Závažné zpomalení v poslední době - prosím o kontrolu

Zpráva

Sejsel · #1 Příspěvek od **Sejsel** » 08 úno 2012 19:16

V poslední době se mi o hodně zpomalil počítač a monitor začal vyvádět, ale to nejspíše bude hardwarový problém (nabíhá asi hodinu).

Počítač startuje mnohem pomaleji, než když byl nový, ale to je normální. V poslední době to ale dochází do extrémů, v některých případech nezvládá ani Skype a Prohlížeč najednou.

Také doufám, že nikdo nedostane infarkt z toho, co tam je, hrabu se v počítačích až nezdravě moc.

EDIT: Teď jsem si všiml, že se tam objevuje ta mrška "zbani." Je to věcička, kterou jsem si nevědomky stáhl a nedá se jí zbavit. Kdysi mi á hodinku až dvě otevírala prohlížeč s jejich webem a bohužel teď už nevím, jak jsem to vyřešil. Mám takový pocit, že jsem ji odstranil z automatického spouštění a zabil. Už se to neobjevilo, ale pořád se tam nejspíš nachází.
Také MyWebSearch je havěť, co nejde pryč a "krade" vyhledávaní z firefoxu, který ale nevyužívám. Když se tak na to dívám, tak to asi mělo jít rovnou do problémů.
Občas taky počítač "šrotuje," i když u něj přímo nesedím a nic by se dít nemělo.

RSIT LOG:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Worker at 2012-02-08 19:10:50
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (3%) free of 150 GB
Total RAM: 2046 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:11:04, on 8.2.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\GM4IE\gm4ie.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Worker\Local Settings\Data aplikací\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\OSCAR Editor X7\OscarEditor.exe
C:\Documents and Settings\Worker\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Program Files\cacaoweb\cacaoweb.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Documents and Settings\Worker\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Worker\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Worker\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Documents and Settings\Worker\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Worker\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Worker\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Worker\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Worker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.zbani.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf&s={searchTerms}&f=4
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;127.0.0.1:9421;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [GM4IE] C:\Program Files\GM4IE\gm4ie.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Google Update] "

#2 Příspěvek od **JaRon** » 09 úno 2012 10:56

odinstaluj Ad-Aware 2007 + MyWebSearch
vycisti PC s MBAM - log vloz
vloz log RSIT - tento nebol uplny

Sejsel · #3 Příspěvek od **Sejsel** » 09 úno 2012 16:33

No, tohle není to, co jsem očekával. Je tam toho snad víc, než kolik se mi do PC vejde. Když jsem to přes noc projížděl Avastem (Free), tak jsem se probudil a viděl akorát tak BSOD.

AdAware 2007 Odinstalováno
MyWebSearch odinstalován (Konečně to šlo, předtím se mi nedařilo. Tentokrát jsem použil CCleaner)

RSIT log před MBAM: http://dl.dropbox.com/u/38259711/virycz/logp.txt

Použil jsem rychlou kontrolu u MBAM. 52 nebo něco kolem infikovaných souborů.

MBAM log před čistkou: http://dl.dropbox.com/u/38259711/virycz ... -20%29.txt
MBAM log PO čistce: http://dl.dropbox.com/u/38259711/virycz/mbamlog.txt (Nemám tušení, proč jsou tam ruské znaky. Zřejmě špatné kódování)

#4 Příspěvek od **JaRon** » 10 úno 2012 07:21

vycisti PC s AVPTool
restart a vloz log RSIT a popis spravanie sa PC

Sejsel · #5 Příspěvek od **Sejsel** » 27 úno 2012 20:38

Bohužel, AVPTool mi hlásí 17 dní a to jaksi tak dlouho běžet nechat nemohu. Nebyl by nějaký jiný způsob? Jinak PC běží už mnohem svižněji..

#6 Příspěvek od **motji** » 28 úno 2012 22:37

Zdravím, záskok za kolegu

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

Sejsel · #7 Příspěvek od **Sejsel** » 05 bře 2012 18:46

OTL.txt zde: (moc dlouhé, 133154 znaků..)
http://dl.dropbox.com/u/38259711/virycz/OTL.Txt

Extras.txt zde:

OTL Extras logfile created on: 5.3.2012 8:38:13 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Documents and Settings\Worker\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,46% Memory free
7,71 Gb Paging File | 6,77 Gb Available in Paging File | 87,84% Paging File free
Paging file location(s): D:\pagefile.sys 6000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 4,09 Gb Free Space | 2,79% Space Free | Partition Type: NTFS
Drive D: | 86,39 Gb Total Space | 33,70 Gb Free Space | 39,00% Space Free | Partition Type: NTFS

Computer Name: JIRA | User Name: Worker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files\Git\bin\wish.exe" "C:\Program Files\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- wscript "C:\Program Files\Git\Git Bash.vbs" "%1"
Directory [Sync with Dropbox] -- "C:\Program Files\Dropbox Folder Sync\Dropbox Folder Sync.exe" "%1" "sync" ()
Directory [UnSync with Dropbox] -- "C:\Program Files\Dropbox Folder Sync\Dropbox Folder Sync.exe" "%1" "unsync" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56289:TCP" = 56289:TCP:*:Enabled:Pando Media Booster
"56289:UDP" = 56289:UDP:*:Enabled:Pando Media Booster
"56849:TCP" = 56849:TCP:*:Enabled:Pando Media Booster
"56849:UDP" = 56849:UDP:*:Enabled:Pando Media Booster
"57919:TCP" = 57919:TCP:*:Enabled:Pando Media Booster
"57919:UDP" = 57919:UDP:*:Enabled:Pando Media Booster
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56907:TCP" = 56907:TCP:*:Enabled:Pando Media Booster
"56907:UDP" = 56907:UDP:*:Enabled:Pando Media Booster
"59024:TCP" = 59024:TCP:*:Enabled:Pando Media Booster
"59024:UDP" = 59024:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"57415:TCP" = 57415:TCP:*:Enabled:Pando Media Booster
"57415:UDP" = 57415:UDP:*:Enabled:Pando Media Booster
"56289:TCP" = 56289:TCP:*:Enabled:Pando Media Booster
"56289:UDP" = 56289:UDP:*:Enabled:Pando Media Booster
"57029:TCP" = 57029:TCP:*:Enabled:Pando Media Booster
"57029:UDP" = 57029:UDP:*:Enabled:Pando Media Booster
"56849:TCP" = 56849:TCP:*:Enabled:Pando Media Booster
"56849:UDP" = 56849:UDP:*:Enabled:Pando Media Booster
"57919:TCP" = 57919:TCP:*:Enabled:Pando Media Booster
"57919:UDP" = 57919:UDP:*:Enabled:Pando Media Booster
"26500:TCP" = 26500:TCP:*:Enabled:Minecraft
"26500:UDP" = 26500:UDP:*:Enabled:Minecraft
"12975:TCP" = 12975:TCP:*:Enabled:Initiator
"32976:TCP" = 32976:TCP:*:Enabled:Session
"17771:TCP" = 17771:TCP:*:Enabled:Hamachi
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56907:TCP" = 56907:TCP:*:Enabled:Pando Media Booster
"56907:UDP" = 56907:UDP:*:Enabled:Pando Media Booster
"59024:TCP" = 59024:TCP:*:Enabled:Pando Media Booster
"59024:UDP" = 59024:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gameforge4D\AirRivals_EN\Launcher.atm" = C:\Program Files\Gameforge4D\AirRivals_EN\Launcher.atm:Enabled:GameExe2
"C:\Program Files\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe" = C:\Program Files\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft - Repair
"C:\Program Files\mIRCcz\mirc32.exe" = C:\Program Files\mIRCcz\mirc32.exe:*:Disabled:mIRC
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\Subagames\ACE Online\Launcher.atm" = C:\Program Files\Subagames\ACE Online\Launcher.atm:Enabled:GameExe2
"C:\Program Files\Subagames\ACE Online\Res-Voip\SCVoIP.exe" = C:\Program Files\Subagames\ACE Online\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"D:\Uziv\Jira\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = D:\Uziv\Jira\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"D:\Uziv\Jira\Program Files\World of Warcraft_3.2.2\WoW-3.2.0-enUS-downloader.exe" = D:\Uziv\Jira\Program Files\World of Warcraft_3.2.2\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"D:\Uziv\Jira\Program Files\World of Warcraft_3.2.2\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = D:\Uziv\Jira\Program Files\World of Warcraft_3.2.2\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Giganology\Gigaget\Gigaget.exe" = C:\Program Files\Giganology\Gigaget\Gigaget.exe:*:Enabled:Gigaget -- (Giganology Inc.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\Program Files\ZebraNetworkSystems\NeoRouter\NRService.exe" = C:\Program Files\ZebraNetworkSystems\NeoRouter\NRService.exe:*:Enabled:NRService.exe
"C:\Documents and Settings\Worker\Plocha\SweetImSetup.exe" = C:\Documents and Settings\Worker\Plocha\SweetImSetup.exe:*:Enabled:SweetIM Installer
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft Beta\Launcher.exe" = C:\Program Files\World of Warcraft Beta\Launcher.exe:*:Enabled:Blizzard Launcher
"D:\Uziv\Jira\Program Files\World of Warcraft Beta\Launcher.exe" = D:\Uziv\Jira\Program Files\World of Warcraft Beta\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"D:\Uziv\Jira\Program Files\World of WarcraftTrial\Launcher.exe" = D:\Uziv\Jira\Program Files\World of WarcraftTrial\Launcher.exe:*:Enabled:Blizzard Launcher
"D:\Uziv\Jira\Program Files\World of WarcraftTrial\Launcher.patch.exe" = D:\Uziv\Jira\Program Files\World of WarcraftTrial\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortChecker -- (portforward.com)
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi -- (LogMeIn Inc.)
"C:\Documents and Settings\Worker\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe" = C:\Documents and Settings\Worker\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe:*:Enabled:PT2Downloader
"C:\Documents and Settings\Worker\Local Settings\Temp\7ZipSfx.001\CF_Downloader.exe" = C:\Documents and Settings\Worker\Local Settings\Temp\7ZipSfx.001\CF_Downloader.exe:*:Enabled:PT2Downloader
"C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe" = C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\AeriaGames\EdenEternal\launcher.exe" = C:\AeriaGames\EdenEternal\launcher.exe:*:Enabled:launcher.exe -- (X-LEGEND ENTERTAINMENT)
"C:\AeriaGames\EdenEternal\_Launcher.exe" = C:\AeriaGames\EdenEternal\_Launcher.exe:*:Enabled:_Launcher.exe -- (X-LEGEND ENTERTAINMENT)
"C:\Documents and Settings\Worker\Data aplikací\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Worker\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe" = C:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe -- (K2 Network, Inc.)
"C:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe" = C:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe -- (Vivox Inc.)
"C:\Program Files\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe" = C:\Program Files\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe:*:Enabled:Spiral Knights -- (Sun Microsystems, Inc.)
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- (Pinnacle Systems)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\DragonNest\DragonNest.exe" = C:\Nexon\DragonNest\DragonNest.exe:*:Enabled:Dragon Nest
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- ()
"C:\Program Files\cacaoweb\cacaoweb.exe" = C:\Program Files\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb -- ()
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010405-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00100405-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000
"{00110405-78E1-11D2-B60F-006097C998E7}" = Microsoft Excel 2000
"{00160405-78E1-11D2-B60F-006097C998E7}" = Microsoft Outlook 2000
"{00170405-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06968636-3053-3474-9AF4-CC363F7C41C0}" = Strawberry Perl
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AF3FEAE-B651-4421-97EF-4808A588B4E5}" = LastChaos
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F3BEAD5-4368-4CBC-9876-11B8475DE285}" = OSCAR Editor
"{1111706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2
"{12BA5DFC-4BE2-4F07-BE38-5BDC50789B35}" = TenLittleIndians
"{1473CBD6-E5A8-4014-8964-C1DEA6DDD0D4}" = Return to Mysterious Island
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C689A8C-627C-468E-A067-4D72562087AF}" = PowerArchiver 2007 Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE644DF-66E6-405E-865E-BBA8A5E7B330}" = Age of Empires
"{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{234F5FD0-7C56-D5AF-E46A-E00231D6D99F}" = Creeper World 2
"{236BB7C4-4419-42FD-0405-1E257A25E34D}" = Adobe Photoshop CS2
"{26918E50-6EDC-4A59-A31E-E9C1EF06F1BC}_is1" = Batch XLSX to XLS Converter 2010
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{29E777C0-042C-418F-9B68-4DE5EA2CE6EA}" = ABC Player
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{32A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25
"{32A3A4F4-B792-11D6-A78A-00B0D0160300}" = Java(TM) SE Development Kit 6 Update 30
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{44B32F92-5A96-43D9-BCBE-0AD2CDC409E7}" = TortoiseHg 1.1.3 (x86)
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{520F5B6C-44B8-418F-BBA2-3AD149F59A75}" = Age of Empires Scenarios
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{551D1FE0-ECEE-4794-BCAA-840B14345C7A}" = SmartFTP Client
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B00A513-5EC9-45FE-8073-73A6C8F7E399}" = Age of Empires Video
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Ovladače videa společnosti Pinnacle
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B433560-10DD-40FD-87DE-222355798CC7}" = Age of Empires Campaigns
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D182CD-2E7B-4994-9937-6562CF2BFFFC}_is1" = Pokemon Word Online 1.0
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7E7396E5-9CAD-473C-BBE0-D0AFBFB7996D}" = liteCam Evaluation
"{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}" = Microsoft Visual C# 2005 Express Edition - ENU
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{851367C1-2F9F-4087-B3E8-8DECFE328370}" = The Da Vinci Code
"{86AF3A1C-F4AA-4F92-ADFB-FE8D60C7AC78}" = MXR Web3D Player 1.3
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8C64C35E-093A-43B9-B7E5-9966581FC143}" = iSCC
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{952E960F-7241-499C-9A66-18C42C1C176C}_is1" = Heroes of Annihilated Empires
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95D6B2D2-C7E4-425A-BFCE-0D4EFC41DB10}_is1" = Websurf verze 1.0.0.2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5 Tryout
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter(TM) a vězeň z Azkabanu
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A6ECAFE7-4AD4-4AC8-8C6C-D997BAAB67E3}" = Pusher
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter and the Order of the Phoenix™
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B904D0AE-C4D8-4808-AEB9-FAFCC9F6EB1B}_is1" = IAHGames Player 2.03.2331
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{BF39D402-2041-48C4-B16B-B744DC633CF8}" = S4 League_EU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C8F4800F-52F4-4115-BE64-FF1C23604E86}_is1" = Sothink SWF Easy
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDA7B06-A6C0-4C0F-9B5A-9B7F68D110F9}" = Oracle VM VirtualBox 4.1.2
"{CF07A1C9-098F-47DD-99E0-B6558C33871B}" = Garmin MapSource
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1" = FlatOut2
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DA717A01-3191-1373-0C79-8EEB286BAD4B}" = Kubik
"{DA8EDE2A-732D-431C-8E8A-D085A9D5BE4B}" = Age of Empires Manual
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E362877A-2359-4696-BEEF-ECE06EB3AAFE}" = Noční hlídka
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F7BD74B9-5F69-4A0B-969A-7B4A2E04C910}" = SQL Log Rescue
"{F8C6CF5C-8021-4EC4-A43B-096FE39CB2B5}" = World of Warcraft Model Viewer
"{FE6397C1-CECA-4EC3-B064-42AED7676898}" = Sony Ericsson PC Suite
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF2705ED-8734-417D-A854-4EA3F679CCC5}" = MySQL Server 4.1
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = The Lord of the Rings Online™ v03.02.04.8010
"7-Zip" = 7-Zip 9.20
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft" = Acoustica Mixcraft
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"AmiBroker_is1" = AmiBroker 5.30
"AnalogX AutoTune" = AnalogX AutoTune
"Android SDK Tools" = Android SDK Tools
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"AnyClient 1.7" = AnyClient 1.7
"APB Reloaded" = APB Reloaded
"aTube Catcher" = aTube Catcher
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"avast" = avast! Free Antivirus
"Axxa's World of Warcraft Logo Creator v1.2" = Axxa's World of Warcraft Logo Creator v1.2
"Axxa's Wow Logo Creator v1.1" = Axxa's Wow Logo Creator v1.1
"BitTorrent" = BitTorrent
"BLS PDF EXTRACT_is1" = BLSPDFEXTRACT
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"Caesar 3" = Caesar 3
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"Claustrosphere_is1" = Claustrosphere 1.0
"CloneDVD2" = CloneDVD2
"Clownfish" = Clownfish for Skype
"CMake" = CMake 2.8 a cross-platform, open-source build system
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"CreeperWorld2.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1" = Creeper World 2
"CSVed_is1" = CSVed 2.1.2a
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup" = DivX Setup
"DragonNest" = DragonNest
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0
"EasyLex2" = Lingea EasyLex 2
"EdenEternal" = EdenEternal
"Europe MapleStory_is1" = Europe MapleStory
"Exportizer Pro_is1" = Exportizer Pro 4.51
"FileZilla Client" = FileZilla Client 3.3.0.1
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Fraps" = Fraps (remove only)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.5.1
"Game Cam" = Game Cam 2.2
"GameParkClient_is1" = GamePark
"GamersFirst LIVE!" = GamersFirst LIVE!
"gamesport" = Kubik
"GameSpy Arcade" = GameSpy Arcade
"gigaget_is1" = Gigaget
"Git_is1" = Git version 1.7.4-preview20110204
"gm4ie" = gm4ie (remove only)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.2.5
"Havij_is1" = Havij 1.15 Free
"Hollywood FX 5" = Pinnacle Hollywood FX 5
"HotspotShield" = Hotspot Shield 2.23
"HyperCam 2" = HyperCam 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.3_is1" = Cheat Engine 5.3
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = CorelDRAW Graphics Suite 11
"InstallShield_{0F3BEAD5-4368-4CBC-9876-11B8475DE285}" = X7 Oscar Editor
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Jazz Jackrabbit 2 Christmas Chronicles 99" = Jazz Jackrabbit 2 Christmas Chronicles 99
"Joan of Arc" = Johanka z Arku
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Leo's Space Combat Simulator for PocketPC_is1" = Leo's Space Combat Simulator 1.5
"Leo's Void for PocketPC_is1" = Leo's Void 2.0
"LiveZilla" = LiveZilla
"m2xp m2xp Kurulum1 1.0" = m2xp m2xp Kurulum1 1.0
"m2xp m2xp Kurulum2 1.0" = m2xp m2xp Kurulum2 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.60.1.1000
"ManyCam" = ManyCam 2.6.55 (remove only)
"Mario Forever v 2.16 !" = Mario Forever v 2.16 !
"McAfee Security Scan" = McAfee Security Scan
"Media Key" = Media Key
"Metin2_is1" = Metin2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2005 Express Edition - ENU" = Microsoft Visual C# 2005 Express Edition - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Migo" = Migo (remove only)
"MilkShape 3D 1.8.4" = MilkShape 3D 1.8.4
"Minecraft (Beta v1.3) Beta v1.3" = Minecraft (Beta v1.3)
"mIRC" = mIRC
"MOV to AVI MPEG WMV Converter_is1" = MOV to AVI MPEG WMV Converter 6.1.0119
"Mozilla Firefox 9.0.1 (x86 cs)" = Mozilla Firefox 9.0.1 (x86 cs)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MPEG Video Wizard DVD" = MPEG Video Wizard DVD
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MXR Web3D Player 1.3" = MXR Web3D Player 1.3
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Naval Conflicts Pocket Pc QVGA_is1" = Naval Conflicts Pocket Pc v1.0.4 QVGA
"Neffy" = Neffy 1,2,1,11
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSSL (32-bit)_is1" = OpenSSL 1.0.0a (32-bit)
"OpenVPN" = OpenVPN 2.1.1
"Opera 11.52.1100" = Opera 11.52
"PC Translator" = PC Translator
"PFPortChecker" = PFPortChecker 1.0.39
"PhotoFiltre" = PhotoFiltre
"Plus500" = Plus500
"Polipo" = Polipo 1.0.4.1
"PremiumSoft Navicat 8.2 for MySQL_is1" = PremiumSoft Navicat 8.2 for MySQL
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 9.0
"PremiumSoft Navicat Premium_is1" = PremiumSoft Navicat Premium 9.0
"ProcessScanner_is1" = Uniblue ProcessScanner
"PunkBusterSvc" = PunkBuster Services
"Quick Search Box" = Pole rychlého vyhledávání Google
"rajče.net_is1" = rajče beta50
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.140
"Real Desktop Light_is1" = Real Desktop 1.39 Light
"Recover Files_is1" = Recover Files 2.1
"Shock Desktop 3D v0.5" = Shock Desktop 3D v0.5
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"Sierra Utilities" = Sierra Utilities
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 3.27
"SpeedFan" = SpeedFan (remove only)
"SQLyog Community" = SQLyog Community 8.4
"SSH2Deluxe" = SSH2Deluxe Screen Saver
"ST6UNST #1" = Vypnutí PC
"Steam App 440" = Team Fortress 2
"Steam App 99900" = Spiral Knights
"StencylWorks" = StencylWorks
"Super Mario: Blue Twilight DX (v1.04.1)" = Super Mario: Blue Twilight DX (v1.04.1)
"TallStick TS-AudioToMIDI 3.30" = TallStick TS-AudioToMIDI 3.30 (remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"The FilmMachine_is1" = The FilmMachine 1.5.4
"The Sims" = The Sims
"The Ultimate Pokemon Explode" = The Ultimate Pokemon Explode
"Theme Manager" = Theme Manager
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.1
"Tor" = Tor 0.2.1.30
"Totalcmd" = Total Commander (Remove or Repair)
"Ultimate Unwrap3D 2.15_is1" = Ultimate Unwrap3D 2.15
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.1
"Vidalia" = Vidalia 0.2.12
"VirtualCloneDrive" = VirtualCloneDrive
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Archivátor WinRAR
"winscp3_is1" = WinSCP 4.3.3
"WinUndelete" = WinUndelete
"WinZip" = WinZip
"WMA To MP3 Converter" = WMA To MP3 Converter
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft Desktop" = World of Warcraft Desktop
"Worms World Party for Smartphone" = Worms World Party for Smartphone
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMoto" = X-Moto
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"YouTube Downloader_is1" = YouTube Downloader 2.5
"ZAV1_is1" = ZAV 4.48 (32bit)
"ZHTIELangPack" = Chinese (Traditional) Language Support
"Zlomek kalkulator 1.2" = Zlomek kalkulator 1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Worker
"Akamai" = Akamai NetSession Interface
"ClubCooee" = Club Cooee
"Discovery Online" = Discovery Online
"Dropbox" = Dropbox
"fb434eb791fca39b" = WoW Model Exporter
"FlashMute" = FlashMute
"Pirate Galaxy" = Pirate Galaxy
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 5.11.2010 9:49:44 | Computer Name = JIRA | Source = avast! | ID = 33554522
Description =

Error - 5.11.2010 9:49:44 | Computer Name = JIRA | Source = avast! | ID = 33554522
Description =

Error - 5.11.2010 9:49:44 | Computer Name = JIRA | Source = avast! | ID = 33554522
Description =

Error - 5.11.2010 9:49:44 | Computer Name = JIRA | Source = avast! | ID = 33554522
Description =

Error - 5.11.2010 9:49:44 | Computer Name = JIRA | Source = avast! | ID = 33554522
Description =

Error - 5.11.2010 9:49:44 | Computer Name = JIRA | Source = avast! | ID = 33554522
Description =

Error - 5.11.2010 9:49:44 | Computer Name = JIRA | Source = avast! | ID = 33554522
Description =

Error - 5.11.2010 9:49:44 | Computer Name = JIRA | Source = avast! | ID = 33554522
Description =

Error - 5.11.2010 9:49:44 | Computer Name = JIRA | Source = avast! | ID = 33554522
Description =

Error - 5.11.2010 9:49:44 | Computer Name = JIRA | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 12.9.2010 13:02:52 | Computer Name = JIRA | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.

Error - 12.9.2010 13:02:52 | Computer Name = JIRA | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.

Error - 12.9.2010 13:19:36 | Computer Name = JIRA | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.

Error - 12.9.2010 13:19:36 | Computer Name = JIRA | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.

Error - 12.9.2010 14:40:52 | Computer Name = JIRA | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.

Error - 12.9.2010 14:40:52 | Computer Name = JIRA | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.

Error - 12.9.2010 14:59:36 | Computer Name = JIRA | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.

Error - 12.9.2010 14:59:36 | Computer Name = JIRA | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.

Error - 12.9.2010 15:03:12 | Computer Name = JIRA | Source = Application Error | ID = 1000
Description = Chybující aplikace megamanager.exe, verze 3.3.0.4, chybující modul
msvcr71.dll, verze 7.10.6030.0, adresa chyby 0x00011f8b.

Error - 12.9.2010 15:03:35 | Computer Name = JIRA | Source = Application Error | ID = 1000
Description = Chybující aplikace megamanager.exe, verze 3.3.0.4, chybující modul
msvcr71.dll, verze 7.10.6030.0, adresa chyby 0x00011f8b.

[ System Events ]
Error - 16.9.2010 8:06:54 | Computer Name = JIRA | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 5.166.19.64 pro síťovou kartu se síťovou
adresou 7A7905A61340 byla ukončena.

Error - 17.9.2010 0:56:26 | Computer Name = JIRA | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 5.166.19.64 pro síťovou kartu se síťovou
adresou 7A7905A61340 byla ukončena.

Error - 17.9.2010 11:53:17 | Computer Name = JIRA | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 5.166.19.64 pro síťovou kartu se síťovou
adresou 7A7905A61340 byla ukončena.

Error - 17.9.2010 11:53:22 | Computer Name = JIRA | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.nist.gov,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 17.9.2010 11:53:22 | Computer Name = JIRA | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 17.9.2010 11:53:24 | Computer Name = JIRA | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.nist.gov,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 17.9.2010 11:53:24 | Computer Name = JIRA | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 19.9.2010 16:00:48 | Computer Name = JIRA | Source = Service Control Manager | ID = 7034
Description = Služba VMware Authorization Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 20.9.2010 8:05:47 | Computer Name = JIRA | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
VMware Authorization Service.

Error - 20.9.2010 8:05:47 | Computer Name = JIRA | Source = Service Control Manager | ID = 7000
Description = Služba VMware Authorization Service neuspěla při spuštění v důsledku
následující chyby: %%1053

< End of report >

#8 Příspěvek od **motji** » 05 bře 2012 22:20

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKLM\..\SearchScopes\zbani: "URL" = http://home.zbani.com/en/get/{searchTerms}
IE - HKU\S-1-5-21-1454471165-287218729-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1454471165-287218729-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1454471165-287218729-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.zbani.com/
IE - HKU\S-1-5-21-1454471165-287218729-725345543-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=bf&s={searchTerms}&f=4
IE - HKU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms}
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCman000&fl=0&ptb=HY0VU7lHiqsermOSseCaMw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
 FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown:  File not found
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O4 - HKU\S-1-5-21-1454471165-287218729-725345543-1003..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Worker\Local Settings\Data aplikací\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1454471165-287218729-725345543-1003..\Run: [Clownfish]  File not found
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:671329E4
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Documents and Settings\Worker\Data aplikací\a

:commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

Sejsel · #9 Příspěvek od **Sejsel** » 06 bře 2012 17:14

Tak, log je tady..

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
HKU\S-1-5-21-1454471165-287218729-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1454471165-287218729-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1454471165-287218729-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Unable to set value : HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "http://www.mywebsearch.com/jsp/cfg_redi ... searchfor=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@rsj.de/prodown\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{140BD8E3-C167-11D4-B4A3-080000180323}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.
Registry value HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Documents and Settings\Worker\Local Settings\Data aplikací\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Clownfish deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:671329E4 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\DUMP3c0f.tmp moved successfully.
C:\WINDOWS\SET25.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP128.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1A5.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP31A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP776.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI10.tmp moved successfully.
C:\WINDOWS\Installer\MSID.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\REN9A4.tmp moved successfully.
C:\WINDOWS\system32\REN9A5.tmp moved successfully.
C:\WINDOWS\system32\REN9A6.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_4A797.tmp folder moved successfully.
C:\WINDOWS\vf_hip\hideip.tmp moved successfully.
C:\Documents and Settings\Worker\Data aplikací\a moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 222
->Temp folder emptied: 587635 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56507 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2535148 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Worker
->Temp folder emptied: 167194549 bytes
->Temporary Internet Files folder emptied: 108241571 bytes
->Java cache emptied: 79723096 bytes
->FireFox cache emptied: 430963029 bytes
->Google Chrome cache emptied: 239012074 bytes
->Opera cache emptied: 3654827 bytes
->Flash cache emptied: 5423118 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10751633 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 271104116 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 33573497 bytes

Total Files Cleaned = 1 290,00 mb

[EMPTYFLASH]

User: 222
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Worker
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.34.0 log created on 03062012_075610

Files\Folders moved on Reboot...
C:\Documents and Settings\Worker\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...

#10 Příspěvek od **motji** » 06 bře 2012 19:31

Jak je na tom počítač?

Sejsel · #11 Příspěvek od **Sejsel** » 06 bře 2012 19:34

No, jede trochu rychleji, ale pořád nic moc. Např. Chrome se pořád zasekává a PC občas šrotuje, i když nic nedělám..

#12 Příspěvek od **motji** » 06 bře 2012 20:11

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Sejsel · #13 Příspěvek od **Sejsel** » 06 bře 2012 21:48

Tady je log z Combofixu. Už jsem se bál, že to pojede velmi dlouho, ale kolem 8mé fáze se to rozjelo

Jinak, u Avastu jsem předtím vypnul ochranu, poté zase zapnul. Snad jsem to tím nijak nezkonil...

ComboFix 12-03-06.01 - Worker 06.03.2012 21:29:52.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1346 [GMT 1:00]
Spuštěný z: c:\documents and settings\Worker\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\-1609850119
C:\CFLog
c:\documents and settings\Worker\WINDOWS
C:\install.exe
c:\program files\%syste~1
c:\program files\cacaoweb
c:\program files\cacaoweb\cacaoweb.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\sys
c:\windows\sys\msvcp100d.dll
c:\windows\sys\msvcr100.dll
c:\windows\sys\msvcr100d.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\ReadMe.txt
c:\windows\system32\sys
c:\windows\system32\Sys\yahoo.001
c:\windows\system32\sys\yahoo.002
c:\windows\system32\sys\yahoo.006
c:\windows\system32\sys\yahoo.007
c:\windows\system32\Sys\yahoo.exe
c:\windows\wpe pro.INI
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-06 do 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2020-08-14 15:24 . 2012-03-06 19:00 -------- d-----w- c:\documents and settings\Worker\Data aplikací\Hamachi
2020-08-14 15:24 . 2011-11-23 17:58 -------- d-----w- c:\program files\Hamachi
2012-03-06 06:56 . 2012-03-06 06:56 -------- d-----w- C:\_OTL
2012-03-04 10:03 . 2002-07-11 11:00 12856 ----a-w- c:\windows\system32\drivers\kbfilter.sys
2012-03-04 10:03 . 2006-04-28 16:40 9291 ----a-w- c:\windows\system32\drivers\UsbFltr.sys
2012-03-04 10:03 . 2012-03-04 10:03 -------- d-----w- c:\program files\Media Key
2012-03-03 16:51 . 2012-03-03 16:51 -------- d-----w- c:\documents and settings\Worker\Local Settings\Data aplikací\Dropbox_Folder_Sync
2012-03-03 16:50 . 2012-03-03 16:50 -------- d-----w- c:\program files\Dropbox Folder Sync
2012-03-03 16:50 . 2012-03-03 16:50 -------- d-----w- c:\documents and settings\Worker\Data aplikací\Dropbox Folder Sync
2012-03-02 20:48 . 2012-03-05 07:44 512 ----a-w- C:\PhysicalMBR.bin
2012-02-09 14:44 . 2012-02-09 14:44 -------- d-----w- c:\documents and settings\Worker\Data aplikací\Malwarebytes
2012-02-09 14:44 . 2012-02-09 14:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-09 14:44 . 2012-02-09 14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-09 14:44 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-08 18:10 . 2012-02-09 14:36 -------- d-----w- c:\program files\trend micro
2012-02-08 18:10 . 2012-02-08 18:11 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-08-14 15:24 . 2009-11-23 19:14 25280 ------w- c:\windows\system32\drivers\hamachi.sys
2012-02-24 13:59 . 2011-06-03 04:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 16:23 . 2011-01-01 09:18 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2008-08-17 08:44 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-05-28 11:44 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2008-08-17 08:44 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2008-08-17 08:44 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2008-08-17 08:44 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2008-08-17 08:44 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-23 16:10 . 2008-08-17 08:44 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-23 16:10 . 2008-08-17 08:44 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:07 . 2008-08-17 08:44 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-05 18:38 . 2012-01-05 18:38 58704 ----a-r- c:\documents and settings\Worker\Data aplikací\Microsoft\Installer\{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}\ARPPRODUCTICON.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2009-02-15 13:54 . 2009-02-15 13:54 1038968 ----a-w- c:\program files\Google_Updater.exe
2007-05-25 09:55 . 2008-06-30 16:24 1972895 ----a-w- c:\program files\Chalk.exe
2012-01-20 19:58 . 2011-04-06 15:52 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2007-10-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2007-10-29 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\sfcfiles.dll
[-] 2008-01-08 . 516EFD1A01B69CD692C6F75F5D0DB280 . 1546752 . . [5.1.2600.3186] . . c:\windows\system32\sfcfiles.dll
.
c:\windows\System32\drivers\beep.sys ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Worker\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Worker\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Worker\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Worker\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GM4IE"="c:\program files\GM4IE\gm4ie.exe" [2006-07-23 61440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-19 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-05 3077528]
"OscarEditor"="c:\program files\OSCAR Editor X7\OscarEditor.exe" [2010-07-22 2636800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-12-01 126976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-29 15360]
.
c:\documents and settings\Worker\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Worker\Data aplikací\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Media Key.lnk - c:\program files\Media Key\MagicKey.exe [2012-3-4 159744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2011-11-01 08:42 962048 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashMute]
2006-03-11 19:49 221184 ----a-w- c:\program files\FlashMute\flashmute.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gigaget]
2006-02-07 08:28 495616 ----a-w- c:\program files\Giganology\Gigaget\GigagetShell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2011-12-01 06:33 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]
2011-09-29 13:53 438272 ----a-w- c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-12-04 11:34 406016 ------w- c:\windows\system32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTBatteryMeter]
2003-01-16 10:32 49152 ----a-w- c:\program files\VibrateGameDeviceDriver\rfpicon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-03-27 23:07 593920 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TortoiseHgOverlayIconServer]
2010-08-26 16:32 44448 ----a-w- c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2009-03-26 21:57 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HssWd"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\AeriaGames\\EdenEternal\\launcher.exe"=
"c:\\AeriaGames\\EdenEternal\\_Launcher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Worker\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\GamersFirst\\APB Reloaded\\Binaries\\APB.exe"=
"c:\\Program Files\\GamersFirst\\APB Reloaded\\Binaries\\VivoxVoiceService.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57415:TCP"= 57415:TCP:Pando Media Booster
"57415:UDP"= 57415:UDP:Pando Media Booster
"56289:TCP"= 56289:TCP:Pando Media Booster
"56289:UDP"= 56289:UDP:Pando Media Booster
"57029:TCP"= 57029:TCP:Pando Media Booster
"57029:UDP"= 57029:UDP:Pando Media Booster
"56849:TCP"= 56849:TCP:Pando Media Booster
"56849:UDP"= 56849:UDP:Pando Media Booster
"57919:TCP"= 57919:TCP:Pando Media Booster
"57919:UDP"= 57919:UDP:Pando Media Booster
"26500:TCP"= 26500:TCP:Minecraft
"26500:UDP"= 26500:UDP:Minecraft
"12975:TCP"= 12975:TCP:Initiator
"32976:TCP"= 32976:TCP:Session
"17771:TCP"= 17771:TCP:Hamachi
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56907:TCP"= 56907:TCP:Pando Media Booster
"56907:UDP"= 56907:UDP:Pando Media Booster
"59024:TCP"= 59024:TCP:Pando Media Booster
"59024:UDP"= 59024:UDP:Pando Media Booster
.
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [11.9.2006 13:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [3.11.2006 9:24 61312]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.5.2011 12:44 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.8.2008 9:44 337112]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [4.3.2012 11:03 12856]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [4.3.2012 11:03 9291]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [15.2.2011 15:38 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [15.2.2011 15:38 90928]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [29.10.2007 12:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.8.2008 9:44 20696]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [26.7.2008 19:42 164992]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [15.12.2011 16:19 21992]
R2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [14.8.2020 16:24 624416]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [29.12.2011 3:46 331608]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [26.7.2008 19:42 12544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.2.2012 15:44 652360]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [19.1.2012 12:47 3027840]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [26.3.2009 22:58 54960]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.1.2008 11:06 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9.2.2012 15:44 20464]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [18.12.2009 13:43 47360]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18.1.2011 17:43 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [18.1.2011 17:43 116016]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [19.11.2011 10:22 17792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c98f7666d64ee2;Služba Google Update (gupdate1c98f7666d64ee2);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2009 15:04 133104]
S2 MySQL5;MySQL5;"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt" --defaults-file="c:\program files\MySQL\MySQL Server 4.1\my.ini" MySQL5 --> c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt [?]
S2 psrem02;CD Guard Drivers Auto Removal (v2);c:\windows\system32\psrem02.exe svc --> c:\windows\system32\psrem02.exe svc [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2009 15:04 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 nrtap;NeoRouter Virtual Network Interface;c:\windows\system32\drivers\nrtap.sys [1.9.2009 20:06 24576]
S3 vproiah;vproiah;c:\windows\system32\drivers\vproiah.sys [5.9.2011 20:08 16128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys --> c:\windows\system32\XDva388.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-23 10:56]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 14:04]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 14:04]
.
2020-08-14 c:\windows\Tasks\User_Feed_Synchronization-{9738FE7F-7ACE-45C0-B9AA-1A9B2F763858}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page =
mLocal Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;127.0.0.1:9421;
IE: &Download All by Gigaget - c:\program files\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\Giganology\Gigaget\geturl.htm
IE: Baixar com o Rapidown... - c:\program files\Rapidown\rapidownGet.htm
IE: Baixar tudo com o Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\rapidown.exe
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: Interfaces\{C660AAAB-4E42-41D3-A3BA-B9A9756E7E09}: NameServer = 10.0.0.138,10.0.0.225
TCP: Interfaces\{DACF0F24-31C4-489D-BC12-8A57D74230C6}: NameServer = 10.0.0.138
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platfo ... ersion=7.0
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Components/A ... eQuery.dll
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Worker\Data aplikací\Mozilla\Firefox\Profiles\zqmkaahb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-cacaoweb - c:\program files\cacaoweb\cacaoweb.exe
MSConfigStartUp-cacaoweb - c:\program files\cacaoweb\cacaoweb.exe
MSConfigStartUp-Google Update - c:\documents and settings\Worker\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Naval Conflicts Pocket Pc QVGA_is1 - k:\program files\Naval Conflicts\unins000.exe
AddRemove-SHOUTcastDSP - c:\program files\Winamp\uninst-dsp.exe
AddRemove-{7E7396E5-9CAD-473C-BBE0-D0AFBFB7996D} - c:\program files\InstallShield Installation Information\{7E7396E5-9CAD-473C-BBE0-D0AFBFB7996D}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 21:39
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL5"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0f,b2,b5,ec,93,eb,02,57,42,62,cb,3d,b7,28,e8,31,03,37,e0,71,b7,76,94,
5b,ce,37,a6,65,01,6a,dc,48,d8,2d,58,ed,7e,44,88,46,08,cc,06,9d,78,07,94,2c,\
"??"=hex:13,d3,f9,47,4b,e2,e6,71,39,18,84,1b,f1,0a,a0,2a
.
[HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:19,6b,15,e7,0b,45,2b,c4,cf,76,cd,f0,03,9a,33,1d,8e,df,29,28,ca,
1c,1a,60,66,0b,ef,c4,2d,73,fa,98,8e,d9,7b,df,f8,7e,70,65,c7,db,e2,27,e6,87,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1884)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2012-03-06 21:43:31
ComboFix-quarantined-files.txt 2012-03-06 20:43
.
Před spuštěním: 4 693 299 200
Po spuštění: 4 632 854 528
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 42D8814769276951B1A8032861693AB4

#14 Příspěvek od **JaRon** » 07 bře 2012 07:57

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Driver::
XDva385
XDva388
XDva389
XDva390
XDva391

FCopy::
C:\WINDOWS\system32\dllcache\beep.sys | c:\windows\System32\drivers\beep.sys

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:

Obrázek

po aplikacii by mal vzniknut dalsi log, ten vloz sem

Sejsel · #15 Příspěvek od **Sejsel** » 07 bře 2012 08:54

Už to jede mnohem rychleji...

LOG:

ComboFix 12-03-06.01 - Worker 07.03.2012 8:15.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.922 [GMT 1:00]
Spuštěný z: c:\documents and settings\Worker\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Worker\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\beep.sys --> c:\windows\System32\drivers\beep.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA385
-------\Legacy_XDVA388
-------\Legacy_XDVA389
-------\Legacy_XDVA390
-------\Legacy_XDVA391
-------\Service_XDva385
-------\Service_XDva388
-------\Service_XDva389
-------\Service_XDva390
-------\Service_XDva391
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-07 do 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2020-08-14 15:24 . 2012-03-07 07:37 -------- d-----w- c:\documents and settings\Worker\Data aplikací\Hamachi
2020-08-14 15:24 . 2011-11-23 17:58 -------- d-----w- c:\program files\Hamachi
2012-03-07 07:15 . 2007-10-29 11:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2012-03-07 07:15 . 2007-10-29 11:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2012-03-06 06:56 . 2012-03-06 06:56 -------- d-----w- C:\_OTL
2012-03-04 10:03 . 2002-07-11 11:00 12856 ----a-w- c:\windows\system32\drivers\kbfilter.sys
2012-03-04 10:03 . 2006-04-28 16:40 9291 ----a-w- c:\windows\system32\drivers\UsbFltr.sys
2012-03-04 10:03 . 2012-03-04 10:03 -------- d-----w- c:\program files\Media Key
2012-03-03 16:51 . 2012-03-03 16:51 -------- d-----w- c:\documents and settings\Worker\Local Settings\Data aplikací\Dropbox_Folder_Sync
2012-03-03 16:50 . 2012-03-03 16:50 -------- d-----w- c:\program files\Dropbox Folder Sync
2012-03-03 16:50 . 2012-03-03 16:50 -------- d-----w- c:\documents and settings\Worker\Data aplikací\Dropbox Folder Sync
2012-03-02 20:48 . 2012-03-05 07:44 512 ----a-w- C:\PhysicalMBR.bin
2012-02-09 14:44 . 2012-02-09 14:44 -------- d-----w- c:\documents and settings\Worker\Data aplikací\Malwarebytes
2012-02-09 14:44 . 2012-02-09 14:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-09 14:44 . 2012-02-09 14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-09 14:44 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-08 18:10 . 2012-02-09 14:36 -------- d-----w- c:\program files\trend micro
2012-02-08 18:10 . 2012-02-08 18:11 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-08-14 15:24 . 2009-11-23 19:14 25280 ------w- c:\windows\system32\drivers\hamachi.sys
2012-02-24 13:59 . 2011-06-03 04:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 16:23 . 2011-01-01 09:18 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2008-08-17 08:44 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-05-28 11:44 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2008-08-17 08:44 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2008-08-17 08:44 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2008-08-17 08:44 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2008-08-17 08:44 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-23 16:10 . 2008-08-17 08:44 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-23 16:10 . 2008-08-17 08:44 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:07 . 2008-08-17 08:44 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-05 18:38 . 2012-01-05 18:38 58704 ----a-r- c:\documents and settings\Worker\Data aplikací\Microsoft\Installer\{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}\ARPPRODUCTICON.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2009-02-15 13:54 . 2009-02-15 13:54 1038968 ----a-w- c:\program files\Google_Updater.exe
2007-05-25 09:55 . 2008-06-30 16:24 1972895 ----a-w- c:\program files\Chalk.exe
2012-01-20 19:58 . 2011-04-06 15:52 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2007-10-29 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\sfcfiles.dll
[-] 2008-01-08 . 516EFD1A01B69CD692C6F75F5D0DB280 . 1546752 . . [5.1.2600.3186] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-03-06_20.39.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-07 07:37 . 2012-03-07 07:37 16384 c:\windows\Temp\Perflib_Perfdata_e88.dat
+ 2012-03-07 07:37 . 2012-03-07 07:37 16384 c:\windows\Temp\Perflib_Perfdata_6cc.dat
+ 2012-03-07 07:38 . 2012-03-07 07:38 16384 c:\windows\Temp\Perflib_Perfdata_554.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Worker\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Worker\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Worker\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Worker\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GM4IE"="c:\program files\GM4IE\gm4ie.exe" [2006-07-23 61440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-19 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-05 3077528]
"OscarEditor"="c:\program files\OSCAR Editor X7\OscarEditor.exe" [2010-07-22 2636800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-12-01 126976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-29 15360]
.
c:\documents and settings\Worker\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Worker\Data aplikací\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Media Key.lnk - c:\program files\Media Key\MagicKey.exe [2012-3-4 159744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2011-11-01 08:42 962048 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashMute]
2006-03-11 19:49 221184 ----a-w- c:\program files\FlashMute\flashmute.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gigaget]
2006-02-07 08:28 495616 ----a-w- c:\program files\Giganology\Gigaget\GigagetShell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2011-12-01 06:33 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]
2011-09-29 13:53 438272 ----a-w- c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-12-04 11:34 406016 ------w- c:\windows\system32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTBatteryMeter]
2003-01-16 10:32 49152 ----a-w- c:\program files\VibrateGameDeviceDriver\rfpicon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-03-27 23:07 593920 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TortoiseHgOverlayIconServer]
2010-08-26 16:32 44448 ----a-w- c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2009-03-26 21:57 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HssWd"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\AeriaGames\\EdenEternal\\launcher.exe"=
"c:\\AeriaGames\\EdenEternal\\_Launcher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Worker\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\GamersFirst\\APB Reloaded\\Binaries\\APB.exe"=
"c:\\Program Files\\GamersFirst\\APB Reloaded\\Binaries\\VivoxVoiceService.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57415:TCP"= 57415:TCP:Pando Media Booster
"57415:UDP"= 57415:UDP:Pando Media Booster
"56289:TCP"= 56289:TCP:Pando Media Booster
"56289:UDP"= 56289:UDP:Pando Media Booster
"57029:TCP"= 57029:TCP:Pando Media Booster
"57029:UDP"= 57029:UDP:Pando Media Booster
"56849:TCP"= 56849:TCP:Pando Media Booster
"56849:UDP"= 56849:UDP:Pando Media Booster
"57919:TCP"= 57919:TCP:Pando Media Booster
"57919:UDP"= 57919:UDP:Pando Media Booster
"26500:TCP"= 26500:TCP:Minecraft
"26500:UDP"= 26500:UDP:Minecraft
"12975:TCP"= 12975:TCP:Initiator
"32976:TCP"= 32976:TCP:Session
"17771:TCP"= 17771:TCP:Hamachi
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56907:TCP"= 56907:TCP:Pando Media Booster
"56907:UDP"= 56907:UDP:Pando Media Booster
"59024:TCP"= 59024:TCP:Pando Media Booster
"59024:UDP"= 59024:UDP:Pando Media Booster
.
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [11.9.2006 13:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [3.11.2006 9:24 61312]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.5.2011 12:44 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.8.2008 9:44 337112]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [4.3.2012 11:03 12856]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [4.3.2012 11:03 9291]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [15.2.2011 15:38 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [15.2.2011 15:38 90928]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [29.10.2007 12:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.8.2008 9:44 20696]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [26.7.2008 19:42 164992]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [15.12.2011 16:19 21992]
R2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [14.8.2020 16:24 624416]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [29.12.2011 3:46 331608]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [26.7.2008 19:42 12544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.2.2012 15:44 652360]
R2 MySQL5;MySQL5;"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt" --defaults-file="c:\program files\MySQL\MySQL Server 4.1\my.ini" MySQL5 --> c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt [?]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [26.3.2009 22:58 54960]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.1.2008 11:06 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9.2.2012 15:44 20464]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [18.12.2009 13:43 47360]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18.1.2011 17:43 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [18.1.2011 17:43 116016]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [19.11.2011 10:22 17792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c98f7666d64ee2;Služba Google Update (gupdate1c98f7666d64ee2);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2009 15:04 133104]
S2 psrem02;CD Guard Drivers Auto Removal (v2);c:\windows\system32\psrem02.exe svc --> c:\windows\system32\psrem02.exe svc [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2009 15:04 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 nrtap;NeoRouter Virtual Network Interface;c:\windows\system32\drivers\nrtap.sys [1.9.2009 20:06 24576]
S3 vproiah;vproiah;c:\windows\system32\drivers\vproiah.sys [5.9.2011 20:08 16128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-23 10:56]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 14:04]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 14:04]
.
2020-08-14 c:\windows\Tasks\User_Feed_Synchronization-{9738FE7F-7ACE-45C0-B9AA-1A9B2F763858}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page =
mLocal Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;127.0.0.1:9421;
IE: &Download All by Gigaget - c:\program files\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\Giganology\Gigaget\geturl.htm
IE: Baixar com o Rapidown... - c:\program files\Rapidown\rapidownGet.htm
IE: Baixar tudo com o Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\rapidown.exe
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: Interfaces\{C660AAAB-4E42-41D3-A3BA-B9A9756E7E09}: NameServer = 10.0.0.138,10.0.0.225
TCP: Interfaces\{DACF0F24-31C4-489D-BC12-8A57D74230C6}: NameServer = 10.0.0.138
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platfo ... ersion=7.0
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Components/A ... eQuery.dll
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Worker\Data aplikací\Mozilla\Firefox\Profiles\zqmkaahb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-07 08:39
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL5"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0f,b2,b5,ec,93,eb,02,57,42,62,cb,3d,b7,28,e8,31,03,37,e0,71,b7,76,94,
5b,ce,37,a6,65,01,6a,dc,48,d8,2d,58,ed,7e,44,88,46,08,cc,06,9d,78,07,94,2c,\
"??"=hex:13,d3,f9,47,4b,e2,e6,71,39,18,84,1b,f1,0a,a0,2a
.
[HKEY_USERS\S-1-5-21-1454471165-287218729-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:19,6b,15,e7,0b,45,2b,c4,cf,76,cd,f0,03,9a,33,1d,8e,df,29,28,ca,
1c,1a,60,66,0b,ef,c4,2d,73,fa,98,8e,d9,7b,df,f8,7e,70,65,c7,db,e2,27,e6,87,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1892)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
c:\windows\system32\ATL.DLL
.
- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\msi.dll
c:\documents and settings\Worker\Data aplikací\Dropbox\bin\DropboxExt.14.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Media Key\OSD.EXE
.
**************************************************************************
.
Celkový čas: 2012-03-07 08:51:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-07 07:51
ComboFix2.txt 2012-03-06 20:43
.
Před spuštěním: 4 650 348 544
Po spuštění: 4 420 481 024
.
- - End Of File - - 41F59F362962A940E1F9FCAF3F9295B4

VIRY.CZ

Závažné zpomalení v poslední době - prosím o kontrolu

Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu

Re: Závažné zpomalení v poslední době - prosím o kontrolu