Prosím o kontrolu logu

Zpráva

tzhp2 · #16 Příspěvek od **tzhp2** » 11 lis 2012 23:47

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.08.15 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\8floor
[2012.01.11 16:06:07 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Adobe
[2009.12.27 13:32:49 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Ahead
[2012.03.08 17:51:01 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Alawar
[2011.11.26 17:08:53 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\AlawarSouthpoint
[2011.07.01 18:54:45 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\AlderGames
[2011.03.25 20:10:59 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\aliasworlds
[2011.07.05 13:15:58 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Anarchy
[2010.12.14 09:18:15 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Awem
[2011.03.04 13:54:31 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\BeachPartyCraze
[2010.11.13 18:43:02 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\BlackBean
[2012.02.24 16:01:58 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\BlamGames
[2011.06.01 08:08:17 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Boolat Games
[2011.08.20 13:33:03 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Camel101
[2011.05.09 07:51:44 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\CasualForge
[2010.02.01 21:54:07 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\DAEMON Tools Lite
[2011.10.30 17:30:37 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Divo Games
[2010.07.07 08:48:42 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\DivX
[2012.02.22 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\DreamDale
[2012.02.21 22:16:08 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\EleFun Games
[2011.01.06 19:20:13 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\FairyNook
[2011.03.22 10:06:51 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Farm Mania 2.1
[2012.05.06 09:33:42 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\FreezeTag
[2012.03.19 17:13:54 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Friday's games
[2012.01.18 12:44:08 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Gamelab
[2010.01.28 16:13:16 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Google
[2012.04.03 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\HdO Adventure
[2012.07.06 17:23:40 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Home Sweet Home Christmas
[2012.10.29 14:21:21 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\ICQ
[2010.12.22 14:08:05 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\ICQ Toolbar
[2009.12.01 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Identities
[2012.02.16 14:44:40 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\iMaxGen
[2012.03.30 10:19:35 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\InImages
[2009.12.01 18:29:35 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\InstallShield
[2011.12.10 20:54:59 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\iWinG
[2011.09.19 15:27:32 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Land Of Runes
[2009.12.02 17:33:48 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Leadertech
[2012.05.17 10:15:47 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Lonely Troops
[2010.01.02 17:31:07 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Macromedia
[2011.02.14 16:42:16 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\MAI
[2012.02.22 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\MB3
[2006.11.02 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Media Center Programs
[2011.03.15 22:14:17 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Media Get LLC
[2012.02.23 21:22:20 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Meridian93
[2012.02.23 17:04:58 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Merscom
[2012.09.03 20:34:51 | 000,000,000 | --SD | M] -- C:\Users\Fanda\AppData\Roaming\Microsoft
[2012.01.25 14:45:26 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Mount&Blade
[2010.02.02 19:06:26 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Mozilla
[2011.03.22 18:59:35 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\NevoSoft Games
[2010.01.05 22:08:28 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Nokia
[2012.09.29 12:12:45 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Origin
[2010.01.05 21:57:36 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\PC Suite
[2012.04.27 22:23:40 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\PeerNetworking
[2012.02.21 20:38:46 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\PetShowCraze
[2011.01.05 17:18:32 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\PlayFirst
[2012.04.10 20:37:11 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\PoBros
[2012.08.23 08:22:20 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Registry Mechanic
[2010.01.30 15:50:47 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Sahmon Games
[2010.10.26 17:16:15 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Samsung
[2012.04.04 20:34:21 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\ScreenSeven
[2011.12.13 16:17:33 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Settlement. Colossus
[2010.10.21 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Silver Style Entertainment
[2012.11.10 22:55:31 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Skype
[2012.07.07 07:50:41 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\skypePM
[2011.07.05 09:15:04 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Smarty Uninstaller
[2012.02.22 19:20:52 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\SmashFrenzy3
[2012.01.14 18:09:11 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\SpinTop
[2012.08.26 13:18:34 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\SprillRichiEng
[2011.05.12 19:13:24 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Thinstall
[2012.11.03 08:41:33 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\TuneUp Software
[2010.01.14 21:08:33 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\TwoWorldsCP
[2010.12.23 18:13:51 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\UClick
[2012.07.08 14:55:41 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\Unity
[2011.02.09 12:45:29 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\URSE Games
[2012.03.06 12:58:54 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\V-Games
[2010.02.24 21:10:42 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\VitySoft
[2010.08.02 20:30:30 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\vlc
[2012.03.14 09:04:33 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\wargaming.net
[2010.06.02 20:54:22 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\WinRAR
[2012.02.21 16:38:39 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\World-Loom
[2011.02.25 16:22:31 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\YoudaGames

< %APPDATA%\*.exe /s >
[2008.06.12 11:09:06 | 000,033,088 | ---- | M] () -- C:\Users\Fanda\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.02.10 12:08:57 | 001,956,072 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Fanda\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2010.01.14 21:08:35 | 000,165,888 | R--- | M] () -- C:\Users\Fanda\AppData\Roaming\Microsoft\Installer\{6EEEF30E-0AD2-4AD9-B854-22F1488637C7}\IconC202CEA6.exe
[2009.12.09 15:54:18 | 000,010,134 | R--- | M] () -- C:\Users\Fanda\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
[2011.06.28 06:32:22 | 081,122,288 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Fanda\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011.01.27 14:43:34 | 000,266,552 | ---- | M] (ml) -- C:\Users\Fanda\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
[2011.05.12 19:13:33 | 000,007,168 | ---- | M] () -- C:\Users\Fanda\AppData\Roaming\Thinstall\ATV Mudracer\1000000800002i\svchost.exe

< %systemroot%\*. /mp /s >

ft Cor< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012.11.11 22:36:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.11.11 03:05:04 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.11.11 23:06:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.11.10 21:09:34 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\RegPowerClean.job
[2012.11.10 21:06:06 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\RPCReminder.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.04.11 15:14:01 | 025,030,656 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2009.04.11 15:13:38 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2009.04.11 15:14:01 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.11.11 22:58:27 | 000,003,888 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 22:58:27 | 000,003,888 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.09 20:40:07 | 000,002,577 | ---- | M] () -- C:\Windows\system32\config.nt
[2012.11.10 21:12:30 | 000,116,036 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.11.10 21:12:30 | 000,102,126 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.11.10 21:12:30 | 000,603,524 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.11.10 21:12:30 | 000,591,854 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.11.10 21:12:30 | 001,405,522 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.04.11 14:19:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.27 19:03:40 | 000,152,872 | ---- | M] (Nero AG)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.21 03:23:22 | 000,125,952 | ---- | M] (Microsoporation)
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe -- [2008.01.21 03:23:48 | 000,202,240 | ---- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012.08.24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) MD5=D8510C2D48496B6C336E816FD67AA0F7 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.11.11 23:03:38 | 000,000,512 | ---- | M] () MD5=93896BD09457283BFCDF58EF51EC84BF -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2010.01.04 15:11:21 | 000,021,316 | ---- | M] () -- \Users\Fanda\Music\telefon\ZVUKY na mobil\MP3 Zvonění\Fireworks - Cracker - [MaxT.dk].mp3

< *keygen* /s >

< *loader* /s >
[2012.06.13 07:04:09 | 001,581,712 | ---- | M] () -- \Casino\William Hill CASINO CLUB\data\loader.dll
[2012.06.13 07:04:05 | 000,007,003 | ---- | M] () -- \Casino\William Hill CASINO CLUB\data\loader.gam
[2012.03.09 17:02:06 | 000,071,208 | ---- | M] () -- \Games\World_of_Tanks\PhysXLoader.dll
[2012.06.15 10:10:23 | 000,005,679 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\tutorial\TutorialLoader.pyc
[2007.06.27 19:03:00 | 000,177,448 | ---- | M] () -- \Program Files\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2003.04.11 14:45:42 | 000,348,160 | ---- | M] () -- \Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
[2012.03.16 07:51:36 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012.03.16 07:51:38 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012.03.16 07:51:36 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.04.23 19:34:31 | 000,002,886 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\babylon_feed\preloader01_b.swf
[2012.03.16 07:52:16 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\profile_lightboxs\preloader.html
[2012.04.23 19:59:08 | 000,003,830 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\rps\preloader02.swf
[2012.04.23 19:26:19 | 000,003,830 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\slide-a-lama\preloader02.swf
[2012.04.23 19:16:08 | 000,003,830 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\zoopaloola\preloader02.swf
[2005.09.19 10:30:30 | 000,001,825 | R--- | M] () -- \Program Files\Microsoft Games\Age of Empires III\AI\aiLoaderInactive.xs
[2005.09.19 10:30:30 | 000,001,575 | R--- | M] () -- \Program Files\Microsoft Games\Age of Empires III\AI\aiLoaderStandard.xs
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\fasttabs.loader.gif
[19 \Program Files\MyPlayCity Toolbar\*.tmp files -> \Program Files\MyPlayCity Toolbar\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsa6E8A.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsa6E8A.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsa6E8A.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsc7410.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsc7410.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsc7410.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsdE595.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsdE595.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsdE595.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunseAE9A.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunseAE9A.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunseAE9A.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunseB824.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunseB824.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunseB824.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunshE407.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunshE407.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunshE407.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsi9B6C.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsi9B6C.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsi9B6C.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsj993.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsj993.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsj993.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsk4140.tmp\fasttabs.loader.gif
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsm2F6C.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsm2F6C.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsm2F6C.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsm9E.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsm9E.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsm9E.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsmCC76.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsmCC76.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsmCC76.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsq928.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsq928.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsq928.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunst9A93.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunst9A93.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunst9A93.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsw4888.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsw4888.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsw4888.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunswA65E.tmp\fasttabs.loader.gif
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsxD793.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsxD793.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsxD793.tmp\*.tmp -> ]
[2011.09.08 15:36:40 | 000,002,608 | ---- | M] () -- \Program Files\MyPlayCity Toolbar\tbunsy5AF6.tmp\fasttabs.loader.gif
[1 \Program Files\MyPlayCity Toolbar\tbunsy5AF6.tmp\*.tmp files -> \Program Files\MyPlayCity Toolbar\tbunsy5AF6.tmp\*.tmp -> ]
[2011.11.28 06:16:14 | 001,763,968 | ---- | M] () -- \Program Files\MyPlayCity.com\Farm Frenzy 2\PreLoader.exe
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2010.02.10 17:10:14 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2012.06.18 11:39:40 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.06.18 11:39:40 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.06.18 11:39:40 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.06.18 11:39:40 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.02.23 21:01:06 | 000,000,060 | ---- | M] () -- \Users\Fanda\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LFGFNBGJ\miniclip.com\games\masters-of-wrestling\en\master_of_wrestling.dcr\MiniclipLoaderAd.sol
[2011.09.08 05:36:40 | 000,002,608 | ---- | M] () -- \Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\{A9897564-CA29-4CAE-8A26-453035570837}\chrome\content\id_toolbar\fasttabs.loader.gif
[2012.07.20 18:11:49 | 002,330,728 | ---- | M] () -- \Users\Fanda\Downloads\ArmyRage_downloader.exe
[2012.05.11 11:49:27 | 002,286,152 | ---- | M] () -- \Users\Fanda\Downloads\STOnline_US_20120502downloader.exe
[2 \Users\Fanda\Downloads\*.tmp files -> \Users\Fanda\Downloads\*.tmp -> ]
[2011.09.12 12:59:25 | 000,446,464 | ---- | M] () -- \Windows\NEXON_EU_DownloaderUpdater.exe
[1 \Windows\*.tmp files -> \Windows\*.tmp -> ]
[2009.12.01 19:17:19 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2010.11.13 18:40:25 | 000,000,000 | ---- | M] () -- \Windows\assembly\NativeImages1_v2.0.50727\GameSpy.Downloader\1.0.3764.32208__9a2037864b640668_28aa6efe\GameSpy.Downloader.exe_
[2008.01.21 03:21:45 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2006.09.06 05:42:06 | 000,053,248 | ---- | M] () -- \Windows\System32\PhysXLoader.dll
[2012.02.02 14:15:04 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2012.02.02 14:31:52 | 000,009,622 | ---- | M] () -- \Windows\System32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
[2009.05.08 18:17:00 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2009.05.08 18:17:00 | 000,027,648 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winload.exe.mui_3bc5b827
[2009.05.08 18:17:00 | 000,019,968 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winresume.exe.mui_ff8b5358
[2008.01.21 03:25:08 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7698ba05e403d673.manifest
[2008.01.21 03:25:08 | 000,026,112 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7698ba05e403d673_winload.exe.mui_3bc5b827
[2008.01.21 03:25:08 | 000,019,456 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7698ba05e403d673_winresume.exe.mui_ff8b5358
[2009.04.11 14:20:55 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2009.04.11 14:20:55 | 000,986,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winload.exe_75835076
[2009.04.11 14:20:55 | 000,926,184 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winresume.exe_85cd1215
[2008.01.21 03:25:02 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 03:25:02 | 000,021,048 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2_spldr.sys_98bd87a0
[2008.01.21 03:07:05 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_de-de_cbcaa800f7f71dcc.manifest
[2008.01.21 03:07:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_en-us_74bb7df9e6d52991.manifest
[2008.01.21 03:07:07 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_es-es_7486dadde6fc1b36.manifest
[2008.01.21 03:07:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_173e50dcd9ce3198.manifest
[2008.01.21 03:07:11 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_it-it_01664723b1001716.manifest
[2008.01.21 03:07:13 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_ja-jp_a38bc630a41b28f1.manifest
[2008.01.21 03:07:16 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_nl-nl_2dc76f586fdd2598.manifest
[2008.01.21 03:07:05 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_de-de_cc2ed396113192b6.manifest
[2008.01.21 03:07:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_en-us_751fa98f000f9e7b.manifest
[2008.01.21 03:07:07 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_es-es_74eb067300369020.manifest
[2008.01.21 03:07:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_fr-fr_17a27c71f308a682.manifest
[2008.01.21 03:07:11 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_it-it_01ca72b8ca3a8c00.manifest
[2008.01.21 03:07:13 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_ja-jp_a3eff1c5bd559ddb.manifest
[2008.01.21 03:07:16 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_nl-nl_2e2b9aed89179a82.manifest
[2009.05.08 18:03:51 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2008.01.21 03:19:47 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7698ba05e403d673.manifest
[2008.01.21 03:06:59 | 000,005,227 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16609_none_59497e266f783366.manifest
[2008.01.21 03:06:59 | 000,005,227 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20734_none_59ada9bb88b2a850.manifest
[2008.01.21 03:18:47 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048.manifest
[2009.04.11 14:17:46 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2006.11.02 11:13:06 | 000,003,970 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6000.16386_none_68fc663d5430d3de.manifest
[2008.01.21 03:17:09 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 03:21:45 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6002.18005_none_47df94fd8cc49aa6\dmloader.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DF462FF6
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

tzhp2 · #17 Příspěvek od **tzhp2** » 11 lis 2012 23:47

OTL Extras logfile created on: 11.11.2012 22:58:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fanda\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,93 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 47,10% Memory free
6,09 Gb Paging File | 4,33 Gb Available in Paging File | 71,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 45,91 Gb Free Space | 23,51% Space Free | Partition Type: NTFS
Drive D: | 91,06 Gb Total Space | 46,52 Gb Free Space | 51,08% Space Free | Partition Type: NTFS

Computer Name: FANDA-PC | User Name: Fanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0626445C-14BD-4BA3-9E78-5B381B64FD3D}" = lport=58363 | protocol=6 | dir=in | name=pando media booster |
"{07C70A62-4C61-41AC-BE65-F63DEBDCB74A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{08C5AF96-958A-4EE9-A9EC-0B0D585D97FD}" = lport=56726 | protocol=17 | dir=in | name=pando media booster |
"{46C833A0-ACDE-4271-8D29-5615DBE48A53}" = lport=56726 | protocol=6 | dir=in | name=pando media booster |
"{4D78EBBE-E25D-45A0-BDE0-8F6DC572A8AA}" = lport=58363 | protocol=17 | dir=in | name=pando media booster |
"{5CB9EB3D-40DC-4AD7-9A2B-1A2EC8F794AD}" = lport=58363 | protocol=6 | dir=in | name=pando media booster |
"{74CCF6F1-AEEA-4AC3-8129-4D87C8D6D784}" = lport=58363 | protocol=17 | dir=in | name=pando media booster |
"{9AA05D32-347C-4D97-992D-B10361807C6E}" = lport=56726 | protocol=17 | dir=in | name=pando media booster |
"{B6CF27C1-5699-4FF5-AF40-6F3A49B956D1}" = lport=56726 | protocol=6 | dir=in | name=pando media booster |
"{D613CDD6-495D-4DE1-BCF9-B10572140634}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E55AF91-2CF9-47F4-8586-687735976514}" = protocol=6 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"{138CB72F-4B28-4AF1-8673-101FC8FB8742}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{16DF4FC1-EED1-4BAA-A291-8A6ECA9AF912}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1C1ECB90-AF1D-4E3B-B297-289F4E9A6128}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{1FECB9C7-4178-4AB5-A249-95213FD9D80C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{2B096AA9-6314-494E-A042-E991536458DA}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{2D1DC403-254F-41E6-840B-CAE37B04751E}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{331151EE-F36F-49B6-AAEE-EE797AE06DEE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{340B4688-B028-446F-A071-71CB98A16BD3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3417C51D-3E72-4F3F-87B2-698DD83AF10E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{387EFD0E-065C-4E25-8BD3-EAA63501A6FA}" = protocol=17 | dir=in | app=d:\hry\flatout ultimate carnage\fouc.exe |
"{38D3869A-52BC-4F09-A6E0-3948B1C8D62A}" = protocol=6 | dir=in | app=d:\hry\pirati a bukanyri\t3d.exe |
"{3EB43E3C-D79D-4214-AF45-76F47DE4CE0F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{487E3D6D-B0E9-480B-BCFA-C4971D2E3C23}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4B98B610-9113-4BA3-B675-2CCC6C42ED2E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{5191F159-DA23-42F6-8354-3202526DA6B0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{587C6629-7419-4385-AC98-966E4A13752C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5EC94961-9BA6-494F-B53B-D4EC8A3F55BE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{60F432DE-9024-4BEB-A12B-BD0D826CF915}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{64FB4896-75E7-4BAA-9A42-29A9DC1B90E8}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{67FF1366-8888-435E-BFCB-55BC88C4390A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{699059F4-3918-47DE-B06B-AB9B99E4F0B9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{6ED3B296-7991-4656-B604-F9B16B2B1AD9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6F075E87-A8BB-48BF-AA23-8A1D18096AA0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{72B257B2-A9F1-4E51-861B-F05D5E57FA25}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7BD55899-389A-47C6-8C58-6CB88B896BA3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{7E8ADAF0-BC6A-4E7E-8413-8254B730B7E1}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{82DD160B-8347-4ED6-92F0-2D330C06DED4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{85FBD2D0-B17E-4130-98E2-E710D0B2E237}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8974FFB5-A361-4EB9-A0D7-B8D4D8BB73EC}" = protocol=17 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"{8B1CCBA6-476C-4FCB-B3A1-EAD8413B8ECD}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{9E638DD4-5E68-4FB8-883F-4C20027D7663}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9E68DC6D-B507-4E7D-B855-46FF9116E6C5}" = protocol=6 | dir=in | app=c:\program files\myplaycity toolbar\troubleshooter.exe |
"{A2262DE6-A864-4C49-809F-8F703382B40E}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{A5AAE9AF-159D-4494-9D2C-35E8BEA3EB36}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{A983CBD5-DF26-4DB9-85AA-3858AD0F4B33}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AC607DFB-2AAF-45A9-AA87-B9C616531108}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B007C8BB-70FF-42C2-AAB0-0C57ED8A08F1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{B66B748E-FFCB-4B91-A1D0-C818CA178743}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BEEDE072-F25F-499D-9452-46923530DF1B}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{C05ACF4A-213C-4E5A-B6E1-A5234B7BBF0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C19AA13D-D54D-4A4A-BFA7-638BDC500143}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{C1F826F8-FBFD-4E4A-88F2-B33021082F19}" = protocol=17 | dir=in | app=c:\program files\myplaycity toolbar\troubleshooter.exe |
"{C520FE0C-D870-4D42-A9C8-3D6919018E8E}" = protocol=6 | dir=in | app=c:\program files\myplaycity toolbar\toolbarupdate.exe |
"{C9820A13-EC07-4F5B-9196-565734A75B5A}" = protocol=17 | dir=in | app=d:\hry\pirati a bukanyri\t3d.exe |
"{CB87C6F7-BC58-4B27-B7B5-C4098C44208A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CD1212D6-C056-4C56-8491-767794FD9907}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CD77C189-3904-494A-8F47-E686059DBA92}" = protocol=17 | dir=in | app=c:\program files\myplaycity toolbar\toolbarupdate.exe |
"{D798E778-C944-4D1E-8908-340E28D2289F}" = dir=in | app=c:\users\fanda\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E57EEF50-E3AB-4606-803A-10F674E5E685}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F388ECA3-A0FA-4A61-96E5-8CBC01D86414}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F526501D-34A2-424E-9412-87DB4B690257}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{FFA1E7C4-A921-40EA-B378-0BA6D16A5F5B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"TCP Query User{028ECFA0-6C0A-4F5A-B715-57D6CD333FDD}D:\hry\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\hry\tmnationsforever\tmforever.exe |
"TCP Query User{0D190BAF-88D4-4065-BB9B-E8771EDB5AC9}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{1B8A16F2-0FB5-4A2F-A167-8A26A6A50B54}C:\program files\topcd\crc\crc.exe" = protocol=6 | dir=in | app=c:\program files\topcd\crc\crc.exe |
"TCP Query User{2B58D70E-34AD-4AB4-ABA3-21F864E48E55}D:\hry\f1 chequered flag\engine.exe" = protocol=6 | dir=in | app=d:\hry\f1 chequered flag\engine.exe |
"TCP Query User{3F01D60C-D916-4B5B-9E2A-F3FB9E6C3B78}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe |
"TCP Query User{506AE42F-BC48-4833-8749-4A662ED81793}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"TCP Query User{5AA3D7F3-9E61-4F6D-B632-363AEBA6CC39}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{5E814FC5-A7A0-4B34-9FF2-B5A575BCDA33}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{5ED260AD-0EDC-4012-BC61-A8B934D2A683}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"TCP Query User{74E8CEC5-8CAB-49D0-BD7A-09DC34D49EAE}C:\program files\smokin' guns\smokinguns.exe" = protocol=6 | dir=in | app=c:\program files\smokin' guns\smokinguns.exe |
"TCP Query User{8E1E0216-8433-4798-A53D-B2A12E77B7A5}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"TCP Query User{97C00DF2-2E03-4ABC-A304-DBBC1A0C7F21}D:\hry\pacific liberation force\engine.exe" = protocol=6 | dir=in | app=d:\hry\pacific liberation force\engine.exe |
"TCP Query User{9B7D1486-8602-48D3-96E0-6F99EC5F0E01}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9BC4BAA8-AAB4-4193-A5E0-9BE126461C73}C:\users\fanda\appdata\local\temp\rar$ex52.890\jagdgeschwader.exe" = protocol=6 | dir=in | app=c:\users\fanda\appdata\local\temp\rar$ex52.890\jagdgeschwader.exe |
"TCP Query User{9CE93E55-FB36-4FC3-BF99-FE5B1B020353}C:\program files\panzer elite action\bin\srs.exe" = protocol=6 | dir=in | app=c:\program files\panzer elite action\bin\srs.exe |
"TCP Query User{C02CC8F6-1F1C-4206-93F7-B8C71AA73B5A}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{C2707839-D6A7-498D-946D-2FFE6E65DD8B}C:\users\fanda\appdata\local\temp\rar$ex00.363\jagdgeschwader.exe" = protocol=6 | dir=in | app=c:\users\fanda\appdata\local\temp\rar$ex00.363\jagdgeschwader.exe |
"TCP Query User{D48CA44C-1A39-448E-A92E-1E02EE628B71}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D50FC44F-5068-40BF-A6F0-C934DAD473C6}D:\hry\system\eib.exe" = protocol=6 | dir=in | app=d:\hry\system\eib.exe |
"TCP Query User{DED68EBD-1E29-4D3A-9657-A668F233A85A}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{ECB694A6-59FB-4210-9C90-1D52F6D7275D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EF8B6973-56D5-4CF7-ADA9-E8BD7F97266A}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{06E9346F-2DDA-4C9B-B3A3-F2D73E257FD0}C:\program files\topcd\crc\crc.exe" = protocol=17 | dir=in | app=c:\program files\topcd\crc\crc.exe |
"UDP Query User{0CDCAFA3-9751-445F-9AA5-7A52C00DBA92}C:\users\fanda\appdata\local\temp\rar$ex00.363\jagdgeschwader.exe" = protocol=17 | dir=in | app=c:\users\fanda\appdata\local\temp\rar$ex00.363\jagdgeschwader.exe |
"UDP Query User{0D8C09BF-B3D7-4CD1-B03D-5FF501AAB240}C:\program files\panzer elite action\bin\srs.exe" = protocol=17 | dir=in | app=c:\program files\panzer elite action\bin\srs.exe |
"UDP Query User{0FA1C018-E9BA-480D-A245-FC028124BC37}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1E437D44-D0A7-4698-917A-11AFB676A8AA}C:\program files\microsoft games\age of empires ii trial\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii trial\empires2.exe |
"UDP Query User{22AB4D7A-EC1D-40AC-A0EC-5344B9746FA1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3ACD74CE-42C4-479C-B0C4-1BF0A299ED10}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{3E31075C-18D3-4522-A046-1A2A53DF0FA5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3EA3E86F-50AF-41D3-9D6D-1437E684D124}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{42CBAD84-7495-463A-A14C-01DE29A41545}D:\hry\race\race.exe" = protocol=17 | dir=in | app=d:\hry\race\race.exe |
"UDP Query User{4FB4A442-4A3B-4C35-B583-F778E444654B}D:\hry\system\eib.exe" = protocol=17 | dir=in | app=d:\hry\system\eib.exe |
"UDP Query User{52A8720E-5480-4F27-84F3-7C8D7535B050}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"UDP Query User{5C9C8000-3F86-4C07-A76F-4A1272803953}D:\hry\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\hry\tmnationsforever\tmforever.exe |
"UDP Query User{6109C4EB-2FE2-405C-8E93-55A320BB8C88}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{7AFCA1A4-A31B-4EB2-9FDC-2E589E3A3654}D:\hry\f1 chequered flag\engine.exe" = protocol=17 | dir=in | app=d:\hry\f1 chequered flag\engine.exe |
"UDP Query User{7EBB8E60-EB69-4C78-83EB-0211A8F973F7}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{88221BFA-07CA-45EC-8E6C-D763117773D2}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"UDP Query User{93E1E565-DF8F-45AB-AF5A-E8E130951427}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{9A147E20-C5D3-46C1-99B0-C22C878A10CE}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe |
"UDP Query User{A975CECA-2C92-4B5D-BFBE-2F97B29020C4}C:\users\fanda\appdata\local\temp\rar$ex52.890\jagdgeschwader.exe" = protocol=17 | dir=in | app=c:\users\fanda\appdata\local\temp\rar$ex52.890\jagdgeschwader.exe |
"UDP Query User{BA912A01-6AC0-4C22-AFC7-216D055036BD}C:\program files\smokin' guns\smokinguns.exe" = protocol=17 | dir=in | app=c:\program files\smokin' guns\smokinguns.exe |
"UDP Query User{C896D516-06DA-431D-9595-19F61BC21D1D}D:\hry\pacific liberation force\engine.exe" = protocol=17 | dir=in | app=d:\hry\pacific liberation force\engine.exe |
"UDP Query User{D0D50B4D-2DBB-4228-98F9-1228C0513A8B}C:\program files\mediaget\mediaget.exe" = protocol=17 | dir=in | app=c:\program files\mediaget\mediaget.exe |
"UDP Query User{EF9ABF46-5431-4A40-B98F-706342E2595A}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{15CEC2E1-16AF-11D9-88E4-0004769F25D1}" = Colin McRae Rally 2005
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6EEEF30E-0AD2-4AD9-B854-22F1488637C7}" = Two Worlds Control Panel 1.0.7
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71277DC4-4217-462A-9FF4-62D7815B2C69}" = ADDICT-THING
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CAE01C-24AD-4228-887E-50DA6F760364}" = Casino8118.cs
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{847CAE64-4CD2-4B2D-AF00-978FF5431029}" = Nero 7 Ultra Edition
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E325417-AE9C-4EE1-A158-13DF451A5987}" = Broadcom Gigabit Integrated Controller
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A95000000001}" = Adobe Reader 9.5.1 - Czech
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7810AC1-6F4A-4277-87AC-0B034B98C741}" = Picture Collage Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"AGEIA PhysX v2.5.1" = AGEIA PhysX v2.5.1
"avast" = avast! Free Antivirus
"CloneCD" = CloneCD
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Congoo.CongooNetPass" = Congoo NetPass
"DivX Setup" = DivX Setup
"Dolphin Pod_is1" = Dolphin Pod 0.3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Farm Frenzy 2_is1" = Farm Frenzy 2
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"GotClip" = GotClip Downloader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hfwmbudvcwfrjqhnc" = Advanced Performance Platform Revenuestreaming.
"Indeo® Software" = Indeo® Software
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mount&Blade" = Mount&Blade
"NI Service Center" = NI Service Center
"OEMInformation" = OEM Logo and Information
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"Revo Uninstaller" = Revo Uninstaller 1.93
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"WNLT" = Web Optimizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"William Hill CASINO CLUB" = William Hill CASINO CLUB

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12.11.2011 16:12:52 | Computer Name = Fanda-PC | Source = VSS | ID = 8194
Description =

Error - 12.11.2011 16:13:53 | Computer Name = Fanda-PC | Source = VSS | ID = 8194
Description =

Error - 13.11.2011 4:07:50 | Computer Name = Fanda-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace NEXON_EU_Downloader_Engine.exe, verze 2.5.9.0,
časové razítko 0x4cb59d35, chybující modul NEXON_EU_Downloader_Engine.exe, verze
2.5.9.0, časové razítko 0x4cb59d35, kód výjimky 0xc0000005, posun chyby 0x0000bf95,
ID
procesu 0xcd8, čas spuštění aplikace 0x01cca1db557bd8cb.

Error - 13.11.2011 4:39:23 | Computer Name = Fanda-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace DivXUpdate.exe, verze 1.0.1.10, časové razítko
0x4c06fc6d, chybující modul MSVCP80.dll, verze 8.0.50727.4053, časové razítko 0x4a594cd0,
kód výjimky 0xc0000005, posun chyby 0x000100b5, ID procesu 0x274, čas spuštění aplikace
0x01cca1db4efe590b.

Error - 13.11.2011 4:50:07 | Computer Name = Fanda-PC | Source = VSS | ID = 8194
Description =

Error - 13.11.2011 11:15:53 | Computer Name = Fanda-PC | Source = VSS | ID = 8194
Description =

Error - 13.11.2011 11:17:40 | Computer Name = Fanda-PC | Source = VSS | ID = 8194
Description =

Error - 13.11.2011 11:20:50 | Computer Name = Fanda-PC | Source = VSS | ID = 8194
Description =

Error - 13.11.2011 12:46:25 | Computer Name = Fanda-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace score.exe, verze 0.0.0.0, časové razítko 0x2a425e19,
chybující modul kernel32.dll, verze 6.0.6002.18449, časové razítko 0x4da47967,
kód výjimky 0xc0000005, posun chyby 0x000bfea5, ID procesu 0x12e8, čas spuštění aplikace
0x01cca1de7d950bdb.

Error - 13.11.2011 12:50:18 | Computer Name = Fanda-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace age3.exe, verze 4.105.1007.3243, časové razítko
0x434a11ba, chybující modul ntdll.dll, verze 6.0.6002.18327, časové razítko 0x4cb73436,
kód výjimky 0xc0000005, posun chyby 0x0004a132, ID procesu 0x15b0, čas spuštění
aplikace 0x01cca2244cc7ab10.

[ System Events ]
Error - 9.11.2012 2:42:53 | Computer Name = Fanda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9.11.2012 2:42:53 | Computer Name = Fanda-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 9.11.2012 9:17:57 | Computer Name = Fanda-PC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0017C4B666F7
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 10.11.2012 1:48:53 | Computer Name = Fanda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.11.2012 1:48:53 | Computer Name = Fanda-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 10.11.2012 2:43:31 | Computer Name = Fanda-PC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0017C4B666F7
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 10.11.2012 14:53:31 | Computer Name = Fanda-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 10.11.2012 16:07:30 | Computer Name = Fanda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.11.2012 16:07:30 | Computer Name = Fanda-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11.11.2012 15:57:57 | Computer Name = Fanda-PC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.2 pro síťovou kartu s adresou 0017C4B666F7
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

< End of report >

#18 Příspěvek od **vyosek** » 12 lis 2012 17:40

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - [2012.09.13 14:26:52 | 001,006,448 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (WebOptimizer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com/
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{19b74021-b0da-4266-9fb3-f26471b46669}: "URL" = http://search.freecause.com/search?ourm ... e=63009&p={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\..\URLSearchHook: {3a750e59-9048-456b-a7f9-4d22dcb583f3} - C:\Program Files\MyPlayCity Toolbar\Helper.dll ()
IE - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\..\URLSearchHook: {645FCD0C-EADE-4B52-8CDB-EF33692A2E75} - No CLSID value found
IE - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\..\SearchScopes\{19b74021-b0da-4266-9fb3-f26471b46669}: "URL" = http://search.freecause.com/search?ourm ... e=63009&p={searchTerms}
IE - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_cs
IE - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\..\SearchScopes\{6CF82D0E-88AD-6205-BC69-EBB0A35C4A0C}: "URL" = http://ala.asksearch.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-208-0-0
IE - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..Keyword.Enabled: "true"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "MyPlayCity Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.myplaycity.com/"
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..extensions.enabledItems: ocr@babylon.com:1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..keyword.URL: "http://home.myplaycity.com/results.php?category=web&s="
[2012.02.09 10:17:35 | 000,000,000 | ---D | M] (MyPlayCity Toolbar) -- C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\{A9897564-CA29-4CAE-8A26-453035570837}
[2012.06.04 13:33:13 | 000,000,000 | ---D | M] (ADDICT-THING) -- C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\4fccaa9b52fae@4fccaa9b52fe7.info
[2012.07.22 00:29:42 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.11.09 05:20:05 | 000,002,013 | ---- | M] () -- C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\searchplugins\myplaycity-search.xml
[2011.03.16 10:21:36 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{d93c3cf7-bbea-1097-94ba-b65c609f5c85}
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (MyPlayCity Toolbar BHO) - {D496B221-52BB-4DA7-B5E7-4442022F207D} - C:\Program Files\MyPlayCity Toolbar\toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{5A074B29-F830-49de-A31B-5BB9D7F6B407} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MyPlayCity Toolbar) - {648ADDE1-369B-4868-A419-0B67EBFD8F73} - C:\Program Files\MyPlayCity Toolbar\toolbar.dll ()
O3 - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\..\Toolbar\WebBrowser: (no name) - {645FCD0C-EADE-4B52-8CDB-EF33692A2E75} - No CLSID value found.
O3 - HKU\S-1-5-21-421506530-3387447861-2895534264-1000\..\Toolbar\WebBrowser: (MyPlayCity Toolbar) - {648ADDE1-369B-4868-A419-0B67EBFD8F73} - C:\Program Files\MyPlayCity Toolbar\toolbar.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Save Image to Folder - Reg Error: Value error. File not found
O8 - Extra context menu item: &Save Image to MyStuff - Reg Error: Value error. File not found
O8 - Extra context menu item: &Save Link to Folder - Reg Error: Value error. File not found
O8 - Extra context menu item: &Save Link to MyStuff - Reg Error: Value error. File not found
O8 - Extra context menu item: &Save Page to Folder... - Reg Error: Value error. File not found
O8 - Extra context menu item: &Save this Page to MyStuff - Reg Error: Value error. File not found
O9 - Extra Button: MyPlayCity Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files\MyPlayCity Toolbar\tbunst9A93.tmp\tbcore3.dll ()
O9 - Extra 'Tools' menuitem : MyPlayCity Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files\MyPlayCity Toolbar\tbunst9A93.tmp\tbcore3.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
[2011.03.16 10:21:28 | 000,053,723 | ---- | C] () -- C:\Windows\System32\hfwmbudvcwfrjqhnc.exe
[2011.03.05 08:58:04 | 001,524,112 | ---- | C] () -- C:\Windows\System32\bandoolmx.dll
[2010.12.22 14:08:05 | 000,000,000 | ---D | M] -- C:\Users\Fanda\AppData\Roaming\ICQ Toolbar
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[17 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2c5f142d97790997d9b113eb9ad8f966\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2c5f142d97790997d9b113eb9ad8f966\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\73359e52f84f08cc68c71cf422b798bb\*.tmp files -> C:\Windows\SoftwareDistribution\Download\73359e52f84f08cc68c71cf422b798bb\*.tmp -> ]
[4 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
[2011.05.12 19:13:33 | 000,007,168 | ---- | M] () -- C:\Users\Fanda\AppData\Roaming\Thinstall\ATV Mudracer\1000000800002i\svchost.exe
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DF462FF6
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:services
gupdate
gupdatem
NBService
NMIndexingService

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-
"CloneCDTray"=-
"MyWebSearch Email Plugin"=-
"My Web Search Bar Search Scope Monitor"=-
"zdpsopsxonlduguj"=-
"SweetIM"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"DivXUpdate"=-
"ROC_ROC_JULY_P1"=-
"ROC_roc_ssl_v12"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"EA Core"=-
"SpybotSD TeaTimer"=-
"NVIDIA driver monitor"=-
"MediaGet"=-
"Facebook Update"=-
"ICQ"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

:files
C:\Windows\System32\regsvr32.exe
C:\Program Files\AVG Secure Search
C:\Program Files\Spybot - Search & Destroy
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-421506530-3387447861-2895534264-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-421506530-3387447861-2895534264-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\RegPowerClean.job
C:\Windows\tasks\RPCReminder.job
C:\Users\Fanda\AppData\Roaming\Thinstall\ATV Mudracer\1000000800002i
C:\Program Files\ICQToolbar
c:\Program Files\MyPlayCity Toolbar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

tzhp2 · #19 Příspěvek od **tzhp2** » 12 lis 2012 21:25

All processes killed
========== OTL ==========
Service WebOptimizer stopped successfully!
Service WebOptimizer deleted successfully!
C:\Windows\System32\dmwu.exe moved successfully.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service dgderdrv stopped successfully!
Service dgderdrv deleted successfully!
File System32\drivers\dgderdrv.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19b74021-b0da-4266-9fb3-f26471b46669}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19b74021-b0da-4266-9fb3-f26471b46669}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\S-1-5-21-421506530-3387447861-2895534264-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3a750e59-9048-456b-a7f9-4d22dcb583f3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a750e59-9048-456b-a7f9-4d22dcb583f3}\ deleted successfully.
C:\Program Files\MyPlayCity Toolbar\Helper.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{645FCD0C-EADE-4B52-8CDB-EF33692A2E75} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FCD0C-EADE-4B52-8CDB-EF33692A2E75}\ not found.
HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\Software\Microsoft\Internet Explorer\SearchScopes\{19b74021-b0da-4266-9fb3-f26471b46669}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19b74021-b0da-4266-9fb3-f26471b46669}\ not found.
Registry key HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6CF82D0E-88AD-6205-BC69-EBB0A35C4A0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CF82D0E-88AD-6205-BC69-EBB0A35C4A0C}\ not found.
Registry key HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
Prefs.js: "true" removed from Keyword.Enabled
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "MyPlayCity Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://home.myplaycity.com/" removed from browser.startup.homepage
Prefs.js: m3ffxtbr@mywebsearch.com:1.1 removed from extensions.enabledItems
Prefs.js: ocr@babylon.com:1.0 removed from extensions.enabledItems
Prefs.js: ffxtlbr@babylon.com:1.1.9 removed from extensions.enabledItems
Prefs.js: "http://home.myplaycity.com/results.php?category=web&s=" removed from keyword.URL
C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\{A9897564-CA29-4CAE-8A26-453035570837}\components folder moved successfully.
C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\{A9897564-CA29-4CAE-8A26-453035570837}\chrome\content\id_toolbar folder moved successfully.
C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\{A9897564-CA29-4CAE-8A26-453035570837}\chrome\content folder moved successfully.
C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\{A9897564-CA29-4CAE-8A26-453035570837}\chrome folder moved successfully.
C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\{A9897564-CA29-4CAE-8A26-453035570837} folder moved successfully.
C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\4fccaa9b52fae@4fccaa9b52fe7.info\content folder moved successfully.
C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\4fccaa9b52fae@4fccaa9b52fe7.info folder moved successfully.
C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi moved successfully.
C:\Users\Fanda\AppData\Roaming\Mozilla\Firefox\Profiles\kb7nk5ms.default\searchplugins\myplaycity-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{d93c3cf7-bbea-1097-94ba-b65c609f5c85}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{d93c3cf7-bbea-1097-94ba-b65c609f5c85}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{d93c3cf7-bbea-1097-94ba-b65c609f5c85} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D496B221-52BB-4DA7-B5E7-4442022F207D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D496B221-52BB-4DA7-B5E7-4442022F207D}\ deleted successfully.
C:\Program Files\MyPlayCity Toolbar\toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{5A074B29-F830-49de-A31B-5BB9D7F6B407} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{648ADDE1-369B-4868-A419-0B67EBFD8F73} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{648ADDE1-369B-4868-A419-0B67EBFD8F73}\ deleted successfully.
File C:\Program Files\MyPlayCity Toolbar\toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{645FCD0C-EADE-4B52-8CDB-EF33692A2E75} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FCD0C-EADE-4B52-8CDB-EF33692A2E75}\ not found.
Registry value HKEY_USERS\S-1-5-21-421506530-3387447861-2895534264-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{648ADDE1-369B-4868-A419-0B67EBFD8F73} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{648ADDE1-369B-4868-A419-0B67EBFD8F73}\ not found.
File C:\Program Files\MyPlayCity Toolbar\toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Save Image to Folder\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Save Image to MyStuff\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Save Link to Folder\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Save Link to MyStuff\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Save Page to Folder...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Save this Page to MyStuff\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}\ deleted successfully.
C:\Program Files\MyPlayCity Toolbar\tbunst9A93.tmp\tbcore3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}\ not found.
File C:\Program Files\MyPlayCity Toolbar\tbunst9A93.tmp\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\System32\hfwmbudvcwfrjqhnc.exe moved successfully.
C:\Windows\System32\bandoolmx.dll moved successfully.
C:\Users\Fanda\AppData\Roaming\ICQ Toolbar folder moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\Installer\MSI225C.tmp deleted successfully.
C:\Windows\Installer\MSI481A.tmp deleted successfully.
C:\Windows\Installer\MSI8F32.tmp deleted successfully.
C:\Windows\Installer\MSI946.tmp deleted successfully.
C:\Windows\Installer\MSI96BA.tmp deleted successfully.
C:\Windows\Installer\MSI9817.tmp deleted successfully.
C:\Windows\Installer\MSI9C0D.tmp deleted successfully.
C:\Windows\Installer\MSIA2E7.tmp deleted successfully.
C:\Windows\Installer\MSIA8EE.tmp deleted successfully.
C:\Windows\Installer\MSIB25A.tmp deleted successfully.
C:\Windows\Installer\MSIB4AF.tmp deleted successfully.
C:\Windows\Installer\MSIC38D.tmp deleted successfully.
C:\Windows\Installer\MSIC738.tmp deleted successfully.
C:\Windows\Installer\MSIC7A3.tmp deleted successfully.
C:\Windows\Installer\MSID8EA.tmp deleted successfully.
C:\Windows\Installer\MSIDDF2.tmp deleted successfully.
C:\Windows\Installer\MSIEC95.tmp deleted successfully.
C:\Windows\Installer\MSIF5D5.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\2c5f142d97790997d9b113eb9ad8f966\BIT557.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\73359e52f84f08cc68c71cf422b798bb\BIT42D.tmp deleted successfully.
C:\Windows\temp\CR_D3F71.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\Windows\temp\CR_D3F71.tmp folder deleted successfully.
C:\Windows\temp\~83B.tmp deleted successfully.
C:\Windows\temp\~AD6E.tmp deleted successfully.
C:\Windows\temp\~D27B.tmp deleted successfully.
C:\Windows\temp\~F6FC.tmp deleted successfully.
C:\Windows\temp\~FFB3.tmp deleted successfully.
C:\Users\Fanda\AppData\Roaming\Thinstall\ATV Mudracer\1000000800002i\svchost.exe moved successfully.
ADS C:\ProgramData\TEMP:DF462FF6 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CloneCDTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zdpsopsxonlduguj not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MediaGet not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
========== FILES ==========
File move failed. C:\Windows\System32\regsvr32.exe scheduled to be moved on reboot.
File\Folder C:\Program Files\AVG Secure Search not found.
C:\Program Files\Spybot - Search & Destroy\Help folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
File\Folder C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-421506530-3387447861-2895534264-1000Core.job not found.
File\Folder C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-421506530-3387447861-2895534264-1000UA.job not found.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File\Folder C:\Windows\tasks\PCConfidential.job not found.
C:\Windows\tasks\RegPowerClean.job moved successfully.
C:\Windows\tasks\RPCReminder.job moved successfully.
C:\Users\Fanda\AppData\Roaming\Thinstall\ATV Mudracer\1000000800002i folder moved successfully.
C:\Program Files\ICQToolbar\Cache folder moved successfully.
C:\Program Files\ICQToolbar folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsy5AF6.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsxD793.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunswA65E.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsw4888.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunst9A93.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsq928.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsmCC76.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsm9E.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsm2F6C.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsk4140.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsj993.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsi9B6C.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunshE407.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunseB824.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunseAE9A.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsdE595.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsc7410.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\tbunsa6E8A.tmp folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\skins\radio\gray03 folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\skins\radio folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\skins folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\images\weather\png folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\images\weather folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\images\ticker folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\images\msgbox folder moved successfully.
c:\Program Files\MyPlayCity Toolbar\images folder moved successfully.
c:\Program Files\MyPlayCity Toolbar folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fanda
->Temp folder emptied: 22297368 bytes
->Temporary Internet Files folder emptied: 6243785 bytes
->Java cache emptied: 44062973 bytes
->FireFox cache emptied: 60722566 bytes
->Google Chrome cache emptied: 353240061 bytes
->Flash cache emptied: 2824683 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 182329778 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 88 bytes

Total Files Cleaned = 641,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Fanda
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Fanda
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11122012_211142

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\regsvr32.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#20 Příspěvek od **vyosek** » 12 lis 2012 21:27

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

Ulozte nejlepe na Plochu
U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
Kliknete na Scan
Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

tzhp2 · #21 Příspěvek od **tzhp2** » 12 lis 2012 22:37

Farbar Service Scanner Version: 09-11-2012
Ran by Fanda (administrator) on 12-11-2012 at 22:36:37
Running from "C:\Users\Fanda\Desktop"
Windows Vista (TM) Ultimate Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 07:19] - [2012-06-02 01:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 03:22] - [2008-01-21 03:22] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

tzhp2 · #22 Příspěvek od **tzhp2** » 12 lis 2012 22:40

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/12/2012 10:38:47 PM in x86 mode.
Windows Version: Windows Vista (TM) Ultimate Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\FsUsbExService.Exe (PID: 2428) [WD-HEUR]
* C:\Windows\PLFSetI.exe (PID: 3656) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t

Program finished at: 11/12/2012 10:39:08 PM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)

#23 Příspěvek od **vyosek** » 12 lis 2012 22:43

Fajn, supnete tam ComboFix

tzhp2 · #24 Příspěvek od **tzhp2** » 12 lis 2012 23:00

ComboFix 12-11-12.03 - Fanda 12.11.2012 22:44:27.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.420.1029.18.3000.2001 [GMT 1:00]
Spuštěný z: c:\users\Fanda\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-12 do 2012-11-12 )))))))))))))))))))))))))))))))
.
.
2012-11-12 21:56 . 2012-11-12 21:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-12 21:56 . 2012-11-12 21:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-12 20:11 . 2012-11-12 20:11 -------- d-----w- C:\_OTL
2012-11-11 22:03 . 2012-11-11 22:03 512 ----a-w- C:\PhysicalMBR.bin
2012-11-09 19:40 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-09 19:40 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-09 19:40 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-09 19:40 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-09 19:40 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-09 19:40 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-09 19:39 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-09 19:39 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-09 07:32 . 2012-10-17 00:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFCD8AA4-1C9D-4035-85F6-D132999EE224}\mpengine.dll
2012-11-03 07:41 . 2012-11-03 07:41 -------- d-----w- c:\users\Fanda\AppData\Roaming\TuneUp Software
2012-11-03 07:28 . 2012-11-05 20:29 -------- d-----w- c:\users\Fanda\AppData\Local\Avg2013
2012-11-03 07:28 . 2012-11-03 07:28 -------- d-----w- c:\users\Fanda\AppData\Local\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 04:36 . 2012-08-17 12:47 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 04:36 . 2012-02-20 08:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 11:21 . 2012-09-20 11:21 753152 ----a-w- c:\windows\is-50GFA.exe
2012-09-13 13:28 . 2012-10-10 06:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:24 . 2012-09-20 11:21 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-08-29 11:27 . 2012-10-10 06:18 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 06:18 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 06:18 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59 . 2012-09-23 08:53 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-24 06:14 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-23 08:53 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 08:53 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 08:53 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-24 06:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-10 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-01 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Fanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-hfwmbudvcwfrjqhnc - c:\windows\system32\hfwmbudvcwfrjqhnc.exe
AddRemove-WNLT - c:\windows\system32\WNLT\Installation\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-12 22:56
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\users\Fanda\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-11-12 22:59:20
ComboFix-quarantined-files.txt 2012-11-12 21:59
ComboFix2.txt 2012-11-08 22:30
ComboFix3.txt 2010-02-24 19:31
.
Před spuštěním: Volných bajtů: 49 289 568 256
Po spuštění: Volných bajtů: 49 703 100 416
.
- - End Of File - - 02DD3875C2492F1B5FD2F64157AC1F9A

#25 Příspěvek od **vyosek** » 13 lis 2012 08:29

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

tzhp2 · #26 Příspěvek od **tzhp2** » 13 lis 2012 19:00

ComboFix 12-11-13.02 - Fanda 13.11.2012 18:38:44.4.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.420.1029.18.3000.1762 [GMT 1:00]
Spuštěný z: c:\users\Fanda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Fanda\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-13 do 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2012-11-13 17:49 . 2012-11-13 17:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-13 17:49 . 2012-11-13 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 11:36 . 2012-10-17 00:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E76515C1-6AF1-435B-A5D7-1B2FBD48B786}\mpengine.dll
2012-11-12 20:11 . 2012-11-12 20:11 -------- d-----w- C:\_OTL
2012-11-11 22:03 . 2012-11-11 22:03 512 ----a-w- C:\PhysicalMBR.bin
2012-11-09 19:40 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-09 19:40 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-09 19:40 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-09 19:40 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-09 19:40 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-09 19:40 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-09 19:39 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-09 19:39 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-03 07:41 . 2012-11-03 07:41 -------- d-----w- c:\users\Fanda\AppData\Roaming\TuneUp Software
2012-11-03 07:28 . 2012-11-05 20:29 -------- d-----w- c:\users\Fanda\AppData\Local\Avg2013
2012-11-03 07:28 . 2012-11-03 07:28 -------- d-----w- c:\users\Fanda\AppData\Local\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 04:36 . 2012-08-17 12:47 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 04:36 . 2012-02-20 08:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 11:21 . 2012-09-20 11:21 753152 ----a-w- c:\windows\is-50GFA.exe
2012-09-13 13:28 . 2012-10-10 06:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:24 . 2012-09-20 11:21 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-08-29 11:27 . 2012-10-10 06:18 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 06:18 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 06:18 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59 . 2012-09-23 08:53 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-24 06:14 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-23 08:53 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 08:53 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 08:53 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-24 06:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-10 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-01 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Fanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-13 18:52
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\PANDORA.TV\PanService\PandoraService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-11-13 18:57:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-13 17:57
ComboFix2.txt 2012-11-12 21:59
ComboFix3.txt 2012-11-08 22:30
ComboFix4.txt 2010-02-24 19:31
.
Před spuštěním: Volných bajtů: 51 560 992 768
Po spuštění: Volných bajtů: 51 333 943 296
.
- - End Of File - - B600A5B0388925E956F9BDAC983219E3

#27 Příspěvek od **vyosek** » 13 lis 2012 19:16

Fajn, jak se chova PC

tzhp2 · #28 Příspěvek od **tzhp2** » 13 lis 2012 20:24

vypadá to dobře padal chrome ale to dělal nějaký Skype doplněk ten jsem odinstaloval a zatím žádný problém

#29 Příspěvek od **vyosek** » 13 lis 2012 20:51

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

tzhp2 · #30 Příspěvek od **tzhp2** » 14 lis 2012 06:51

PC jede jak drak.Výborná práce.Díky moc.

VIRY.CZ

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu