Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosim o kontrolu Logu z Combofixu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
gtr97
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 pro 2011 10:09

Re: Prosim o kontrolu Logu z Combofixu

#16 Příspěvek od gtr97 »

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8397

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

19.12.2011 17:47:29
mbam-log-2011-12-19 (17-47-22).txt

Typ: Úplná kontrola (C:\|E:\|F:\|Q:\|)
Kontrolované objekty: 454820
Uplynulý čas: 1 hodin, 8 minut, 1 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\GTR\downloads\call of duty 4 modern warfare full game v_1.7 -=aviara=-\call of duty 4\key generator.exe (Trojan.Agent.CK) -> No action taken.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosim o kontrolu Logu z Combofixu

#17 Příspěvek od vyosek »

Nalez MBAMu smazte, vyhodi log, ten rad uvidim
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
gtr97
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 pro 2011 10:09

Re: Prosim o kontrolu Logu z Combofixu

#18 Příspěvek od gtr97 »

to mam dat znovu tu hodinovou kontrolu pak???
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosim o kontrolu Logu z Combofixu

#19 Příspěvek od vyosek »

Ne jen smazte nalez MBAMu jak ho nasel
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
gtr97
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 pro 2011 10:09

Re: Prosim o kontrolu Logu z Combofixu

#20 Příspěvek od gtr97 »

kde najdu ten log.. napsalo to o restart pc... :) prosim, at to nemusim slozite hledat
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosim o kontrolu Logu z Combofixu

#21 Příspěvek od vyosek »

Zalozka protokoly
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
gtr97
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 pro 2011 10:09

Re: Prosim o kontrolu Logu z Combofixu

#22 Příspěvek od gtr97 »

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8397

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

19.12.2011 18:00:42
mbam-log-2011-12-19 (18-00-42).txt

Typ: Úplná kontrola (C:\|E:\|F:\|Q:\|)
Kontrolované objekty: 454820
Uplynulý čas: 1 hodin, 8 minut, 1 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\GTR\downloads\call of duty 4 modern warfare full game v_1.7 -=aviara=-\call of duty 4\key generator.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosim o kontrolu Logu z Combofixu

#23 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Collect::
C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=-
"StartCCC"=-
"NBAgent"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

File::
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk 

Driver::
NAUpdate

DDS::
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://www.bing.com?pc=CMNTDF
uInternet Settings,ProxyServer = http=;ftp=;https=;

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
gtr97
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 pro 2011 10:09

Re: Prosim o kontrolu Logu z Combofixu

#24 Příspěvek od gtr97 »

zatím se to dělá, jinak NOD32 legální
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosim o kontrolu Logu z Combofixu

#25 Příspěvek od vyosek »

OK, pockam na log z CF po skriptu
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
gtr97
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 pro 2011 10:09

Re: Prosim o kontrolu Logu z Combofixu

#26 Příspěvek od gtr97 »

pComboFix 11-12-19.01 - GTR 19.12.2011 18:20:19.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8126.5435 [GMT 1:00]
Spuštěný z: c:\users\GTR\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\GTR\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk"
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\SEARCH~1\SEARCH~1\datamngr.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NAUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-19 do 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 17:25 . 2011-12-19 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 13:36 . 2011-12-19 13:36 -------- d-----w- c:\users\GTR\AppData\Roaming\Malwarebytes
2011-12-19 13:35 . 2011-12-19 13:35 -------- d-----w- c:\programdata\Malwarebytes
2011-12-19 13:35 . 2011-12-19 13:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-19 13:35 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 10:05 . 2011-12-19 10:05 -------- d-----w- c:\program files (x86)\trend micro
2011-12-19 10:05 . 2011-12-19 10:05 -------- d-----w- C:\rsit
2011-12-16 13:36 . 2011-12-16 13:36 -------- d-----w- c:\users\GTR\AppData\Local\PowerDVDCox
2011-12-16 13:36 . 2011-12-16 13:36 -------- d-----w- c:\users\GTR\AppData\Local\PowerDVDCinema
2011-12-16 13:32 . 2011-12-16 13:32 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
2011-12-16 13:32 . 2011-12-16 13:33 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-16 13:32 . 2011-12-16 13:33 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-16 12:15 . 2011-12-16 12:15 -------- d-----w- c:\users\GTR\AppData\Local\Apps
2011-12-16 12:15 . 2011-12-16 20:39 -------- d-----w- c:\users\GTR\AppData\Local\Deployment
2011-12-15 10:17 . 2011-12-15 12:13 -------- d-----w- C:\wamp
2011-12-15 10:12 . 2011-12-15 10:12 -------- d-----w- c:\users\GTR\AppData\Local\Windows Live
2011-12-15 02:34 . 2011-12-15 02:34 0 ----a-w- c:\windows\SysWow64\sho8A4D.tmp
2011-12-14 20:43 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 20:43 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 20:41 . 2011-11-05 03:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 20:41 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-14 20:41 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 20:41 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 20:41 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-12 11:06 . 2011-12-16 21:25 -------- d-----w- c:\users\GTR\AppData\Roaming\FileZilla
2011-12-12 11:06 . 2011-12-12 11:06 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2011-12-11 10:53 . 2011-12-11 10:53 -------- d-----w- c:\windows\Sun
2011-12-11 10:52 . 2011-12-11 10:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-11 10:52 . 2011-12-11 10:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-11 10:51 . 2011-12-11 10:51 -------- d-----w- c:\program files (x86)\Java
2011-12-07 19:15 . 2011-12-07 19:15 -------- d-----w- c:\users\GTR\AppData\Roaming\PlatinumHideIP
2011-12-07 19:15 . 2011-12-07 19:15 -------- d-----w- c:\programdata\PlatinumHideIP
2011-12-07 19:15 . 2011-12-07 19:15 -------- d-----w- c:\program files (x86)\PlatinumHideIP
2011-12-07 19:04 . 2011-12-07 19:04 -------- d-----w- c:\users\GTR\AppData\Roaming\FreeHideIP
2011-12-07 19:04 . 2011-12-07 19:04 -------- d-----w- c:\programdata\FreeHideIP
2011-11-30 07:54 . 2006-01-17 20:00 14008 ----a-w- c:\users\GTR\AppData\Roaming\Microsoft\SharePoint Designer\Behaviors\Actions\DOM.JS
2011-11-30 07:54 . 2006-01-17 20:00 14643 ----a-w- c:\users\GTR\AppData\Roaming\Microsoft\SharePoint Designer\Behaviors\Actions\FPLIB.JS
2011-11-30 07:54 . 2006-01-17 20:00 12235 ----a-w- c:\users\GTR\AppData\Roaming\Microsoft\SharePoint Designer\Behaviors\Actions\GETOBJ.JS
2011-11-30 07:54 . 2006-01-17 19:58 18866 ----a-w- c:\users\GTR\AppData\Roaming\Microsoft\SharePoint Designer\Behaviors\Actions\PRELOAD.JS
2011-11-30 07:54 . 2006-01-17 19:58 18466 ----a-w- c:\users\GTR\AppData\Roaming\Microsoft\SharePoint Designer\Behaviors\Actions\SETTEXT.JS
2011-11-30 07:54 . 2006-01-17 19:57 22188 ----a-w- c:\users\GTR\AppData\Roaming\Microsoft\SharePoint Designer\Behaviors\Actions\STRINGS.JS
2011-11-30 07:54 . 2006-01-17 19:56 11964 ----a-w- c:\users\GTR\AppData\Roaming\Microsoft\SharePoint Designer\Behaviors\Actions\_JMPMENU.JS
2011-11-30 07:54 . 2006-01-17 19:56 15579 ----a-w- c:\users\GTR\AppData\Roaming\Microsoft\SharePoint Designer\Behaviors\Actions\_PRELOAD.JS
2011-11-20 23:45 . 2011-12-18 21:42 -------- d-----w- c:\users\GTR\AppData\Roaming\HLSW
2011-11-20 23:45 . 2011-11-20 23:45 -------- d-s---w- c:\program files (x86)\HLSW
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 19:51 . 2011-10-26 08:06 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-18 19:51 . 2011-10-25 11:36 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-18 19:49 . 2011-10-25 11:36 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-11-18 01:11 . 2011-11-18 01:11 0 ----a-w- c:\windows\SysWow64\sho57FB.tmp
2011-11-17 19:02 . 2011-10-25 11:36 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-01 18:08 . 2011-11-01 18:08 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-10-25 11:53 . 2011-10-25 11:53 21832 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-10-25 11:36 . 2011-10-25 11:36 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-10-23 11:53 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-10-23 11:53 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-22 23:17 . 2011-10-22 23:17 0 ----a-w- c:\windows\SysWow64\shoA636.tmp
2011-09-30 15:28 . 2011-09-30 15:28 0 ----a-w- c:\windows\SysWow64\sho45BD.tmp
2011-09-29 16:29 . 2011-11-09 08:04 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-27 02:39 . 2011-10-25 11:58 286208 ----a-w- c:\windows\SysWow64\binkw32.dll
2011-09-26 06:15 . 2011-09-26 06:15 0 ----a-w- c:\windows\SysWow64\sho8279.tmp
2011-09-25 07:23 . 2011-09-25 07:23 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-09-24 18:18 . 2011-09-16 12:38 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-24 18:06 . 2011-09-24 18:07 368912 ----a-w- c:\windows\SysWow64\VBAR332.DLL
2011-09-24 18:06 . 2011-09-24 18:07 252176 ----a-w- c:\windows\SysWow64\MSRD2X35.DLL
2011-09-24 18:06 . 2011-09-24 18:07 24848 ----a-w- c:\windows\SysWow64\MSJTER35.DLL
2011-09-24 18:06 . 2011-09-24 18:07 123664 ----a-w- c:\windows\SysWow64\MSJINT35.DLL
2011-09-24 18:06 . 2011-09-24 18:07 1045776 ----a-w- c:\windows\SysWow64\MSJET35.DLL
2011-09-23 09:14 . 2011-09-23 09:15 627600 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-19_09.29.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-19 09:21 . 2011-12-19 09:21 13294 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-12-19 17:26 . 2011-12-19 17:26 13294 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2011-12-19 17:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-19 09:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-19 17:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-19 09:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-19 09:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-19 17:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-12-19 17:30 38712 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-16 11:45 . 2011-12-19 17:30 10282 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3026165489-2820001514-1850220318-1002_UserData.bin
+ 2011-09-16 11:42 . 2011-12-19 17:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-16 11:42 . 2011-12-19 09:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 11:42 . 2011-12-19 17:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-16 11:42 . 2011-12-19 09:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-19 09:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-19 17:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-16 12:06 . 2011-12-19 17:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-16 12:06 . 2011-12-19 09:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 12:06 . 2011-12-19 17:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-16 12:06 . 2011-12-19 09:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-16 12:06 . 2011-12-19 09:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-16 12:06 . 2011-12-19 17:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-16 12:06 . 2011-12-19 09:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 12:06 . 2011-12-19 17:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 12:06 . 2011-12-19 17:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-16 12:06 . 2011-12-19 09:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-19 09:22 . 2011-12-19 09:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-19 17:27 . 2011-12-19 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-19 17:27 . 2011-12-19 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-19 09:22 . 2011-12-19 09:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-16 14:13 . 2011-12-19 15:48 338608 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-12-19 17:07 655754 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-19 09:26 655754 c:\windows\system32\perfh009.dat
+ 2011-05-10 20:12 . 2011-12-19 17:07 670400 c:\windows\system32\perfh005.dat
- 2011-05-10 20:12 . 2011-12-19 09:26 670400 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-12-19 09:26 122368 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-19 17:07 122368 c:\windows\system32\perfc009.dat
+ 2011-05-10 20:12 . 2011-12-19 17:07 141742 c:\windows\system32\perfc005.dat
- 2011-05-10 20:12 . 2011-12-19 09:26 141742 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-12-19 09:21 391672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-19 17:26 391672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-10 20:40 . 2011-12-19 09:21 3661760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-10 20:40 . 2011-12-19 17:26 3661760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HP HD Webcam [Fixed]_Monitor"="c:\program files (x86)\HP HD Webcam [Fixed]\monitor.exe" [2010-11-26 11:31 267128]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-02-03 464480]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2009-11-20 8547176]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 FAH-01;Folding Service 01;c:\program files (x86)\Folding@Home 01\Folding@Home 01\FAH-Console.exe [2008-06-30 253952]
S2 FAH-02;Folding Service 02;c:\program files (x86)\Folding@Home 01\Folding@Home 02\FAH-Console.exe [2008-06-30 253952]
S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2011-10-25 1677096]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 BthMtpEnum;Modul pro výčet zařízení Bluetooth MTP;c:\windows\system32\DRIVERS\BthMtpEnum.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 13:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-01 c:\windows\Tasks\HPCeeScheduleForGTR-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2011-11-25 c:\windows\Tasks\HPCeeScheduleForGTR.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-02-09 200704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"combofix"="c:\combofix\CF836.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 62.129.50.20 62.129.32.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3026165489-2820001514-1850220318-1002\Software\SecuROM\License information*]
"datasecu"=hex:89,3f,fa,f9,7a,43,a9,53,d3,c4,a1,9b,f2,27,49,ab,d4,a2,48,3b,fd,
6e,60,3a,88,d9,20,10,c7,bd,ed,e9,64,45,26,c9,90,69,10,15,0d,ee,98,10,e8,d1,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_USERS\S-1-5-21-3026165489-2820001514-1850220318-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T17:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T17:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T17:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-3026165489-2820001514-1850220318-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\c:\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"2011-10-10T17:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00"
"qkrcodecs4.dll"=multi:"2011-10-10T17:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00"
"qtwcodecs4.dll"=multi:"2011-10-10T17:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00"
.
[HKEY_USERS\S-1-5-21-3026165489-2820001514-1850220318-1002\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\b*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T17:42\00\00"
"qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_USERS\S-1-5-21-3026165489-2820001514-1850220318-1002\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\b*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Folding@Home #01\Folding@Home #01\FAH-Console.exe
c:\program files (x86)\Folding@Home #01\Folding@Home #02\FAH-Console.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\HP HD Webcam [Fixed]\Monitor.exe
c:\program files (x86)\Opera\opera.exe
c:\program files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft Office\Office12\WINWORD.EXE
.
**************************************************************************
.
Celkový čas: 2011-12-19 18:36:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-19 17:36
ComboFix2.txt 2011-12-19 09:33
.
Před spuštěním: Volných bajtů: 231 974 350 848
Po spuštění: Volných bajtů: 231 669 604 352
.
- - End Of File - - 8CDBC81C3812CBC3D9B1CF6EEE0DBF2C
Nahr nˇ probŘhlo ŁspŘçnŘ
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosim o kontrolu Logu z Combofixu

#27 Příspěvek od vyosek »

:arrow: Stahnete OTL (viz muj podpis) a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
gtr97
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 pro 2011 10:09

Re: Prosim o kontrolu Logu z Combofixu

#28 Příspěvek od gtr97 »

http://www.uloz.to/11892334/otl-txt

OTL Extras logfile created on: 19.12.2011 18:56:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\GTR\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,94 Gb Total Physical Memory | 5,56 Gb Available Physical Memory | 70,06% Memory free
15,87 Gb Paging File | 13,40 Gb Available in Paging File | 84,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 574,02 Gb Total Space | 215,90 Gb Free Space | 37,61% Space Free | Partition Type: NTFS
Drive E: | 16,85 Gb Total Space | 2,55 Gb Free Space | 15,11% Space Free | Partition Type: NTFS
Drive F: | 4,98 Gb Total Space | 2,13 Gb Free Space | 42,69% Space Free | Partition Type: FAT32

Computer Name: GTR-HP | User Name: GTR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant
"{422BA615-2133-4DC0-8673-09C8CC7557F2}" = HP ProtectTools Security Manager
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{52E5D8A7-B129-4A29-AD4B-EBB749DCC3A3}_is1" = GamePark klient 2.0.9.0
"{555ECC75-AB3B-6434-8900-2BBA4F91F107}" = ccc-utility64
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63E42DE7-C468-31B0-E373-173C67C87B88}" = ATI Catalyst Install Manager
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83DA38AB-1014-41C2-A3CD-E2B93832A71A}" = HP 3D DriveGuard
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0405-1000-0000000FF1CE}" = Microsoft Office Klikni a spusť 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}" = Privacy Manager for HP ProtectTools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{D4219EAB-402B-4CE4-8CF2-1E67F1022841}" = DisplayLink Core Software
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DD0E76E3-62C5-4502-949B-82D97A2A0324}" = HP USB Docking Video
"{F0F5F73E-3E69-4521-A9D1-B1AE8DEE0F15}" = ESET NOD32 Antivirus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}" = WMV9/VC-1 Video Playback
"{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver
"Connectify" = Connectify
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02C0A02E-AB30-446C-B4C3-A03310D95F53}" = Windows Live UX Platform Language Pack
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08F10409-00BB-8843-4813-37FDDD972CB1}" = CCC Help Chinese Standard
"{08FB6F00-7D8D-5474-B70D-607638405BEB}" = CCC Help Korean
"{0A455897-C606-4958-AD34-6DF0430D184B}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{12379137-5A34-8311-A00C-4571E468F507}" = CCC Help Polish
"{1392513C-F92A-2893-E263-071E943CB4B8}" = Catalyst Control Center InstallProxy
"{1529490E-DC67-A7DA-E7FE-789B929E67F0}" = CCC Help Norwegian
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2E07A6AE-C2EC-05DB-8344-B562E5D9E341}" = CCC Help Swedish
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E918CE9-BDA6-282D-0E19-E11DF8004ABE}" = CCC Help Thai
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4114A073-7385-4742-8A5E-A5788FAC838F}" = ArcSoft TotalMedia
"{4441B01C-0AF2-6EE7-CDB3-AD0DB41E7147}" = CCC Help Hungarian
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{4908C75E-E5E2-43F7-B1DF-023CBA831029}" = Nero 7 Premium
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B21E4B2-89B8-499D-803A-34ABF929401E}" = HP Connection Manager
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.1
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668643A5-48DD-B0E9-62E1-1FDA18D54F66}" = CCC Help Finnish
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6889EE56-1816-4E89-94DF-9F56E7804039}_is1" = Counter-Strike 1.6 Non-Steam patch v36
"{69EA3784-E961-76A2-6C11-7B83AA50E56A}" = CCC Help Czech
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}" = HP Documentation
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71543470-E3F8-6A06-08C8-783CD286D2BA}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737DCE46-824C-40BA-8776-81D9D1DB04AB}" = Catalyst Control Center - Branding
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76BAC71B-00A7-BBFA-5DAE-EEB0DF9F4098}" = CCC Help English
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7CF1347C-61F6-C495-127C-912FD6CB432D}" = CCC Help Japanese
"{7F53A8DC-4857-4687-9740-F30129EE5FC0}_is1" = ShareRapid poker verze 1.8
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{80C45B94-2BA0-8E23-95A7-8A9FCD836EFD}" = PX Profile Update
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{83721450-E604-4C37-ABEB-CE7F18C587C8}" = LightScribe Template Labeler
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85BE1D9F-FC67-E84E-F73A-BC7125E3B717}" = CCC Help Portuguese
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0405-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - čeština
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1EFCBD2-B171-E24D-FAD2-4E711A312DEF}" = CCC Help Danish
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = PowerDVD
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB9F8790-4ECB-1BFA-1B80-21DCD40664C3}" = CCC Help Greek
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{AE6BF609-EF6A-8764-85EE-6CC65602D88E}" = CCC Help Chinese Traditional
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B26B64E8-DB83-7904-2DF9-F92A7ABC14D9}" = Catalyst Control Center Localization All
"{B3E31950-C92F-BCD9-963D-A520887A262A}" = CCC Help Turkish
"{B7E01095-8BAA-456E-8AED-504C3CCADBA0}" = Nero 11
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE211EBE-AC92-515C-D122-A9DD0BC9FFA9}" = Catalyst Control Center
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6CD49BC-E6A5-F247-0489-F3188F300A8E}" = Catalyst Control Center Profiles Mobile
"{C7C60D93-E5B7-82D7-44A4-E3EE404B56A3}" = CCC Help Dutch
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CBD548E9-E421-7B51-5732-2F63B37589E2}" = CCC Help French
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7922D23-642E-0649-A3C9-38F9E0FA263E}" = CCC Help Russian
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DAB0D352-00D9-4795-9FBE-EC4791ABA44A}" = Section 8 PCW
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{DF63FA79-75AE-45D6-715E-81E92F134702}" = CCC Help Italian
"{DFD1CBF6-8C2B-4047-88B6-7E9FC4E0A14C}" = Folding@Home Services
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E2531547-0789-690E-9F12-3EDBDBC64DA8}" = CCC Help Spanish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{F07E6C5F-6AE1-72B3-8659-08E2ABB86DF8}" = Catalyst Control Center Graphics Previews Common
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"Counter-Strike 1.6" = Counter-Strike 1.6
"CyberLink PowerDVD 11.0.1620.51" = CyberLink PowerDVD 11.0.1620.51 - odinstalovat češtinu
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Client" = FileZilla Client 3.5.2
"GameParkClient_is1" = GamePark
"GameTracker Lite" = GameTracker Lite
"Half-Life 2" = Half-Life 2
"Hamachi" = Hamachi 1.0.1.5
"HLSW_is1" = HLSW v1.4.0.2
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{DAB0D352-00D9-4795-9FBE-EC4791ABA44A}" = Section 8 PCW
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"My HP Game Console" = HP Game Console
"Nokia Ovi Suite" = Nokia Ovi Suite
"Office14.Click2Run" = Microsoft Office Klikni a spusť 2010
"Opera 11.60.1185" = Opera 11.60
"PDF Complete" = PDF Complete Special Edition
"PlatinumHideIP" = Platinum Hide IP
"Postal 2_is1" = Portal 2
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"SearchCore for Browsers" = SearchCore for Browsers
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Sunplus SPUVCb" = HP HD Webcam [Fixed]
"Total Video Converter 3.21_is1" = Total Video Converter 3.20 090114
"uTorrent" = µTorrent
"VIP Access SDK" = VIP Access SDK x64(1.0.0.50)
"VLC media player" = VLC media player 1.1.11
"WampServer 2_is1" = WampServer 2.2
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087501" = Plants vs. Zombies
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089451" = World Cup Cricket 20-20
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"XobniMain" = Xobni

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3026165489-2820001514-1850220318-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7f4182272b52fd8f" = CZShare Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26.10.2011 5:25:57 | Computer Name = GTR-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 26.10.2011 5:26:02 | Computer Name = GTR-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 26.10.2011 5:26:04 | Computer Name = GTR-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 26.10.2011 5:26:04 | Computer Name = GTR-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 26.10.2011 5:26:05 | Computer Name = GTR-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 26.10.2011 5:26:26 | Computer Name = GTR-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 26.10.2011 5:26:30 | Computer Name = GTR-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 26.10.2011 5:26:30 | Computer Name = GTR-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 26.10.2011 5:26:37 | Computer Name = GTR-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 26.10.2011 5:26:38 | Computer Name = GTR-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

[ Hewlett-Packard Events ]
Error - 14.11.2011 15:38:42 | Computer Name = GTR-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 14.11.2011 15:38:42 | Computer Name = GTR-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 14.11.2011 15:38:52 | Computer Name = GTR-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 14.11.2011 15:39:06 | Computer Name = GTR-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5.12.2011 15:14:55 | Computer Name = GTR-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12.12.2011 15:08:16 | Computer Name = GTR-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12.12.2011 15:08:34 | Computer Name = GTR-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 19.12.2011 5:09:32 | Computer Name = GTR-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259 v System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) v System.Diagnostics.Process.Start(ProcessStartInfo startInfo) v
HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message: Pokus
použít neplatnou operaci na klíč registru, který je označen pro odstranění StackTrace:
v System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)

v System.Diagnostics.Process.Start(ProcessStartInfo startInfo) v HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask
task) Source: System Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Format:
cs-CZ RAM: 8126 Ram Utilization: 30 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


[ HP Connection Manager Events ]
Error - 15.12.2011 18:36:17 | Computer Name = GTR-HP | Source = hpMobile | ID = 5
Description = 2011.12.15 23:36:16.764|00002244|Error |[HP.Mobile]NamedPipe::SendStringToServer{bool(string)}|Timeout
sending to server

Error - 16.12.2011 13:01:27 | Computer Name = GTR-HP | Source = hpCMSrv | ID = 5
Description = 2011/12/16 18:01:27.983|00000DF4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 17.12.2011 16:20:56 | Computer Name = GTR-HP | Source = hpCMSrv | ID = 5
Description = 2011/12/17 21:20:56.971|00001D30|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 17.12.2011 16:20:59 | Computer Name = GTR-HP | Source = hpCMSrv | ID = 5
Description = 2011/12/17 21:20:59.467|00001D30|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 18.12.2011 5:30:14 | Computer Name = GTR-HP | Source = hpMobile | ID = 5
Description = 2011.12.18 10:30:14.756|00001AF8|Error |[HP.Mobile]Wwan::c{void()}|

Error - 18.12.2011 8:47:46 | Computer Name = GTR-HP | Source = hpMobile | ID = 5
Description = 2011.12.18 13:47:46.625|00001AF8|Error |[HP.Mobile]Wlan::a{void()}|Neplatné
údaje. (Výjimka na základě hodnoty HRESULT: 0x8007000D)

Error - 18.12.2011 17:42:29 | Computer Name = GTR-HP | Source = hpCMSrv | ID = 5
Description = 2011/12/18 22:42:29.619|00001C10|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 19.12.2011 5:21:39 | Computer Name = GTR-HP | Source = hpCMSrv | ID = 5
Description = 2011/12/19 10:21:39.759|00000FB0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 19.12.2011 13:26:50 | Computer Name = GTR-HP | Source = hpCMSrv | ID = 5
Description = 2011/12/19 18:26:50.734|000010D8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 19.12.2011 13:26:53 | Computer Name = GTR-HP | Source = hpCMSrv | ID = 5
Description = 2011/12/19 18:26:53.558|000010D8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ OSession Events ]
Error - 30.11.2011 5:46:29 | Computer Name = GTR-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 7, Application Name: Microsoft Office SharePoint Designer, Application
Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 6901 seconds with 2820 seconds of active time. This session ended with
a crash.

[ System Events ]
Error - 4.12.2011 17:37:28 | Computer Name = GTR-HP | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (22:36:14, ?4.?12.?2011) bylo neočekávané.

Error - 4.12.2011 17:44:32 | Computer Name = GTR-HP | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozená a je nepoužitelná. Je
nutné na svazek \Device\HarddiskVolume2 spustit nástroj chkdsk.

Error - 4.12.2011 17:44:33 | Computer Name = GTR-HP | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozená a je nepoužitelná. Je
nutné na svazek \Device\HarddiskVolume2 spustit nástroj chkdsk.

Error - 5.12.2011 1:06:02 | Computer Name = GTR-HP | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby DisplayLinkService bylo dosaženo
časového limitu (30000 ms).

Error - 5.12.2011 1:06:02 | Computer Name = GTR-HP | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby hpqwmiex bylo dosaženo časového
limitu (30000 ms).

Error - 5.12.2011 7:29:31 | Computer Name = GTR-HP | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby hpqwmiex bylo dosaženo časového
limitu (30000 ms).

Error - 5.12.2011 8:07:47 | Computer Name = GTR-HP | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby hpqwmiex bylo dosaženo časového
limitu (30000 ms).

Error - 5.12.2011 14:07:46 | Computer Name = GTR-HP | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozená a je nepoužitelná. Je
nutné na svazek \Device\HarddiskVolume2 spustit nástroj chkdsk.

Error - 6.12.2011 4:17:37 | Computer Name = GTR-HP | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby hpqwmiex bylo dosaženo časového
limitu (30000 ms).

Error - 6.12.2011 5:57:30 | Computer Name = GTR-HP | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby hpqwmiex bylo dosaženo časového
limitu (30000 ms).


< End of report >
Nahoru
gtr97
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 pro 2011 10:09

Re: Prosim o kontrolu Logu z Combofixu

#29 Příspěvek od gtr97 »

to druhe se tu neveslo... tak jsem pridal odkaz na uloz.to, ted zase musim jit pryc.. ale dekuji za odpoved
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosim o kontrolu Logu z Combofixu

#30 Příspěvek od vyosek »

Vlozte mi ten log prosim sem, rozdelte jej do vice prispevku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“