAntiSpyware.com
2012-01-24 14:00:27 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-01-24 14:00:27 ----D---- C:\Program Files\SUPERAntiSpyware
2012-01-24 13:43:46 ----ASH---- C:\hiberfil.sys
2012-01-23 14:25:03 ----A---- C:\Windows\system32\winhttp.dll
2012-01-23 14:25:03 ----A---- C:\Windows\system32\schannel.dll
2012-01-23 14:25:01 ----A---- C:\Windows\system32\secur32.dll
2012-01-23 14:25:01 ----A---- C:\Windows\system32\lsass.exe
2012-01-23 14:25:01 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-23 14:25:00 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-11 12:36:17 ----A---- C:\Windows\system32\winmm.dll
2012-01-11 12:36:16 ----A---- C:\Windows\system32\mciseq.dll
2012-01-11 12:36:14 ----A---- C:\Windows\system32\ntdll.dll
2012-01-11 12:35:47 ----A---- C:\Windows\system32\packager.dll
2012-01-11 12:35:43 ----A---- C:\Windows\system32\winsrv.dll
2012-01-11 12:35:18 ----A---- C:\Windows\system32\jscript.dll
2012-01-11 12:35:15 ----A---- C:\Windows\system32\quartz.dll
2012-01-11 12:35:14 ----A---- C:\Windows\system32\qdvd.dll
2011-12-25 14:23:48 ----A---- C:\Windows\system32\CmdLineExt.dll
2011-12-25 14:23:19 ----D---- C:\ProgramData\Media Center Programs
2011-12-25 14:03:52 ----D---- C:\Program Files\THQ
2011-12-25 14:03:48 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-12-25 14:03:46 ----A---- C:\Windows\system32\xinput1_2.dll
2011-12-25 14:03:46 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-12-25 14:03:46 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-12-25 14:03:28 ----A---- C:\Windows\system32\xinput1_1.dll
2011-12-25 14:03:27 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-12-25 14:02:57 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-12-25 14:02:56 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-12-25 14:02:56 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-12-25 14:02:54 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-12-25 14:02:52 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-12-25 14:02:49 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-12-25 14:02:48 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-12-25 14:02:45 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-12-25 14:02:43 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-12-25 13:57:28 ----D---- C:\Users\Milena\AppData\Roaming\InstallShield
======List of files/folders modified in the last 1 month======
2012-01-24 23:20:26 ----D---- C:\Windows\Prefetch
2012-01-24 23:19:23 ----D---- C:\Windows\Temp
2012-01-24 23:09:54 ----D---- C:\Windows
2012-01-24 23:06:03 ----SHD---- C:\System Volume Information
2012-01-24 22:58:04 ----D---- C:\Windows\system32\catroot
2012-01-24 22:57:21 ----D---- C:\Windows\system32\drivers
2012-01-24 22:57:07 ----RD---- C:\Program Files
2012-01-24 22:57:07 ----HD---- C:\ProgramData
2012-01-24 22:56:44 ----SHD---- C:\Windows\Installer
2012-01-24 22:56:44 ----HD---- C:\Config.Msi
2012-01-24 22:56:44 ----D---- C:\Windows\System32
2012-01-24 22:42:09 ----D---- C:\Windows\inf
2012-01-24 18:08:52 ----D---- C:\Users\Milena\AppData\Roaming\DAEMON Tools Pro
2012-01-24 18:08:50 ----D---- C:\Users\Milena\AppData\Roaming\Winamp
2012-01-24 18:08:40 ----D---- C:\Users\Milena\AppData\Roaming\Skype
2012-01-24 18:08:02 ----D---- C:\Windows\panther
2012-01-24 18:08:02 ----D---- C:\Windows\ModemLogs
2012-01-24 18:07:55 ----D---- C:\Windows\Minidump
2012-01-24 18:07:55 ----D---- C:\Windows\Debug
2012-01-24 15:22:19 ----D---- C:\Stiahnuté veci z NETu
2012-01-24 14:03:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-24 13:46:48 ----A---- C:\Windows\NeroDigital.ini
2012-01-24 03:04:05 ----D---- C:\Windows\winsxs
2012-01-15 16:27:02 ----D---- C:\Program Files\Mozilla Firefox
2012-01-12 10:24:18 ----D---- C:\Windows\system32\catroot2
2012-01-12 03:30:04 ----D---- C:\Program Files\Windows Mail
2012-01-12 03:30:03 ----D---- C:\Windows\ehome
2012-01-12 03:09:21 ----A---- C:\Windows\system32\mrt.exe
2012-01-12 03:07:52 ----D---- C:\ProgramData\Microsoft Help
2012-01-08 03:33:41 ----D---- C:\Windows\Microsoft.NET
2012-01-08 03:27:39 ----RSD---- C:\Windows\assembly
2011-12-25 14:24:34 ----D---- C:\Temp
2011-12-25 13:59:30 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-07-31 721904]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-09-18 134344]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-08-22 21638]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-12 1747936]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 as9trtj0;as9trtj0; C:\Windows\system32\drivers\as9trtj0.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-03-18 61704]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 73096]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
S3 mr97310c;CIF Dual-Mode Camera; C:\Windows\system32\DRIVERS\mr97310c.sys [2005-04-11 121472]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 2216448]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-23 262243]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2008-05-08 122880]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-23 106593]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
Re: prosim - Kontrola logu
Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy Spustte HJT a provedeme fixnuti polozek
- HJT najdete zde C:\Program Files\trend micro\Milena.exe
- Otevre se Vam okno, kliknete na Do a system scan only
- V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.4shared.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Milena\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000 - Kliknete na Fix checked (vlevo dole)
- HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: prosim - Kontrola logu
ComboFix 12-01-23.02 - Milena . 01. 2012 8:39.2.1 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1250.421.1029.18.1014.249 [GMT 1:00]
Running from: c:\users\Milena\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\CmdLineExt.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 07:51 . 2012-01-25 07:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-25 07:51 . 2012-01-25 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 21:59 . 2012-01-24 21:59 -------- d-----w- c:\users\Milena\AppData\Roaming\Avira
2012-01-24 21:57 . 2011-09-18 07:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-24 21:57 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-24 21:57 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-24 21:57 . 2012-01-24 21:57 -------- d-----w- c:\programdata\Avira
2012-01-24 21:57 . 2012-01-24 21:57 -------- d-----w- c:\program files\Avira
2012-01-24 19:02 . 2012-01-25 07:05 -------- d-----w- c:\program files\trend micro
2012-01-24 19:02 . 2012-01-24 22:26 -------- d-----w- C:\rsit
2012-01-24 17:11 . 2012-01-24 17:11 250168 ----a-w- C:\cc_20120124_181047.reg
2012-01-24 17:06 . 2012-01-24 17:06 -------- d-----w- c:\program files\CCleaner
2012-01-24 13:01 . 2012-01-24 13:01 -------- d-----w- c:\users\Milena\AppData\Roaming\SUPERAntiSpyware.com
2012-01-24 13:00 . 2012-01-24 13:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-24 13:00 . 2012-01-24 13:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-23 13:25 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-23 13:25 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-23 13:25 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-23 13:25 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-23 13:25 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-23 13:25 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-22 10:16 . 2012-01-25 01:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{731238FE-F8DB-49DF-8831-B97D462C3B14}\offreg.dll
2012-01-20 14:41 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{731238FE-F8DB-49DF-8831-B97D462C3B14}\mpengine.dll
2012-01-11 11:36 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 11:36 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 11:36 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 11:35 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 11:35 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 11:35 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 11:35 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 11:35 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:37 . 2011-12-15 21:11 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 16:23 . 2012-01-23 13:25 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 13:29 . 2009-10-02 16:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42 . 2011-12-15 21:04 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22 . 2011-12-15 21:11 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17 . 2011-12-15 21:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17 . 2011-12-15 21:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17 . 2011-12-15 21:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 06:17 . 2011-12-15 21:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 05:22 . 2011-12-15 21:10 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45 . 2011-12-15 21:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43 . 2011-12-15 21:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-15 21:11 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-15 21:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.189\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-06-08 10:19 94208 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000Core.job
- c:\users\Milena\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 17:45]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000UA.job
- c:\users\Milena\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 17:45]
.
2012-01-25 c:\windows\Tasks\User_Feed_Synchronization-{6EE33CBC-54F2-4C2A-BC78-35CDC93C21F0}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: E&xportova do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.pokec.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-SMSERIAL - c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-{9FD3A8DA-2E36-4649-AEF1-41A110BD3CB5} - c:\users\Milena\AppData\Local\{8477994D-889C-43C2-80D8-0B371F90DD94}\PCDJ RED VRM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 08:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-25 08:57:12
ComboFix-quarantined-files.txt 2012-01-25 07:57
.
Pre-Run: Volných bajtù: 71 221 526 528
Post-Run: Volných bajtù: 71 150 424 064
.
- - End Of File - - A11808D6ECBB518180F2B700565E1B36
A este, pri prvom spusteni Combofixu, ked zacalo vypisovat tie stage_01... a pod, tak to padlo, modra obrazovka... nb sa restartoval, spustil som druhy krat a v pohode to zbehlo....
Vdaka
Microsoft® Windows Vista Home Premium 6.0.6002.2.1250.421.1029.18.1014.249 [GMT 1:00]
Running from: c:\users\Milena\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\CmdLineExt.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 07:51 . 2012-01-25 07:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-25 07:51 . 2012-01-25 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 21:59 . 2012-01-24 21:59 -------- d-----w- c:\users\Milena\AppData\Roaming\Avira
2012-01-24 21:57 . 2011-09-18 07:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-24 21:57 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-24 21:57 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-24 21:57 . 2012-01-24 21:57 -------- d-----w- c:\programdata\Avira
2012-01-24 21:57 . 2012-01-24 21:57 -------- d-----w- c:\program files\Avira
2012-01-24 19:02 . 2012-01-25 07:05 -------- d-----w- c:\program files\trend micro
2012-01-24 19:02 . 2012-01-24 22:26 -------- d-----w- C:\rsit
2012-01-24 17:11 . 2012-01-24 17:11 250168 ----a-w- C:\cc_20120124_181047.reg
2012-01-24 17:06 . 2012-01-24 17:06 -------- d-----w- c:\program files\CCleaner
2012-01-24 13:01 . 2012-01-24 13:01 -------- d-----w- c:\users\Milena\AppData\Roaming\SUPERAntiSpyware.com
2012-01-24 13:00 . 2012-01-24 13:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-24 13:00 . 2012-01-24 13:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-23 13:25 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-23 13:25 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-23 13:25 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-23 13:25 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-23 13:25 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-23 13:25 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-22 10:16 . 2012-01-25 01:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{731238FE-F8DB-49DF-8831-B97D462C3B14}\offreg.dll
2012-01-20 14:41 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{731238FE-F8DB-49DF-8831-B97D462C3B14}\mpengine.dll
2012-01-11 11:36 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 11:36 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 11:36 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 11:35 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 11:35 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 11:35 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 11:35 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 11:35 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:37 . 2011-12-15 21:11 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 16:23 . 2012-01-23 13:25 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 13:29 . 2009-10-02 16:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42 . 2011-12-15 21:04 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22 . 2011-12-15 21:11 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17 . 2011-12-15 21:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17 . 2011-12-15 21:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17 . 2011-12-15 21:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 06:17 . 2011-12-15 21:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 05:22 . 2011-12-15 21:10 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45 . 2011-12-15 21:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43 . 2011-12-15 21:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-15 21:11 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-15 21:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.189\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-06-08 10:19 94208 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000Core.job
- c:\users\Milena\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 17:45]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000UA.job
- c:\users\Milena\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 17:45]
.
2012-01-25 c:\windows\Tasks\User_Feed_Synchronization-{6EE33CBC-54F2-4C2A-BC78-35CDC93C21F0}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: E&xportova do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.pokec.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-SMSERIAL - c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-{9FD3A8DA-2E36-4649-AEF1-41A110BD3CB5} - c:\users\Milena\AppData\Local\{8477994D-889C-43C2-80D8-0B371F90DD94}\PCDJ RED VRM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 08:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-25 08:57:12
ComboFix-quarantined-files.txt 2012-01-25 07:57
.
Pre-Run: Volných bajtù: 71 221 526 528
Post-Run: Volných bajtù: 71 150 424 064
.
- - End Of File - - A11808D6ECBB518180F2B700565E1B36
A este, pri prvom spusteni Combofixu, ked zacalo vypisovat tie stage_01... a pod, tak to padlo, modra obrazovka... nb sa restartoval, spustil som druhy krat a v pohode to zbehlo....
Vdaka
Re: prosim - Kontrola logu
Proc pouzivate zastaralou verzi NODu32 - verzi 3 - kdyz je uz davno vydana verze 5? Predpokladam, ze je mate legalni = zakoupena licence
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: prosim - Kontrola logu
Dobry den, este raz pisem, nie je to moj NB, ja som to tam neinstaloval, pomaham kamaratke. NOD32 bol odinstalovany a nahradeny avira-ou...
Re: prosim - Kontrola logu
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: RegLock:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] DDS:: uStart Page = hxxp://www.daemon-search.com/startpage Firefox:: FF - ProfilePath - c:\users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000000 [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"=- "Adobe Reader Speed Launcher"=- File:: c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000UA.job C:\Windows\tasks\iMeshNAG.job C:\Windows\tasks\User_Feed_Synchronization-{6EE33CBC-54F2-4C2A-BC78-35CDC93C21F0}.job ClearJavaCache:: AtJob:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: prosim - Kontrola logu
ComboFix 12-01-23.02 - Milena . 01. 2012 12:51:00.3.1 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1250.421.1029.18.1014.326 [GMT 1:00]
Running from: c:\users\Milena\Desktop\ComboFix.exe
Command switches used :: c:\users\Milena\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000UA.job"
"c:\windows\tasks\iMeshNAG.job"
"c:\windows\tasks\User_Feed_Synchronization-{6EE33CBC-54F2-4C2A-BC78-35CDC93C21F0}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\windows\system32\CmdLineExt.dll
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000UA.job
c:\windows\tasks\User_Feed_Synchronization-{6EE33CBC-54F2-4C2A-BC78-35CDC93C21F0}.job
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy1_!Windows!System32!userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 12:02 . 2012-01-25 12:06 -------- d-----w- c:\users\Milena\AppData\Local\temp
2012-01-25 12:02 . 2012-01-25 12:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-25 12:02 . 2012-01-25 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 21:59 . 2012-01-24 21:59 -------- d-----w- c:\users\Milena\AppData\Roaming\Avira
2012-01-24 21:57 . 2011-09-18 07:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-24 21:57 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-24 21:57 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-24 21:57 . 2012-01-24 21:57 -------- d-----w- c:\programdata\Avira
2012-01-24 21:57 . 2012-01-24 21:57 -------- d-----w- c:\program files\Avira
2012-01-24 19:02 . 2012-01-25 07:05 -------- d-----w- c:\program files\trend micro
2012-01-24 19:02 . 2012-01-24 22:26 -------- d-----w- C:\rsit
2012-01-24 17:11 . 2012-01-24 17:11 250168 ----a-w- C:\cc_20120124_181047.reg
2012-01-24 17:06 . 2012-01-24 17:06 -------- d-----w- c:\program files\CCleaner
2012-01-24 13:01 . 2012-01-24 13:01 -------- d-----w- c:\users\Milena\AppData\Roaming\SUPERAntiSpyware.com
2012-01-24 13:00 . 2012-01-24 13:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-24 13:00 . 2012-01-24 13:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-23 13:25 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-23 13:25 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-23 13:25 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-23 13:25 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-23 13:25 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-22 10:16 . 2012-01-25 01:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{731238FE-F8DB-49DF-8831-B97D462C3B14}\offreg.dll
2012-01-20 14:41 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{731238FE-F8DB-49DF-8831-B97D462C3B14}\mpengine.dll
2012-01-11 11:36 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 11:36 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 11:35 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 11:35 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 11:35 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 11:35 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 15:59 . 2012-01-11 11:35 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-15 21:11 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 16:23 . 2012-01-23 13:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 16:23 . 2012-01-23 13:25 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 13:29 . 2009-10-02 16:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42 . 2011-12-15 21:04 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22 . 2011-12-15 21:11 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17 . 2011-12-15 21:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17 . 2011-12-15 21:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17 . 2011-12-15 21:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 06:17 . 2011-12-15 21:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 05:22 . 2011-12-15 21:10 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45 . 2011-12-15 21:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43 . 2011-12-15 21:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-06-08 10:19 94208 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
IE: E&xportova do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default\
FF - prefs.js: browser.startup.homepage - www.pokec.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 13:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá pøístup k souboru, nebo jej právì vyuívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\windows\system32\crypserv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2012-01-25 13:16:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-25 12:16
ComboFix2.txt 2012-01-25 07:57
.
Pre-Run: Volných bajtù: 71 179 718 656
Post-Run: Volných bajtù: 71 038 820 352
.
- - End Of File - - 186457937C45117E794762BE2A80D75D
Microsoft® Windows Vista Home Premium 6.0.6002.2.1250.421.1029.18.1014.326 [GMT 1:00]
Running from: c:\users\Milena\Desktop\ComboFix.exe
Command switches used :: c:\users\Milena\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000UA.job"
"c:\windows\tasks\iMeshNAG.job"
"c:\windows\tasks\User_Feed_Synchronization-{6EE33CBC-54F2-4C2A-BC78-35CDC93C21F0}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\windows\system32\CmdLineExt.dll
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2721631577-2496924507-1619228457-1000UA.job
c:\windows\tasks\User_Feed_Synchronization-{6EE33CBC-54F2-4C2A-BC78-35CDC93C21F0}.job
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy1_!Windows!System32!userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 12:02 . 2012-01-25 12:06 -------- d-----w- c:\users\Milena\AppData\Local\temp
2012-01-25 12:02 . 2012-01-25 12:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-25 12:02 . 2012-01-25 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 21:59 . 2012-01-24 21:59 -------- d-----w- c:\users\Milena\AppData\Roaming\Avira
2012-01-24 21:57 . 2011-09-18 07:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-24 21:57 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-24 21:57 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-24 21:57 . 2012-01-24 21:57 -------- d-----w- c:\programdata\Avira
2012-01-24 21:57 . 2012-01-24 21:57 -------- d-----w- c:\program files\Avira
2012-01-24 19:02 . 2012-01-25 07:05 -------- d-----w- c:\program files\trend micro
2012-01-24 19:02 . 2012-01-24 22:26 -------- d-----w- C:\rsit
2012-01-24 17:11 . 2012-01-24 17:11 250168 ----a-w- C:\cc_20120124_181047.reg
2012-01-24 17:06 . 2012-01-24 17:06 -------- d-----w- c:\program files\CCleaner
2012-01-24 13:01 . 2012-01-24 13:01 -------- d-----w- c:\users\Milena\AppData\Roaming\SUPERAntiSpyware.com
2012-01-24 13:00 . 2012-01-24 13:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-24 13:00 . 2012-01-24 13:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-23 13:25 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-23 13:25 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-23 13:25 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-23 13:25 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-23 13:25 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-22 10:16 . 2012-01-25 01:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{731238FE-F8DB-49DF-8831-B97D462C3B14}\offreg.dll
2012-01-20 14:41 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{731238FE-F8DB-49DF-8831-B97D462C3B14}\mpengine.dll
2012-01-11 11:36 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 11:36 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 11:35 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 11:35 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 11:35 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 11:35 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 15:59 . 2012-01-11 11:35 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-15 21:11 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 16:23 . 2012-01-23 13:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 16:23 . 2012-01-23 13:25 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 13:29 . 2009-10-02 16:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42 . 2011-12-15 21:04 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22 . 2011-12-15 21:11 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17 . 2011-12-15 21:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17 . 2011-12-15 21:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17 . 2011-12-15 21:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 06:17 . 2011-12-15 21:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 05:22 . 2011-12-15 21:10 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45 . 2011-12-15 21:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43 . 2011-12-15 21:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-06-08 10:19 94208 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
IE: E&xportova do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\uy0sd35f.default\
FF - prefs.js: browser.startup.homepage - www.pokec.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 13:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá pøístup k souboru, nebo jej právì vyuívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\windows\system32\crypserv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2012-01-25 13:16:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-25 12:16
ComboFix2.txt 2012-01-25 07:57
.
Pre-Run: Volných bajtù: 71 179 718 656
Post-Run: Volných bajtù: 71 038 820 352
.
- - End Of File - - 186457937C45117E794762BE2A80D75D
Re: prosim - Kontrola logu
Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe
- Ulozte nejlepe na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
- Kliknete na Report
- Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: prosim - Kontrola logu
Kód: Vybrat vše
MBRScan v1.0.7
OS : Windows Vista Service Pack 2 (32 bit)
PROCESSOR : x86 Family 6 Model 15 Stepping 10, GenuineIntel
BOOT : Normal Boot
DATE : 2012/01/25 (ISO 8601) at 13:39:30
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __TOSHIBA MK1637GSX (DL03)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 149.1 Go [Fixed] ==> Unknown MBR Code
MBR_MD5 : 056DC2BE288977AEAAC426553D0AAD03
MBR_SHA1 : 1240AFC221609FBC1FA47D535FBEAEE246B0A37C
Device\Harddisk0\Partition1 142.2 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 6.86 Go 0x07 NTFS / HPFS
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 FF BE 00 02 8E D7 BC 00 7A BB A0 07 8B CE 8E 3.¾...×¼.z»...Î.
0x00000010 DB 8E C3 F3 A4 EA 72 00 A0 07 10 00 01 00 00 7A Û.Ãó¤êr........z
0x00000020 00 00 00 00 00 00 00 00 00 00 07 66 8B 55 08 B4 ...........f.U.´
0x00000030 42 C6 06 1F 00 7C 32 C0 66 89 16 22 00 BE 1A 00 BÆ...|2Àf..".¾..
0x00000040 B2 80 CD 13 0F 82 C2 00 81 3E FE 03 55 AA C3 AC ².Í...Â..>þ.UªÃ¬
0x00000050 0A C0 74 FA B4 0E BB 07 00 CD 10 EB F2 B8 12 5F .Àtú´.»..Í.ëò¸._
0x00000060 66 BA 51 50 48 5F CD 15 73 02 33 DB 80 E3 01 0A fºQPH_Í.s.3Û.ã..
0x00000070 DB C3 8B E9 8B D9 C6 06 2A 00 0C BF EE 01 B9 04 ÛÃ.é.ÙÆ.*..¿î.¹.
0x00000080 00 38 6D 04 74 39 E8 A2 FF 75 21 66 B8 52 45 43 .8m.t9è¢.u!f¸REC
0x00000090 4F 66 39 06 03 02 74 0C 66 39 06 F0 03 75 0D C6 Of9...t.f9.ð.u.Æ
0x000000A0 06 2A 00 07 8B DF C6 45 04 0C EB 13 8A 45 04 3C .*...ßÆE..ë..E.<
0x000000B0 07 74 0A 3C 0B 74 06 24 F5 3C 04 75 02 8B EF 88 .t.<.t.$õ<.u..ï.
0x000000C0 2D 83 EF 10 E2 BB 0B DB 74 1B 0B ED 74 17 8B FB -.ï.â».Ût..ít..û
0x000000D0 F6 06 4E 01 04 75 47 F6 06 4E 01 02 75 44 E8 7C ö.N..uGö.N..uDè|
0x000000E0 FF 75 3B EB 3D 66 33 D2 E8 44 FF BA 01 00 B1 04 .u;ë=f3ÒèD.º..±.
0x000000F0 BF BE 03 0B D2 75 06 80 7D 04 00 75 42 80 3D 80 ¿¾..Òu..}..uB.=.
0x00000100 74 3D 83 C7 10 E2 EC 4A 74 E4 8B 36 51 01 E8 3E t=.Ç.âìJtä.6Q.è>
0x00000110 FF 8B 36 53 01 E8 37 FF B4 00 CD 16 CD 18 8B EF ..6S.è7.´.Í.Í..ï
0x00000120 EB 00 A0 2A 00 88 45 04 8B FD C6 05 80 80 26 4E ë..*..E..ýÆ...&N
0x00000130 01 F9 66 33 D2 C6 06 1F 00 7A B4 43 E8 F7 FE E8 .ùf3ÒÆ...z´Cè÷þè
0x00000140 E9 FE 8B 36 4F 01 75 C6 EA 00 7C 00 00 01 50 57 éþ.6O.uÆê.|...PW
0x00000150 01 5C 01 63 01 68 01 45 72 72 32 00 0D 0A 45 72 .\.c.h.Err2...Er
0x00000160 72 31 00 45 72 72 33 00 0D 0A 50 72 65 73 73 20 r1.Err3...Press
0x00000170 46 31 31 20 66 6F 72 20 45 6D 65 72 67 65 6E 63 F11 for Emergenc
0x00000180 79 20 52 65 63 6F 76 65 72 79 20 00 73 20 61 20 y Recovery .s a
0x00000190 6B 65 79 0D 0A 00 00 00 00 00 00 00 00 00 00 00 key.............
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 4D 01 01 5E B3 D7 00 00 80 01 ......M..^³×....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 02 E7 C5 11 00 FE ...þ..?....çÅ..þ
0x000001D0 FF FF 07 FE FF FF 41 E7 C5 11 80 A3 DB 00 00 00 ...þ..AçÅ..£Û...
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
Přispějete na provoz fóra?